diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2019-02-01 20:38:42 +0000 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2019-02-02 00:16:55 +0100 |
| commit | 8b20ac021d56ed60d09614e82e12538be290264a (patch) | |
| tree | d8c49b872b016a09edfab6802be09a6550aec011 /vcl | |
| parent | ad972aad6ba94c5a8dd0fd1693efdd97a184e9e9 (diff) | |
ofz#12828 svm Timeout
Change-Id: I12f493a90177838ea4f29c2b4411846df19241a4
Reviewed-on: https://gerrit.libreoffice.org/67260
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'vcl')
| -rw-r--r-- | vcl/source/gdi/dibtools.cxx | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx index fd7bb4306076..7070b6783165 100644 --- a/vcl/source/gdi/dibtools.cxx +++ b/vcl/source/gdi/dibtools.cxx @@ -29,6 +29,7 @@ #include <tools/stream.hxx> #include <tools/fract.hxx> #include <tools/helpers.hxx> +#include <unotools/configmgr.hxx> #include <vcl/bitmapex.hxx> #include <vcl/bitmapaccess.hxx> #include <vcl/outdev.hxx> @@ -544,6 +545,12 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r rIStm.ReadUInt32( nBMask ); } + const long nWidth(rHeader.nWidth); + const long nHeight(rHeader.nHeight); + long nResult = 0; + if (utl::ConfigManager::IsFuzzing() && (o3tl::checked_multiply(nWidth, nHeight, nResult) || nResult > 4000000)) + return false; + if (bRLE) { if(!rHeader.nSizeImage) @@ -561,8 +568,6 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r } else { - const long nWidth(rHeader.nWidth); - const long nHeight(rHeader.nHeight); if (nAlignedWidth > rIStm.remainingSize()) { // ofz#11188 avoid timeout |