ofz#47591 avoid OOM

Change-Id: Ic36cae516177d58a2bbf34a1afc2f843cdc431d7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134868
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>

1 files changed, 11 insertions, 0 deletions

diff --git a/vcl/source/filter/itiff/itiff.cxx b/vcl/source/filter/itiff/itiff.cxx
index b682d759f115..41255140617a 100644
--- a/vcl/source/filter/itiff/itiff.cxx
+++ b/vcl/source/filter/itiff/itiff.cxx
@@ -25,6 +25,7 @@
 #include <vcl/animate/Animation.hxx>
 #include <bitmap/BitmapWriteAccess.hxx>
 #include <tools/stream.hxx>
+#include <unotools/configmgr.hxx>
 
 #include <tiffio.h>
 
@@ -125,6 +126,16 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic& rGraphic)
             break;
         }
 
+        if (utl::ConfigManager::IsFuzzing())
+        {
+            const uint64_t MAX_SIZE = 500000000;
+            if (TIFFTileSize64(tif) > MAX_SIZE)
+            {
+                SAL_WARN("filter.tiff", "skipping large tiffs");
+                return false;
+            }
+        }
+
         size_t npixels = w * h;
         std::vector<uint32_t> raster(npixels);
         if (TIFFReadRGBAImageOriented(tif, w, h, raster.data(), ORIENTATION_TOPLEFT, 1))