[Libreoffice-commits] core.git: vcl/source
Stephan Bergmann
sbergman at redhat.com
Thu Jun 19 09:16:37 PDT 2014
vcl/source/gdi/dibtools.cxx | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
New commits:
commit 0b350e841db8c4b268cfe1c58ac400a7437ff605
Author: Stephan Bergmann <sbergman at redhat.com>
Date: Thu Jun 19 18:16:11 2014 +0200
Avoid overflow
Change-Id: Iedcde3411a1bfeb1eb0207f572c8befe2071f54c
diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx
index b61a1ad..52708e7 100644
--- a/vcl/source/gdi/dibtools.cxx
+++ b/vcl/source/gdi/dibtools.cxx
@@ -17,6 +17,10 @@
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
+#include <sal/config.h>
+
+#include <cassert>
+
#include <vcl/salbtype.hxx>
#include <vcl/dibtools.hxx>
#include <tools/zcodec.hxx>
@@ -240,7 +244,10 @@ bool ImplReadDIBInfoHeader(SvStream& rIStm, DIBV5Header& rHeader, bool& bTopDown
}
// #144105# protect a little against damaged files
- if( rHeader.nSizeImage > ( 16 * static_cast< sal_uInt32 >( rHeader.nWidth * rHeader.nHeight ) ) )
+ assert(rHeader.nHeight >= 0);
+ if (rHeader.nHeight != 0 && rHeader.nWidth >= 0
+ && (rHeader.nSizeImage / 16 / static_cast<sal_uInt32>(rHeader.nHeight)
+ > static_cast<sal_uInt32>(rHeader.nWidth)))
{
rHeader.nSizeImage = 0;
}
More information about the Libreoffice-commits
mailing list