[Libreoffice-commits] core.git: sw/source

Caolán McNamara (via logerrit) logerrit at kemper.freedesktop.org
Thu Jul 1 11:26:44 UTC 2021 

 sw/source/filter/ww8/ww8graf.cxx  |   11 ++++++++++-
 sw/source/filter/ww8/ww8graf2.cxx |   12 ++++++------
 2 files changed, 16 insertions(+), 7 deletions(-)

New commits:
commit 813f6e7c9de6898f42ed28ca8bf7a6fb62a4bb2a
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Thu Jul 1 11:01:47 2021 +0100
Commit:     Caolán McNamara <caolanm at redhat.com>
CommitDate: Thu Jul 1 13:26:11 2021 +0200

    ofz#30657 Timeout, ignore duplicate images when fuzzing
    
    Change-Id: I4471379ad60a96f63ff53a441b801d48197b021c
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118216
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/sw/source/filter/ww8/ww8graf.cxx b/sw/source/filter/ww8/ww8graf.cxx
index b5835a0da9e5..fe283e7972dd 100644
--- a/sw/source/filter/ww8/ww8graf.cxx
+++ b/sw/source/filter/ww8/ww8graf.cxx
@@ -1447,7 +1447,16 @@ void SwWW8ImplReader::ReadGrafLayer1(WW8PLCFspecial& rPF, tools::Long nGrafAncho
         return;
     }
 
-    bool bCouldSeek = checkSeek(*m_pStrm, SVBT32ToUInt32(pF->fc));
+    sal_uInt32 nPosFc = SVBT32ToUInt32(pF->fc);
+
+    //skip duplicate graphics when fuzzing
+    if (m_bFuzzing)
+    {
+        if (!m_aGrafPosSet.insert(nPosFc).second)
+            return;
+    }
+
+    bool bCouldSeek = checkSeek(*m_pStrm, nPosFc);
     OSL_ENSURE(bCouldSeek, "Invalid graphic offset");
     if (!bCouldSeek)
         return;
diff --git a/sw/source/filter/ww8/ww8graf2.cxx b/sw/source/filter/ww8/ww8graf2.cxx
index 266feac64975..599abce76fc3 100644
--- a/sw/source/filter/ww8/ww8graf2.cxx
+++ b/sw/source/filter/ww8/ww8graf2.cxx
@@ -258,12 +258,6 @@ bool SwWW8ImplReader::ReadGrafFile(OUString& rFileName, std::unique_ptr<Graphic>
             return !rFileName.isEmpty();        // read was successful
     }
 
-    GDIMetaFile aWMF;
-    bool bOk = checkSeek(*pSt, nPosFc) && ReadWindowMetafile( *pSt, aWMF );
-
-    if (!bOk || pSt->GetError() || !aWMF.GetActionSize())
-        return false;
-
     //skip duplicate graphics when fuzzing
     if (m_bFuzzing)
     {
@@ -271,6 +265,12 @@ bool SwWW8ImplReader::ReadGrafFile(OUString& rFileName, std::unique_ptr<Graphic>
             return false;
     }
 
+    GDIMetaFile aWMF;
+    bool bOk = checkSeek(*pSt, nPosFc) && ReadWindowMetafile( *pSt, aWMF );
+
+    if (!bOk || pSt->GetError() || !aWMF.GetActionSize())
+        return false;
+
     if (m_xWwFib->m_envr != 1) // !MAC as creator
     {
         rpGraphic.reset(new Graphic(aWMF));

More information about the Libreoffice-commits mailing list