[Libreoffice-commits] core.git: vcl/source
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Fri Jan 11 11:29:46 UTC 2019
vcl/source/gdi/dibtools.cxx | 8 ++++++++
1 file changed, 8 insertions(+)
New commits:
commit bd4f12d62493509763b2a279441ac9501e830f25
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Fri Jan 11 09:28:18 2019 +0000
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Fri Jan 11 12:29:19 2019 +0100
ofz#11188 avoid timeout
Change-Id: I3726eb249e3bc290fa9bd5e8fe6747b1ce5ce9bb
Reviewed-on: https://gerrit.libreoffice.org/66149
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx
index 07c7c043f2d6..b6735649a909 100644
--- a/vcl/source/gdi/dibtools.cxx
+++ b/vcl/source/gdi/dibtools.cxx
@@ -563,6 +563,14 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r
{
const long nWidth(rHeader.nWidth);
const long nHeight(rHeader.nHeight);
+ if (nAlignedWidth > rIStm.remainingSize())
+ {
+ // ofz#11188 avoid timeout
+ // all following paths will enter a case statement, and nCount
+ // is always at least 1, so we can check here before allocation
+ // if at least one row can be read
+ return false;
+ }
std::vector<sal_uInt8> aBuf(nAlignedWidth);
const long nI(bTopDown ? 1 : -1);
More information about the Libreoffice-commits
mailing list