From eb8421312b9b53c818766cc997edb8f455572b23 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 9 Jan 2025 04:46:06 +0100
Subject: [PATCH] third_party/libertiff: avoid issue with invalid offline tags
 with value offset at zero

Fixes https://issues.oss-fuzz.com/issues/388571282
---
 third_party/libertiff/libertiff.hpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/third_party/libertiff/libertiff.hpp b/third_party/libertiff/libertiff.hpp
index 1ea5e71d085f..de5fd2ec7706 100644
--- a/third_party/libertiff/libertiff.hpp
+++ b/third_party/libertiff/libertiff.hpp
@@ -1525,6 +1525,14 @@ class Image
         {
             // Out-of-line values. We read a file offset
             entry.value_offset = m_rc->read<DataOrOffsetType>(offset, ok);
+            if (entry.value_offset == 0)
+            {
+                // value_offset = 0 for a out-of-line tag is obviously
+                // wrong and would cause later confusion in readTagAsVector<>,
+                // so better reject the file.
+                ok = false;
+                return;
+            }
             if (dataTypeSize >
                 std::numeric_limits<uint64_t>::max() / entry.count)
             {