[Libreoffice-commits] core.git: Branch 'libreoffice-5-0' - filter/qa filter/source
Caolán McNamara
caolanm at redhat.com
Mon Jul 20 02:14:17 PDT 2015
filter/qa/cppunit/data/tiff/fail/crash-6.tiff |binary
filter/source/graphicfilter/itiff/itiff.cxx | 2 ++
2 files changed, 2 insertions(+)
New commits:
commit 4b96ee2d118c7d59408f361390158b7c8375cbf8
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jul 20 09:24:48 2015 +0100
final check np bounds
Change-Id: I9213bb2cc059e05e286598edac03bd72c84db876
(cherry picked from commit dcbbe7741a08f6076f9e020f90cbb730c1edafb9)
Reviewed-on: https://gerrit.libreoffice.org/17212
Reviewed-by: Michael Meeks <michael.meeks at collabora.com>
Tested-by: Michael Meeks <michael.meeks at collabora.com>
diff --git a/filter/qa/cppunit/data/tiff/fail/crash-6.tiff b/filter/qa/cppunit/data/tiff/fail/crash-6.tiff
new file mode 100644
index 0000000..907b510
Binary files /dev/null and b/filter/qa/cppunit/data/tiff/fail/crash-6.tiff differ
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx b/filter/source/graphicfilter/itiff/itiff.cxx
index 7a5d487..4fa050d 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -551,6 +551,8 @@ bool TIFFReader::ReadMap()
if ( nStrip >= nNumStripOffsets )
return false;
pTIFF->Seek( pStripOffsets[ nStrip ] + ( ny % GetRowsPerStrip() ) * nStripBytesPerRow );
+ if (np >= SAL_N_ELEMENTS(pMap))
+ return false;
pTIFF->Read( pMap[ np ], nBytesPerRow );
if ( pTIFF->GetError() )
return false;
More information about the Libreoffice-commits
mailing list