ofz#15993 Timeout

massive nSamplesPerPixel value, tiff spec says samples-per-pixel is supposed to be SHORT so don't accept beyond that as legal Change-Id: I3e6d3550e3b07a8d27ec4d72ecc4549dd52e50bc Reviewed-on: https://gerrit.libreoffice.org/76075 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2019-07-21 19:55:29 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2019-07-21 22:32:46 +0200
commit: 49d17d392b7c7a309b3d9264643881656d386eb1 (patch)
tree: b68cbe1cd4e3ea1759c9d2eb0fac328809a99e87
parent: a65a32fd8acf76f1bcd96113ca6866f53d9543e1 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx b/filter/source/graphicfilter/itiff/itiff.cxx
index 970e5958635f..15a4fe3d3b43 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -427,6 +427,10 @@ void TIFFReader::ReadTagData( sal_uInt16 nTagType, sal_uInt32 nDataLen)
         case 0x0115:   // Samples Per Pixel
             nSamplesPerPixel = ReadIntData();
             SAL_INFO("filter.tiff","SamplesPerPixel: " << nSamplesPerPixel);
+
+            if (nSamplesPerPixel > USHRT_MAX) // ofz#15993 the expected type is SHORT
+                bStatus = false;
+
             break;
 
         case 0x0116:   // Rows Per Strip
author	Caolán McNamara <caolanm@redhat.com>	2019-07-21 19:55:29 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2019-07-21 22:32:46 +0200
commit	49d17d392b7c7a309b3d9264643881656d386eb1 (patch)
tree	b68cbe1cd4e3ea1759c9d2eb0fac328809a99e87
parent	a65a32fd8acf76f1bcd96113ca6866f53d9543e1 (diff)