diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2021-08-03 10:29:41 +0200 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2021-08-03 11:49:24 +0200 |
| commit | 39d364958447cd33a6e30dc9d2904ad94fd40aba (patch) | |
| tree | 996713b64c793ec72ad140aded021096eef1e0e9 | |
| parent | 9c7e8b416d5555718f9d12fb89668a1fe7234c01 (diff) | |
Avoid unsigned integer subtraction causing wrap-around
...to a too-large positive value, causing `instdir/program/soffice --headless
--convert-to epub` of cloudon/File_1149.docx from the crash-testing corpus to
fail under UBSan with
> writerfilter/source/dmapper/GraphicImport.cxx:562:27: runtime error: 7.73093e+11 is outside the range of representable values of type 'int'
> #0 in writerfilter::dmapper::GraphicImport::lcl_correctWord2007EffectExtent(int) at writerfilter/source/dmapper/GraphicImport.cxx:562:27
[...]
(where sal_uInt32 m_pImpl->getXSize() was 3731 and sal_uInt32
m_pImpl->getYSize() was 10583)
Change-Id: Id0ae9d6e46c977753d11cc2496ba5d240d3102bc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119926
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
| -rw-r--r-- | writerfilter/source/dmapper/GraphicImport.cxx | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/writerfilter/source/dmapper/GraphicImport.cxx b/writerfilter/source/dmapper/GraphicImport.cxx index 8ed707c2917f..d7c842ea9d69 100644 --- a/writerfilter/source/dmapper/GraphicImport.cxx +++ b/writerfilter/source/dmapper/GraphicImport.cxx @@ -559,8 +559,9 @@ void GraphicImport::lcl_correctWord2007EffectExtent(const sal_Int32 nMSOAngle) sal_Int16 nAngleDeg = (nMSOAngle / 60000) % 180; if (nAngleDeg >= 45 && nAngleDeg < 135) { - sal_Int32 nDiff = o3tl::convert((m_pImpl->getXSize() - m_pImpl->getYSize()) / 2.0, - o3tl::Length::mm100, o3tl::Length::emu); + sal_Int32 nDiff = o3tl::convert( + (double(m_pImpl->getXSize()) - double(m_pImpl->getYSize())) / 2.0, + o3tl::Length::mm100, o3tl::Length::emu); if (m_pImpl->m_oEffectExtentLeft) *m_pImpl->m_oEffectExtentLeft += nDiff; if (m_pImpl->m_oEffectExtentRight) |