--- tools/tiff2rgba.c.orig	2009-08-27 00:05:33.000000000 -0400
+++ tools/tiff2rgba.c	2009-08-27 00:23:44.000000000 -0400
@@ -236,6 +236,7 @@
     uint32  width, height;		/* image width & height */
     uint32  row;
     uint32  *wrk_line;
+    size_t pixel_count;
     int	    ok = 1;
 
     TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
@@ -251,7 +252,17 @@
     /*
      * Allocate strip buffer
      */
-    raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32));
+   pixel_count = width * rowsperstrip;
+
+    /* XXX: Check the integer overflow. */
+    if (!width || !rowsperstrip || pixel_count / width != rowsperstrip) {
+        TIFFError(TIFFFileName(in),
+		  "Malformed input file; can't allocate buffer for raster of %lux%lu size",
+		  (unsigned long)width, (unsigned long)rowsperstrip);
+        return 0;
+    }
+
+   raster = (uint32*)_TIFFCheckMalloc(in, pixel_count, sizeof(uint32), "raster buffer");
     if (raster == 0) {
         TIFFError(TIFFFileName(in), "No space for raster buffer");
         return (0);