[Libreoffice-commits] core.git: vcl/source

Herbert Dürr hdu at apache.org
Fri May 10 08:40:23 PDT 2013 

 vcl/source/filter/jpeg/JpegReader.cxx |   21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

New commits:
commit 6ae4e72ec510e2dd0496d181ba429b1d51716667
Author: Herbert Dürr <hdu at apache.org>
Date:   Wed Jul 18 08:26:36 2012 +0000

    Resolves: #i120306# enforce finite memory consumption of loaded jpeg
    
    Patch-by: orw
    Tested-by: orw
    (cherry picked from commit 7a8c7f6a6ceb29bf754e24f07ef92fcee4b925c3)
    
    Conflicts:
    	svtools/source/filter/jpeg/jpeg.cxx
    
    Change-Id: Icda84dad6b5a8395f8592fdba479b194d4cc7ff7

diff --git a/vcl/source/filter/jpeg/JpegReader.cxx b/vcl/source/filter/jpeg/JpegReader.cxx
index 1fa4fa9..c139471 100644
--- a/vcl/source/filter/jpeg/JpegReader.cxx
+++ b/vcl/source/filter/jpeg/JpegReader.cxx
@@ -35,6 +35,13 @@ extern "C"
 
 #define JPEG_MIN_READ 512
 #define BUFFER_SIZE  4096
+namespace {
+    // Arbitrary maximal size (256M) of bitmaps after they have been decoded.
+    // It is used to prevent excessive swapping due to large buffers in
+    // virtual memory.
+    // May have to be tuned if it turns out to be too large or too small.
+    static const sal_uInt64 MAX_BITMAP_BYTE_SIZE = sal_uInt64(256 * 1024 * 1024);
+}
 
 extern "C" void* CreateBitmapFromJPEGReader( void* pJPEGReader, void* pJPEGCreateBitmapParam )
 {
@@ -211,6 +218,9 @@ void* JPEGReader::CreateBitmap( void* _pParam )
     if (pParam->nWidth > SAL_MAX_INT32 / 8 || pParam->nHeight > SAL_MAX_INT32 / 8)
         return NULL; // avoid overflows later
 
+    if (pParam->nWidth <= 0 || pParam->nHeight <=0)
+        return NULL;
+
     Size        aSize( pParam->nWidth, pParam->nHeight );
     sal_Bool    bGray = pParam->bGray != 0;
 
@@ -219,6 +229,8 @@ void* JPEGReader::CreateBitmap( void* _pParam )
     if( mpAcc )
     {
         maBmp.ReleaseAccess( mpAcc );
+        maBmp = Bitmap();
+        mpAcc = NULL;
     }
 
     sal_uInt64 nSize = aSize.Width();
@@ -226,6 +238,14 @@ void* JPEGReader::CreateBitmap( void* _pParam )
     if (nSize > SAL_MAX_INT32 / 24)
         return NULL;
 
+    // Check if the bitmap is untypically large.
+    if (nSize*(bGray?1:3) > MAX_BITMAP_BYTE_SIZE)
+    {
+        // Do not try to acquire resources for the large bitmap or to
+        // read the bitmap into memory.
+        return NULL;
+    }
+
     if( bGray )
     {
         BitmapPalette aGrayPal( 256 );
@@ -287,6 +307,7 @@ void* JPEGReader::CreateBitmap( void* _pParam )
     if ( !pBmpBuf )
     {
         maBmp.ReleaseAccess( mpAcc );
+        maBmp = Bitmap();
         mpAcc = NULL;
     }

More information about the Libreoffice-commits mailing list