[Libreoffice-commits] core.git: filter/source
Caolán McNamara
caolanm at redhat.com
Sun Sep 24 15:16:00 UTC 2017
filter/source/graphicfilter/itiff/itiff.cxx | 32 ++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
New commits:
commit 384f37c0624784dea32dabb813aba937430b22be
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sun Sep 24 13:08:55 2017 +0100
ofz#3476 oom in tiff reader
Change-Id: Id103488ea0774b55521571f8b51059d06d4a0993
Reviewed-on: https://gerrit.libreoffice.org/42707
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx b/filter/source/graphicfilter/itiff/itiff.cxx
index 9e5c6c62cfc0..083143600fc0 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -1366,6 +1366,38 @@ bool TIFFReader::ReadTIFF(SvStream & rTIFF, Graphic & rGraphic )
if ( bStatus )
{
+ //sanity check consider ReadMap condition for last row and
+ //last plane
+ if (nCompression == 1 || nCompression == 32771)
+ {
+ sal_uInt32 nStripBytesPerRow;
+ if (nCompression == 1)
+ nStripBytesPerRow = nBytesPerRow;
+ else
+ nStripBytesPerRow = ( nBytesPerRow + 1 ) & 0xfffffffe;
+ sal_uInt32 np = nPlanes - 1;
+ if (np >= SAL_N_ELEMENTS(aMap))
+ bStatus = false;
+ sal_Int32 ny = nImageLength - 1;
+ sal_uInt32 nStrip(0);
+ if (bStatus)
+ {
+ nStrip = ny / GetRowsPerStrip() + np * nStripsPerPlane;
+ if (nStrip >= aStripOffsets.size())
+ bStatus = false;
+ }
+ if (bStatus)
+ {
+ auto nStart = aStripOffsets[ nStrip ] + ( ny % GetRowsPerStrip() ) * nStripBytesPerRow;
+ auto nEnd = nStart + nBytesPerRow;
+ if (nEnd > nEndOfFile)
+ bStatus = false;
+ }
+ }
+ }
+
+ if ( bStatus )
+ {
pAlphaMask.reset();
Size aTargetSize(nImageWidth, nImageLength);
aBitmap = Bitmap(aTargetSize, nDstBitsPerPixel);
More information about the Libreoffice-commits
mailing list