[Libreoffice-commits] core.git: Branch 'libreoffice-4-4' - filter/qa filter/source
Caolán McNamara
caolanm at redhat.com
Sun Jul 19 23:19:41 PDT 2015
filter/qa/cppunit/data/tiff/fail/crash-2.tiff |binary
filter/source/graphicfilter/itiff/itiff.cxx | 2 ++
2 files changed, 2 insertions(+)
New commits:
commit eef542a9ff26856a52a80f413173e754c4960e42
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sun Jul 19 21:25:46 2015 +0100
check np bounds
(cherry picked from commit be4e1141be7cd54cf5362d3de534050db5505437)
Change-Id: Id16ae9325f3c67792941b9c88d83435aa98282ca
Reviewed-on: https://gerrit.libreoffice.org/17200
Reviewed-by: David Tardon <dtardon at redhat.com>
Tested-by: David Tardon <dtardon at redhat.com>
diff --git a/filter/qa/cppunit/data/tiff/fail/crash-2.tiff b/filter/qa/cppunit/data/tiff/fail/crash-2.tiff
new file mode 100644
index 0000000..aadd99f
Binary files /dev/null and b/filter/qa/cppunit/data/tiff/fail/crash-2.tiff differ
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx b/filter/source/graphicfilter/itiff/itiff.cxx
index 6d1be66..dc556f3 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -619,6 +619,8 @@ bool TIFFReader::ReadMap( sal_uLong nMinPercent, sal_uLong nMaxPercent )
pTIFF->Seek( pStripOffsets[ nStrip ] );
aCCIDecom.StartDecompression( *pTIFF );
}
+ if (np >= SAL_N_ELEMENTS(pMap))
+ return false;
if ( aCCIDecom.DecompressScanline( pMap[ np ], nImageWidth * nBitsPerSample * nSamplesPerPixel / nPlanes, np + 1 == nPlanes ) == false )
return false;
if ( pTIFF->GetError() )
More information about the Libreoffice-commits
mailing list