[Libreoffice-commits] core.git: Branch 'libreoffice-4-4' - filter/qa filter/source
Caolán McNamara
caolanm at redhat.com
Mon Jul 20 03:42:29 PDT 2015
filter/qa/cppunit/data/tiff/fail/hang-5.tiff |binary
filter/source/graphicfilter/itiff/itiff.cxx | 7 +++++--
2 files changed, 5 insertions(+), 2 deletions(-)
New commits:
commit 997e69c66bf6488184f08d59126886baaba94ffe
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jul 20 09:20:33 2015 +0100
test that nNumStripByteCounts value is within bounds of file
Change-Id: If119628d7f510a7db30ed2180111063781cde887
(cherry picked from commit 33d43205c341e0cce36b6a1b3082c3927490cbde)
Reviewed-on: https://gerrit.libreoffice.org/17211
Reviewed-by: David Tardon <dtardon at redhat.com>
Tested-by: David Tardon <dtardon at redhat.com>
diff --git a/filter/qa/cppunit/data/tiff/fail/hang-5.tiff b/filter/qa/cppunit/data/tiff/fail/hang-5.tiff
new file mode 100644
index 0000000..f1be3fa
Binary files /dev/null and b/filter/qa/cppunit/data/tiff/fail/hang-5.tiff differ
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx b/filter/source/graphicfilter/itiff/itiff.cxx
index 3f7d728..0c3fbd6 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -432,14 +432,17 @@ void TIFFReader::ReadTagData( sal_uInt16 nTagType, sal_uInt32 nDataLen)
nNumStripByteCounts = 0; // to be on the safe side
nOldNumSBC = nNumStripByteCounts;
nDataLen += nOldNumSBC;
- if ( ( nDataLen > nOldNumSBC ) && ( nDataLen < SAL_MAX_UINT32 / sizeof( sal_uInt32 ) ) )
+ size_t nMaxAllocAllowed = SAL_MAX_UINT32 / sizeof(sal_uInt32);
+ size_t nMaxRecordsAvailable = pTIFF->remainingSize() / DataTypeSize();
+ if (nDataLen > nOldNumSBC && nDataLen < nMaxAllocAllowed &&
+ (nDataLen - nOldNumSBC) <= nMaxRecordsAvailable)
{
nNumStripByteCounts = nDataLen;
try
{
pStripByteCounts = new sal_uLong[ nNumStripByteCounts ];
}
- catch (const std::bad_alloc &)
+ catch (const std::bad_alloc &)
{
pStripByteCounts = NULL;
nNumStripByteCounts = 0;
More information about the Libreoffice-commits
mailing list