[Libreoffice-commits] core.git: Branch 'libreoffice-4-4' - filter/qa filter/source
Caolán McNamara
caolanm at redhat.com
Mon Jul 20 02:14:39 PDT 2015
filter/qa/cppunit/data/tiff/fail/crash-6.tiff |binary
filter/source/graphicfilter/itiff/itiff.cxx | 2 ++
2 files changed, 2 insertions(+)
New commits:
commit f391df6c4616910a7f3cffb4d16a2e22531e6a90
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jul 20 09:24:48 2015 +0100
final check np bounds
Change-Id: I9213bb2cc059e05e286598edac03bd72c84db876
(cherry picked from commit dcbbe7741a08f6076f9e020f90cbb730c1edafb9)
Reviewed-on: https://gerrit.libreoffice.org/17213
Reviewed-by: Michael Meeks <michael.meeks at collabora.com>
Tested-by: Michael Meeks <michael.meeks at collabora.com>
diff --git a/filter/qa/cppunit/data/tiff/fail/crash-6.tiff b/filter/qa/cppunit/data/tiff/fail/crash-6.tiff
new file mode 100644
index 0000000..907b510
Binary files /dev/null and b/filter/qa/cppunit/data/tiff/fail/crash-6.tiff differ
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx b/filter/source/graphicfilter/itiff/itiff.cxx
index 69067c5..3f7d728 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -561,6 +561,8 @@ bool TIFFReader::ReadMap( sal_uLong nMinPercent, sal_uLong nMaxPercent )
if ( nStrip >= nNumStripOffsets )
return false;
pTIFF->Seek( pStripOffsets[ nStrip ] + ( ny % GetRowsPerStrip() ) * nStripBytesPerRow );
+ if (np >= SAL_N_ELEMENTS(pMap))
+ return false;
pTIFF->Read( pMap[ np ], nBytesPerRow );
if ( pTIFF->GetError() )
return false;
More information about the Libreoffice-commits
mailing list