[Libreoffice-commits] core.git: filter/source
Caolán McNamara
caolanm at redhat.com
Wed Sep 27 19:29:19 UTC 2017
filter/source/graphicfilter/itiff/itiff.cxx | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
New commits:
commit 5a0f4d00d2e74785f2bffafc5daf85a3839d3961
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Sep 27 14:43:03 2017 +0100
ofz#3499 oom in tiff reader
Change-Id: I2b9e98ed3a6749e2ee83a566ec857c1080e452f3
Reviewed-on: https://gerrit.libreoffice.org/42861
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx b/filter/source/graphicfilter/itiff/itiff.cxx
index 1521432eca84..ecda46305201 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -1407,6 +1407,33 @@ bool TIFFReader::ReadTIFF(SvStream & rTIFF, Graphic & rGraphic )
bStatus = false;
}
}
+ else if (nCompression == 2 || nCompression == 3 || nCompression == 4)
+ {
+ if (nCompression == 3 && nGroup3Options & 0xfffffffa)
+ bStatus = false;
+ else if (nCompression == 4 && nGroup4Options & 0xffffffff)
+ bStatus = false;
+ sal_uInt32 np = nPlanes - 1;
+ if (np >= SAL_N_ELEMENTS(aMap))
+ bStatus = false;
+ sal_Int32 ny = nImageLength - 1;
+ sal_uInt32 nStrip(0);
+ nDiv = GetRowsPerStrip();
+ if (bStatus)
+ bStatus = nDiv != 0;
+ if (bStatus)
+ {
+ nStrip = ny / nDiv + np * nStripsPerPlane;
+ if (nStrip >= aStripOffsets.size())
+ bStatus = false;
+ }
+ if (bStatus)
+ {
+ auto nStart = aStripOffsets[nStrip];
+ if (nStart > nEndOfFile)
+ bStatus = false;
+ }
+ }
}
if ( bStatus )
More information about the Libreoffice-commits
mailing list