diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2019-01-31 19:54:42 +0000 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2019-02-02 08:48:07 +0100 |
| commit | 4aac7bc92ab91dadab6ad0bd3324494fbaa84625 (patch) | |
| tree | 7763d0397990b6602bb03a3cb3921f97659ea252 | |
| parent | 6205aad7f7b01f186af2b6c31b1519ef118f5a43 (diff) | |
ofz#11203 fuzzing timeout
Change-Id: I0feb8aa17f71a6efddc1b8b95008116b36f0a1f0
Reviewed-on: https://gerrit.libreoffice.org/67239
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
| -rw-r--r-- | vcl/source/filter/jpeg/jpegc.cxx | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/vcl/source/filter/jpeg/jpegc.cxx b/vcl/source/filter/jpeg/jpegc.cxx index 7c1192eda24b..f6e18a59461c 100644 --- a/vcl/source/filter/jpeg/jpegc.cxx +++ b/vcl/source/filter/jpeg/jpegc.cxx @@ -19,6 +19,7 @@ #include <sal/config.h> #include <sal/log.hxx> +#include <o3tl/safeint.hxx> #include <stdio.h> #include <stdlib.h> @@ -216,7 +217,8 @@ static void ReadJPEG(JpegStuff& rContext, JPEGReader* pJPEGReader, void* pInputS long nWidth = rContext.cinfo.output_width; long nHeight = rContext.cinfo.output_height; - if (nWidth > 2000 && nHeight > 2000 && utl::ConfigManager::IsFuzzing()) + long nResult = 0; + if (utl::ConfigManager::IsFuzzing() && (o3tl::checked_multiply(nWidth, nHeight, nResult) || nResult > 4000000)) return; bool bGray = (rContext.cinfo.output_components == 1); |