diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2020-04-22 14:33:22 +0200 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2020-04-22 17:16:18 +0200 |
| commit | 09023332d0b883b18f12bc3f5417f790d2bbd8ac (patch) | |
| tree | 65283100303f134ee8021b38e05f5af9f6c2d8df | |
| parent | 4c3e5ef2419a1f67ab3a3af0248f358361ea5a8d (diff) | |
Use default density if rPPI values are too large
`instdir/program/soffice --convert-to pdf
caolan/id:001708,src:001481,op:havoc,rep:8.jpg` (with the file from
vm138.documentfoundation.org:/srv/crashtestdata/files/) failed with UBSan
float-cast-overflow
> vcl/source/filter/jpeg/jpegc.cxx:371:23: runtime error: 160000 is outside the range of representable values of type 'unsigned short'
> #0 in WriteJPEG(JPEGWriter*, void*, long, long, basegfx::B2DVector const&, bool, long, long, com::sun::star::uno::Reference<com::sun::star::task::XStatusIndicator> const&) at vcl/source/filter/jpeg/jpegc.cxx:371:23
> #1 in JPEGWriter::Write(Graphic const&) at vcl/source/filter/jpeg/JpegWriter.cxx:243:16
> #2 in ExportJPEG(SvStream&, Graphic const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const*, bool*) at vcl/source/filter/jpeg/jpeg.cxx:58:32
> #3 in GraphicFilter::ExportGraphic(Graphic const&, rtl::OUString const&, SvStream&, unsigned short, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const*) at vcl/source/filter/graphicfilter.cxx:1991:22
> #4 in (anonymous namespace)::GraphicProvider::storeGraphic(com::sun::star::uno::Reference<com::sun::star::graphic::XGraphic> const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at vcl/source/graphic/UnoGraphicProvider.cxx:818:25
> #5 in vcl::PDFWriterImpl::implWriteBitmapEx(Point const&, Size const&, BitmapEx const&, Graphic const&, VirtualDevice const*, vcl::PDFWriter::PlayMetafileContext const&) at vcl/source/gdi/pdfwriter_impl2.cxx:217:35
> #6 in vcl::PDFWriterImpl::playMetafile(GDIMetaFile const&, vcl::PDFExtOutDevData*, vcl::PDFWriter::PlayMetafileContext const&, VirtualDevice*) at vcl/source/gdi/pdfwriter_impl2.cxx:809:21
> #7 in vcl::PDFWriter::PlayMetafile(GDIMetaFile const&, vcl::PDFWriter::PlayMetafileContext const&, vcl::PDFExtOutDevData*) at vcl/source/gdi/pdfwriter.cxx:464:22
> #8 in PDFExport::ImplExportPage(vcl::PDFWriter&, vcl::PDFExtOutDevData&, GDIMetaFile const&) at filter/source/pdf/pdfexport.cxx:1094:13
> #9 in PDFExport::ExportSelection(vcl::PDFWriter&, com::sun::star::uno::Reference<com::sun::star::view::XRenderable> const&, com::sun::star::uno::Any const&, StringRangeEnumerator const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&, int) at filter/source/pdf/pdfexport.cxx:242:25
> #10 in PDFExport::Export(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at filter/source/pdf/pdfexport.cxx:955:28
> #11 in PDFFilter::implExport(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at filter/source/pdf/pdffilter.cxx:161:24
> #12 in PDFFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at filter/source/pdf/pdffilter.cxx:224:23
> #13 in SfxObjectShell::ExportTo(SfxMedium&) at sfx2/source/doc/objstor.cxx:2412:25 (instdir/program/libsfxlo.so +0x52260ad)
as the values read for that (artificial) jpg in
vcl/source/filter/png/pngread.cxx are
maOrigSize = 551 x 211
vs.
maPhysSize = 19435 x 7442
so Graphic::GetPPI returns 323.232 x 160000.
For jpeg_scan_info members density_unit, X_density, and Y_density,
workdir/UnpackedTarball/libjpeg-turbo/libjpeg.txt states: "The default values
are 0,1,1 indicating square pixels of unknown size." So lets stick to those if
the actual values would be too large.
(I only check for too large values, not for too small negative ones. I do not
know if the code could legitimately be called with such---so should handle them
similarly---or not---in which case it should assert that.)
Change-Id: I4b93b278e14069c458c20cdd077ab4fa72ed1f2b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/92696
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
| -rw-r--r-- | vcl/source/filter/jpeg/jpegc.cxx | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/vcl/source/filter/jpeg/jpegc.cxx b/vcl/source/filter/jpeg/jpegc.cxx index 1ab261e3c8ce..ced814e2fccb 100644 --- a/vcl/source/filter/jpeg/jpegc.cxx +++ b/vcl/source/filter/jpeg/jpegc.cxx @@ -19,6 +19,7 @@ #include <sal/config.h> #include <sal/log.hxx> +#include <o3tl/float_int_conversion.hxx> #include <o3tl/safeint.hxx> #include <stdio.h> @@ -366,9 +367,16 @@ bool WriteJPEG( JPEGWriter* pJPEGWriter, void* pOutputStream, jpeg_set_defaults( &cinfo ); jpeg_set_quality( &cinfo, static_cast<int>(nQualityPercent), FALSE ); - cinfo.density_unit = 1; - cinfo.X_density = rPPI.getX(); - cinfo.Y_density = rPPI.getY(); + if (o3tl::convertsToAtMost(rPPI.getX(), 65535) && o3tl::convertsToAtMost(rPPI.getY(), 65535)) + { + cinfo.density_unit = 1; + cinfo.X_density = rPPI.getX(); + cinfo.Y_density = rPPI.getY(); + } + else + { + SAL_WARN("vcl.filter", "ignoring too large PPI " << rPPI); + } if ( ( nWidth > 128 ) || ( nHeight > 128 ) ) jpeg_simple_progression( &cinfo ); |