From 79260c7cd80107f223e0f9bcf4bd91ae40566cbe Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Fri, 11 Jun 2021 10:23:29 +0100
Subject: ofz#35150 crash in Bitmap::Crop from wmf load
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

which is a problem since...

commit 33d2cf7008de79106b5da4bba0241aa14d81d88f
Date:   Sat Jun 5 19:30:46 2021 +0200

    WMF Change the sign of read fields in BITBLT and DIB records

Change-Id: Iea1261a52866d691435f0612f672636009c00355
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117039
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
---
 emfio/source/reader/wmfreader.cxx                         |   2 +-
 vcl/qa/cppunit/graphicfilter/data/wmf/fail/ofz35150-1.wmf | Bin 0 -> 74 bytes
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 vcl/qa/cppunit/graphicfilter/data/wmf/fail/ofz35150-1.wmf

diff --git a/emfio/source/reader/wmfreader.cxx b/emfio/source/reader/wmfreader.cxx
index f506de102bfe..93908503d9bf 100644
--- a/emfio/source/reader/wmfreader.cxx
+++ b/emfio/source/reader/wmfreader.cxx
@@ -832,7 +832,7 @@ namespace emfio
                     break;
                 }
                 const vcl::PixelFormat ePixelFormat = vcl::bitDepthToPixelFormat( nBitCount );
-                bool bOk = nWidth && nHeight && nBytesPerScan > 0 && nPlanes == 1 && ePixelFormat != vcl::PixelFormat::INVALID;
+                bool bOk = nWidth > 0 && nHeight > 0 && nBytesPerScan > 0 && nPlanes == 1 && ePixelFormat != vcl::PixelFormat::INVALID;
                 if (bOk)
                 {
                     // must be enough data to fulfil the request
diff --git a/vcl/qa/cppunit/graphicfilter/data/wmf/fail/ofz35150-1.wmf b/vcl/qa/cppunit/graphicfilter/data/wmf/fail/ofz35150-1.wmf
new file mode 100644
index 000000000000..2d156198194c
Binary files /dev/null and b/vcl/qa/cppunit/graphicfilter/data/wmf/fail/ofz35150-1.wmf differ
-- 
cgit