From 454d70247fee7e0fc255f2605836b52804eba41f Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolan.mcnamara@collabora.com>
Date: Fri, 10 Nov 2023 21:12:31 +0000
Subject: ofz#63845 Integer-overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change-Id: Ic2396c92b53012642976e75fcfa42cf2737f3092
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159311
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
---
 svx/source/customshapes/EnhancedCustomShape2d.cxx | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'svx')

diff --git a/svx/source/customshapes/EnhancedCustomShape2d.cxx b/svx/source/customshapes/EnhancedCustomShape2d.cxx
index 7d105d63a728..bb99bf2ae40a 100644
--- a/svx/source/customshapes/EnhancedCustomShape2d.cxx
+++ b/svx/source/customshapes/EnhancedCustomShape2d.cxx
@@ -43,6 +43,7 @@
 #include <svx/xbtmpit.hxx>
 #include <svx/xhatch.hxx>
 #include <svx/sdshitm.hxx>
+#include <unotools/configmgr.hxx>
 #include <com/sun/star/awt/Size.hpp>
 #include <com/sun/star/drawing/EnhancedCustomShapeParameterType.hpp>
 #include <com/sun/star/drawing/EnhancedCustomShapeSegmentCommand.hpp>
@@ -703,6 +704,20 @@ void EnhancedCustomShape2d::SetPathSize( sal_Int32 nIndex )
     }
     else
         m_fYRatio = 1.0;
+
+    if (utl::ConfigManager::IsFuzzing())
+    {
+        if (fabs(m_fXScale) > 100000)
+        {
+            SAL_WARN("svx", "unreasonable X Scale of: " << m_fXScale);
+            m_fXScale = 1.0;
+        }
+        if (fabs(m_fYScale) > 100000)
+        {
+            SAL_WARN("svx", "unreasonable Y Scale of: " << m_fYScale);
+            m_fYScale = 1.0;
+        }
+    }
 }
 
 EnhancedCustomShape2d::EnhancedCustomShape2d(SdrObjCustomShape& rSdrObjCustomShape)
-- 
cgit