diff options
author | Caolán McNamara <caolanm@redhat.com> | 2017-01-06 20:54:19 +0000 |
---|---|---|
committer | Ashod Nakashian <ashod.nakashian@collabora.co.uk> | 2017-12-18 01:07:39 -0500 |
commit | 10ac3111dce63e0f651f12f0943e5054feb36a08 (patch) | |
tree | 8c24806fe53fba54992d3a69bfb66a2c93bf8714 | |
parent | 6625510ed71bf11fc91eae3642efbb2a6206cbaa (diff) |
oss-fuzz: make max sane bitmap allocation smaller
(cherry picked from commit a6b6980afa443b3d317de5f24d993f939073d73a)
Change-Id: I0b924f615ed4652ce605c12d2d2e9ca2ad2befbf
(cherry picked from commit 5276062670a8a8b7e072917ddc1e58c2a4cc8124)
-rw-r--r-- | vcl/headless/svpbmp.cxx | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/vcl/headless/svpbmp.cxx b/vcl/headless/svpbmp.cxx index 967fd910bec3..ad14169b7243 100644 --- a/vcl/headless/svpbmp.cxx +++ b/vcl/headless/svpbmp.cxx @@ -140,7 +140,7 @@ BitmapBuffer* ImplCreateDIB( size_t size; bFail = o3tl::checked_multiply<size_t>(pDIB->mnHeight, pDIB->mnScanlineSize, size); SAL_WARN_IF(bFail, "vcl.gdi", "checked multiply failed"); - if (bFail) + if (bFail || size > SAL_MAX_INT32/2) { delete pDIB; return nullptr; @@ -194,7 +194,7 @@ bool SvpSalBitmap::Create(const SalBitmap& rBmp) mpDIB = new BitmapBuffer( *rSalBmp.mpDIB ); const size_t size = mpDIB->mnScanlineSize * mpDIB->mnHeight; - if (size > SAL_MAX_INT32) + if (size > SAL_MAX_INT32/2) { delete mpDIB; mpDIB = nullptr; |