runtime error: division by zero (src/openslide-decode-tifflike.c:304)

[geeknik]

While fuzzing openslide 199a9c9 with AFL and UBSan, a division by zero runtime error was triggered in this block of code. Line 304 is CONVERT_VALUES_RATIONAL(item->floats, int32_t, buf, item->count);.

case TIFF_SRATIONAL:
    // convert 2 slongs into rational
    if (!item->floats) {
      ALLOC_VALUES_OR_FAIL(item->floats, double, item->count);
      CONVERT_VALUES_RATIONAL(item->floats, int32_t, buf, item->count);
    }
    break;

UBSAN_OPTIONS=print_stacktrace=1:halt_on_error=1 ../../test test000

version: 3.4.1
src/openslide-decode-tifflike.c:304:7: runtime error: division by zero
    #0 0x5085fc in set_item_values /root/openslide/src/openslide-decode-tifflike.c:304:7
    #1 0x5033a0 in populate_item /root/openslide/src/openslide-decode-tifflike.c:372:8
    #2 0x5047a9 in _openslide_tifflike_get_buffer /root/openslide/src/openslide-decode-tifflike.c:965:24
    #3 0x566765 in trestle_detect /root/openslide/src/openslide-vendor-trestle.c:179:26
    #4 0x4f11c4 in detect_format /root/openslide/src/openslide.c:123:9
    #5 0x4f0d5a in openslide_detect_vendor /root/openslide/src/openslide.c:182:44
    #6 0x4ee30d in main /root/openslide/test/test.c:252:50
    #7 0x7fd406cbfb44 in __libc_start_main /build/glibc-6V9RKT/glibc-2.19/csu/libc-start.c:287
    #8 0x423c4b in _start (/root/openslide/test/test+0x423c4b)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/openslide-decode-tifflike.c:304:7 in

Started life as a TIFF: test000.gz