diff options
author | Caolán McNamara <caolanm@redhat.com> | 2019-10-04 16:32:07 +0100 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2019-10-04 22:18:09 +0200 |
commit | 8bb5b028b975b9a92d053a784f7940cc6c4fe97f (patch) | |
tree | d8007dbeb4420b10f3ba6c2e25a260cd6a8d2531 /hwpfilter/source/hwpread.cxx | |
parent | ba32c6646812eaecd89d67e777f1bf2378d9faae (diff) |
ofz#17823 avoid timeout
Change-Id: I3658d476873a502adc0cbd8be9a4f6ffd5b62c87
Reviewed-on: https://gerrit.libreoffice.org/80236
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'hwpfilter/source/hwpread.cxx')
-rw-r--r-- | hwpfilter/source/hwpread.cxx | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/hwpfilter/source/hwpread.cxx b/hwpfilter/source/hwpread.cxx index 86c2dea33494..d734d58f0335 100644 --- a/hwpfilter/source/hwpread.cxx +++ b/hwpfilter/source/hwpread.cxx @@ -20,6 +20,7 @@ #include "precompile.h" #include <comphelper/newarray.hxx> +#include <unotools/configmgr.hxx> #include <assert.h> #include <list> @@ -376,6 +377,10 @@ bool Picture::Read(HWPFile & hwpf) hwpf.AddBox(this); hwpf.Read4b(&follow_block_size, 1); + + //when fuzzing with a max len set, max decompress to 10 times that limit + static size_t nMaxAllowedDecompression = [](const char* pEnv) { size_t nRet = pEnv ? std::atoi(pEnv) : 0; return nRet * 10; }(std::getenv("FUZZ_MAX_INPUT_LEN")); + hwpf.Read2b(&dummy1, 1); /* Reserved 4 bytes */ hwpf.Read2b(&dummy2, 1); @@ -455,6 +460,8 @@ bool Picture::Read(HWPFile & hwpf) } if (nBlock != nReadBlock) break; + if (nMaxAllowedDecompression && follow.size() > nMaxAllowedDecompression) + break; } follow_block_size = follow.size(); @@ -476,6 +483,8 @@ bool Picture::Read(HWPFile & hwpf) ishyper = true; } } + else + fprintf(stderr, "arse\n"); } if( pictype != 3 ) |