[Libreoffice-commits] core.git: vcl/source
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Fri Feb 1 23:17:24 UTC 2019
vcl/source/gdi/dibtools.cxx | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
New commits:
commit 8b20ac021d56ed60d09614e82e12538be290264a
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Fri Feb 1 20:38:42 2019 +0000
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Sat Feb 2 00:16:55 2019 +0100
ofz#12828 svm Timeout
Change-Id: I12f493a90177838ea4f29c2b4411846df19241a4
Reviewed-on: https://gerrit.libreoffice.org/67260
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx
index fd7bb4306076..7070b6783165 100644
--- a/vcl/source/gdi/dibtools.cxx
+++ b/vcl/source/gdi/dibtools.cxx
@@ -29,6 +29,7 @@
#include <tools/stream.hxx>
#include <tools/fract.hxx>
#include <tools/helpers.hxx>
+#include <unotools/configmgr.hxx>
#include <vcl/bitmapex.hxx>
#include <vcl/bitmapaccess.hxx>
#include <vcl/outdev.hxx>
@@ -544,6 +545,12 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r
rIStm.ReadUInt32( nBMask );
}
+ const long nWidth(rHeader.nWidth);
+ const long nHeight(rHeader.nHeight);
+ long nResult = 0;
+ if (utl::ConfigManager::IsFuzzing() && (o3tl::checked_multiply(nWidth, nHeight, nResult) || nResult > 4000000))
+ return false;
+
if (bRLE)
{
if(!rHeader.nSizeImage)
@@ -561,8 +568,6 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r
}
else
{
- const long nWidth(rHeader.nWidth);
- const long nHeight(rHeader.nHeight);
if (nAlignedWidth > rIStm.remainingSize())
{
// ofz#11188 avoid timeout
More information about the Libreoffice-commits
mailing list