[Libreoffice-commits] core.git: vcl/source

Caolán McNamara (via logerrit) logerrit at kemper.freedesktop.org
Tue Dec 22 12:20:34 UTC 2020 

 vcl/source/gdi/dibtools.cxx |   19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

New commits:
commit 6d6d104cbb382d0045e1f04b12d268992fa5c624
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Dec 22 09:58:17 2020 +0000
Commit:     Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Dec 22 13:19:47 2020 +0100

    oss-fuzz: bmpfuzzer doesn't pass sanity check
    
    Step #5:     #6 0x63cceff in __cxa_throw (/tmp/not-out/bmpfuzzer+0x63cceff)
    Step #5:     #7 0x4f121a in SvStream::ReadUInt16(unsigned short&) (/tmp/not-out/bmpfuzzer+0x4f121a)
    Step #5:     #8 0x53919f in (anonymous namespace)::ImplReadDIBFileHeader(SvStream&, unsigned long&) (/tmp/not-out/bmpfuzzer+0x53919f)
    Step #5:     #9 0x5375c7 in (anonymous namespace)::ImplReadDIB(Bitmap&, AlphaMask*, SvStream&, bool, bool, bool) (/tmp/not-out/bmpfuzzer+0x5375c7)
    Step #5:     #10 0x537483 in ReadDIB(Bitmap&, SvStream&, bool, bool) (/tmp/not-out/bmpfuzzer+0x537483)
    
    Change-Id: I220f05ff92399dda6811df45bb9c2111e525d916
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108150
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx
index 4361f8b14053..a284d2022d24 100644
--- a/vcl/source/gdi/dibtools.cxx
+++ b/vcl/source/gdi/dibtools.cxx
@@ -1649,22 +1649,29 @@ bool ImplReadDIB(
     bool bMSOFormat=false)
 {
     const SvStreamEndian nOldFormat(rIStm.GetEndian());
-    const sal_uLong nOldPos(rIStm.Tell());
+    const auto nOldPos(rIStm.Tell());
     sal_uLong nOffset(0);
     bool bRet(false);
 
     rIStm.SetEndian(SvStreamEndian::LITTLE);
 
-    if(bFileHeader)
+    try
     {
-        if(ImplReadDIBFileHeader(rIStm, nOffset))
+        if(bFileHeader)
         {
-            bRet = ImplReadDIBBody(rIStm, rTarget, nOffset >= DIBV5HEADERSIZE ? pTargetAlpha : nullptr, nOffset, bIsMask, bMSOFormat);
+            if(ImplReadDIBFileHeader(rIStm, nOffset))
+            {
+                bRet = ImplReadDIBBody(rIStm, rTarget, nOffset >= DIBV5HEADERSIZE ? pTargetAlpha : nullptr, nOffset, bIsMask, bMSOFormat);
+            }
+        }
+        else
+        {
+            bRet = ImplReadDIBBody(rIStm, rTarget, nullptr, nOffset, bIsMask, bMSOFormat);
         }
     }
-    else
+    catch (const SvStreamEOFException&)
     {
-        bRet = ImplReadDIBBody(rIStm, rTarget, nullptr, nOffset, bIsMask, bMSOFormat);
+        SAL_WARN("vcl", "EOF");
     }
 
     if(!bRet)

More information about the Libreoffice-commits mailing list