[Libreoffice-commits] core.git: filter/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Tue Mar 3 12:59:22 UTC 2020
filter/source/graphicfilter/ipict/ipict.cxx | 3 +++
1 file changed, 3 insertions(+)
New commits:
commit 43518b29fddc7b824bdb1f7c8d2efcd220d6bc72
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Mar 3 10:30:51 2020 +0000
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Mar 3 13:58:49 2020 +0100
cid#1458434 Untrusted loop bound
Change-Id: I3fd06ddf1548c1d6b5d8e91db944d2c720040718
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/89873
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/filter/source/graphicfilter/ipict/ipict.cxx b/filter/source/graphicfilter/ipict/ipict.cxx
index bbd59c055d34..fe9475d36170 100644
--- a/filter/source/graphicfilter/ipict/ipict.cxx
+++ b/filter/source/graphicfilter/ipict/ipict.cxx
@@ -1078,6 +1078,9 @@ sal_uInt64 PictReader::ReadPixMapEtc( BitmapEx &rBitmap, bool bBaseAddr, bool bC
pBitmap.reset(new vcl::bitmap::RawBitmap( Size(nWidth, nHeight), 24 ));
+ // cid#1458434 to sanitize Untrusted loop bound
+ nWidth = pBitmap->Width();
+
size_t nByteWidth = static_cast<size_t>(nWidth) * nCmpCount;
std::vector<sal_uInt8> aScanline(nByteWidth);
for (sal_uInt16 ny = 0; ny < nHeight; ++ny)
More information about the Libreoffice-commits
mailing list