[Libreoffice-commits] core.git: emfio/source
Caolán McNamara
caolanm at redhat.com
Mon Nov 20 08:58:33 UTC 2017
emfio/source/reader/emfreader.cxx | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
New commits:
commit 5cfbc855141a7f5c5583aadc8ef8541ed582d139
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Nov 18 15:21:58 2017 +0000
ofz#4318 Integer-overflow
Change-Id: I7ad1f39d82e44e4fa8dd78700b25deea0c19c81a
Reviewed-on: https://gerrit.libreoffice.org/44913
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/emfio/source/reader/emfreader.cxx b/emfio/source/reader/emfreader.cxx
index 6ee222d427cb..e4f89420b930 100644
--- a/emfio/source/reader/emfreader.cxx
+++ b/emfio/source/reader/emfreader.cxx
@@ -1259,12 +1259,15 @@ namespace emfio
mpInputStream->ReadUInt32( BkColorSrc ).ReadUInt32( iUsageSrc ).ReadUInt32( offBmiSrc ).ReadUInt32( cbBmiSrc )
.ReadUInt32( offBitsSrc ).ReadUInt32( cbBitsSrc ).ReadInt32( cxSrc ).ReadInt32( cySrc ) ;
- tools::Rectangle aRect( Point( xDest, yDest ), Size( cxDest+1, cyDest+1 ) );
-
- if ( (cbBitsSrc > (SAL_MAX_UINT32 - 14)) || ((SAL_MAX_UINT32 - 14) - cbBitsSrc < cbBmiSrc) )
+ if ( (cbBitsSrc > (SAL_MAX_UINT32 - 14)) || ((SAL_MAX_UINT32 - 14) - cbBitsSrc < cbBmiSrc) ||
+ cxDest == SAL_MAX_INT32 || cyDest == SAL_MAX_INT32 )
+ {
bStatus = false;
+ }
else
{
+ tools::Rectangle aRect(Point(xDest, yDest), Size(cxDest + 1, cyDest + 1));
+
const sal_uInt32 nSourceSize = cbBmiSrc + cbBitsSrc + 14;
bool bSafeRead = nSourceSize <= (mnEndPos - mnStartPos);
sal_uInt32 nDeltaToDIB5HeaderSize(0);
More information about the Libreoffice-commits
mailing list