[Libreoffice-commits] core.git: vcl/source
Caolán McNamara
caolanm at redhat.com
Mon Jan 22 21:24:36 UTC 2018
vcl/source/filter/igif/gifread.cxx | 27 ++++++++++++++-------------
1 file changed, 14 insertions(+), 13 deletions(-)
New commits:
commit 3d30a39ee92678f6a4e71bd450fc044636adedab
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 22 13:02:24 2018 +0000
ofz#5573 Out of memory
Change-Id: Ifb5cfdd87d7b26d18fcb66279afa7ef06beea9e3
Reviewed-on: https://gerrit.libreoffice.org/48323
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/vcl/source/filter/igif/gifread.cxx b/vcl/source/filter/igif/gifread.cxx
index ea92b3ee1a0c..5667960c5766 100644
--- a/vcl/source/filter/igif/gifread.cxx
+++ b/vcl/source/filter/igif/gifread.cxx
@@ -157,19 +157,7 @@ void GIFReader::CreateBitmaps( long nWidth, long nHeight, BitmapPalette* pPal,
{
const Size aSize( nWidth, nHeight );
-#if SAL_TYPES_SIZEOFPOINTER == 8
- // Don't bother allocating a bitmap of a size that would fail on a
- // 32-bit system. We have at least one unit tests that is expected
- // to fail (loading a 65535*65535 size GIF
- // svtools/qa/cppunit/data/gif/fail/CVE-2008-5937-1.gif), but
- // which doesn't fail on 64-bit Mac OS X at least. Why the loading
- // fails on 64-bit Linux, no idea.
- if (nWidth >= 64000 && nHeight >= 64000)
- {
- bStatus = false;
- return;
- }
-#endif
+ sal_uInt64 nCombinedPixSize = nWidth * nHeight;
// "Overall data compression asymptotically approaches 3839 × 8 / 12 = 2559 1/3"
// so assume compression of 1:2560 is possible
@@ -181,6 +169,7 @@ void GIFReader::CreateBitmaps( long nWidth, long nHeight, BitmapPalette* pPal,
{
const Size& rSize = aAnimation.Get(i).aSizePix;
nMinFileData += rSize.Width() * rSize.Height() / 2560;
+ nCombinedPixSize += rSize.Width() * rSize.Height();
}
if (nMaxStreamData < nMinFileData)
@@ -192,6 +181,18 @@ void GIFReader::CreateBitmaps( long nWidth, long nHeight, BitmapPalette* pPal,
return;
}
+ // Don't bother allocating a bitmap of a size that would fail on a
+ // 32-bit system. We have at least one unit tests that is expected
+ // to fail (loading a 65535*65535 size GIF
+ // svtools/qa/cppunit/data/gif/fail/CVE-2008-5937-1.gif), but
+ // which doesn't fail on 64-bit Mac OS X at least. Why the loading
+ // fails on 64-bit Linux, no idea.
+ if (nCombinedPixSize >= 64000U * 64000U)
+ {
+ bStatus = false;
+ return;
+ }
+
if( bGCTransparent )
{
const Color aWhite( COL_WHITE );
More information about the Libreoffice-commits
mailing list