fix: add integer overflow checks to allocation size calculations 
https://gitlab.com/libtiff/libtiff/-/commit/67713aaea9e29793763db732249c7bf2c1e12e8d

Index: libtiff/tif_dirwrite.c
--- libtiff/tif_dirwrite.c.orig
+++ libtiff/tif_dirwrite.c
@@ -2537,7 +2537,7 @@ static int TIFFWriteDirectoryTagCheckedRationalArray(T
         EvaluateIFDdatasizeWrite(tif, count * 2, sizeof(uint32_t), ndir);
         return 1;
     }
-    m = _TIFFmallocExt(tif, count * 2 * sizeof(uint32_t));
+    m = _TIFFCheckMalloc(tif, count, 2 * sizeof(uint32_t), "for rational array");
     if (m == NULL)
     {
         TIFFErrorExtR(tif, module, "Out of memory");
@@ -2573,7 +2573,7 @@ static int TIFFWriteDirectoryTagCheckedSrationalArray(
         EvaluateIFDdatasizeWrite(tif, count * 2, sizeof(int32_t), ndir);
         return 1;
     }
-    m = _TIFFmallocExt(tif, count * 2 * sizeof(int32_t));
+    m = _TIFFCheckMalloc(tif, count, 2 * sizeof(int32_t), "for srational array");
     if (m == NULL)
     {
         TIFFErrorExtR(tif, module, "Out of memory");
@@ -2610,7 +2610,7 @@ TIFFWriteDirectoryTagCheckedRationalDoubleArray(TIFF *
         EvaluateIFDdatasizeWrite(tif, count * 2, sizeof(uint32_t), ndir);
         return 1;
     }
-    m = _TIFFmallocExt(tif, count * 2 * sizeof(uint32_t));
+    m = _TIFFCheckMalloc(tif, count, 2 * sizeof(uint32_t), "for rational double array");
     if (m == NULL)
     {
         TIFFErrorExtR(tif, module, "Out of memory");
@@ -2645,7 +2645,7 @@ static int TIFFWriteDirectoryTagCheckedSrationalDouble
         EvaluateIFDdatasizeWrite(tif, count * 2, sizeof(int32_t), ndir);
         return 1;
     }
-    m = _TIFFmallocExt(tif, count * 2 * sizeof(int32_t));
+    m = _TIFFCheckMalloc(tif, count, 2 * sizeof(int32_t), "for srational double array");
     if (m == NULL)
     {
         TIFFErrorExtR(tif, module, "Out of memory");
