summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--vcl/qa/cppunit/graphicfilter/data/wmf/pass/CVE-2015-0848-1.wmf (renamed from vcl/qa/cppunit/graphicfilter/data/wmf/fail/CVE-2015-0848-1.wmf)bin4192 -> 4192 bytes
-rw-r--r--vcl/source/gdi/dibtools.cxx14
2 files changed, 12 insertions, 2 deletions
diff --git a/vcl/qa/cppunit/graphicfilter/data/wmf/fail/CVE-2015-0848-1.wmf b/vcl/qa/cppunit/graphicfilter/data/wmf/pass/CVE-2015-0848-1.wmf
index 1512a2256bc2..1512a2256bc2 100644
--- a/vcl/qa/cppunit/graphicfilter/data/wmf/fail/CVE-2015-0848-1.wmf
+++ b/vcl/qa/cppunit/graphicfilter/data/wmf/pass/CVE-2015-0848-1.wmf
Binary files differ
diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx
index f78cbc02c03a..fd7bb4306076 100644
--- a/vcl/source/gdi/dibtools.cxx
+++ b/vcl/source/gdi/dibtools.cxx
@@ -942,6 +942,18 @@ bool ImplReadDIBBody(SvStream& rIStm, Bitmap& rBmp, AlphaMask* pBmpAlpha, sal_uL
return false;
break;
}
+ default:
+ // tdf#122958 invalid compression value used
+ if (aHeader.nCompression & 0x000F)
+ {
+ // lets assume that there was an error in the generating application
+ // and allow through as COMPRESS_NONE if the bottom byte is 0
+ SAL_WARN( "vcl", "bad bmp compression scheme: " << aHeader.nCompression << ", rejecting bmp");
+ return false;
+ }
+ else
+ SAL_WARN( "vcl", "bad bmp compression scheme: " << aHeader.nCompression << ", assuming meant to be COMPRESS_NONE");
+ [[fallthrough]];
case BITFIELDS:
case ZCOMPRESS:
case COMPRESS_NONE:
@@ -953,8 +965,6 @@ bool ImplReadDIBBody(SvStream& rIStm, Bitmap& rBmp, AlphaMask* pBmpAlpha, sal_uL
return false;
break;
}
- default:
- return false;
}
const Size aSizePixel(aHeader.nWidth, aHeader.nHeight);
generated by cgit (git 2.34.1) at 2025-01-15 11:22:38 +0000