[Libreoffice-commits] core.git: Branch 'libreoffice-4-4' - filter/qa filter/source
Caolán McNamara
caolanm at redhat.com
Mon Jul 20 02:13:58 PDT 2015
filter/qa/cppunit/data/tiff/fail/crash-5.tiff |binary
filter/source/graphicfilter/itiff/itiff.cxx | 2 ++
2 files changed, 2 insertions(+)
New commits:
commit 1b50cbe9aac1f57ac325799931abcd60e88d51b6
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jul 20 08:50:27 2015 +0100
check np bounds yet again
Change-Id: Id3f6fdc0ebed9711acec5d71f404e7a6072b765c
(cherry picked from commit bca4d6f896fb12ceff37476c43ea8892898dd385)
Reviewed-on: https://gerrit.libreoffice.org/17208
Reviewed-by: Michael Meeks <michael.meeks at collabora.com>
Tested-by: Michael Meeks <michael.meeks at collabora.com>
diff --git a/filter/qa/cppunit/data/tiff/fail/crash-5.tiff b/filter/qa/cppunit/data/tiff/fail/crash-5.tiff
new file mode 100644
index 0000000..4849edf
Binary files /dev/null and b/filter/qa/cppunit/data/tiff/fail/crash-5.tiff differ
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx b/filter/source/graphicfilter/itiff/itiff.cxx
index 20d3768..69067c5 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -682,6 +682,8 @@ bool TIFFReader::ReadMap( sal_uLong nMinPercent, sal_uLong nMaxPercent )
pTIFF->Seek(pStripOffsets[nStrip]);
}
nRowBytesLeft = nBytesPerRow;
+ if (np >= SAL_N_ELEMENTS(pMap))
+ return false;
pdst=pMap[ np ];
do
{
More information about the Libreoffice-commits
mailing list