From fcf785b82b92ecfff942577dafc27b1369c5e19c Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Mon, 21 Mar 2022 16:15:31 +0000
Subject: ofz#45583 Integer-overflow on drawEPS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change-Id: I6a8add3e2ba695d2012916280a7f976b7b11934d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131908
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
---
 .../cppunit/graphicfilter/data/svm/pass/ofz45583-1.svm   | Bin 0 -> 2238 bytes
 vcl/source/gdi/TypeSerializer.cxx                        |  13 ++++++++++---
 vcl/source/gdi/gdimtf.cxx                                |  11 +++++++++--
 3 files changed, 19 insertions(+), 5 deletions(-)
 create mode 100644 vcl/qa/cppunit/graphicfilter/data/svm/pass/ofz45583-1.svm

(limited to 'vcl')

diff --git a/vcl/qa/cppunit/graphicfilter/data/svm/pass/ofz45583-1.svm b/vcl/qa/cppunit/graphicfilter/data/svm/pass/ofz45583-1.svm
new file mode 100644
index 000000000000..d730a1bccf4f
Binary files /dev/null and b/vcl/qa/cppunit/graphicfilter/data/svm/pass/ofz45583-1.svm differ
diff --git a/vcl/source/gdi/TypeSerializer.cxx b/vcl/source/gdi/TypeSerializer.cxx
index 829bc0503e1d..dfaf300c7801 100644
--- a/vcl/source/gdi/TypeSerializer.cxx
+++ b/vcl/source/gdi/TypeSerializer.cxx
@@ -425,10 +425,8 @@ void TypeSerializer::writeGraphic(const Graphic& rGraphic)
     }
 }
 
-static bool UselessScaleForMapMode(const Fraction& rScale)
+bool TooLargeScaleForMapMode(const Fraction& rScale)
 {
-    if (!rScale.IsValid())
-        return true;
     // ImplLogicToPixel will multiply its values by this numerator * dpi and then double that
     // result before dividing
     constexpr sal_Int32 nTypicalDPI = 96;
@@ -436,6 +434,15 @@ static bool UselessScaleForMapMode(const Fraction& rScale)
         return true;
     if (rScale.GetNumerator() < std::numeric_limits<sal_Int32>::min() / nTypicalDPI / 2)
         return true;
+    return false;
+}
+
+static bool UselessScaleForMapMode(const Fraction& rScale)
+{
+    if (!rScale.IsValid())
+        return true;
+    if (TooLargeScaleForMapMode(rScale))
+        return true;
     if (static_cast<double>(rScale) < 0.0)
         return true;
     return false;
diff --git a/vcl/source/gdi/gdimtf.cxx b/vcl/source/gdi/gdimtf.cxx
index a747e55f5685..dd682420c1eb 100644
--- a/vcl/source/gdi/gdimtf.cxx
+++ b/vcl/source/gdi/gdimtf.cxx
@@ -478,8 +478,15 @@ void GDIMetaFile::Play(OutputDevice& rOut, const Point& rPos,
     Fraction aScaleX( aDestSize.Width(), aTmpPrefSize.Width() );
     Fraction aScaleY( aDestSize.Height(), aTmpPrefSize.Height() );
 
-    aScaleX *= aDrawMap.GetScaleX(); aDrawMap.SetScaleX( aScaleX );
-    aScaleY *= aDrawMap.GetScaleY(); aDrawMap.SetScaleY( aScaleY );
+    aScaleX *= aDrawMap.GetScaleX();
+    if (TooLargeScaleForMapMode(aScaleX))
+        aScaleX.ReduceInaccurate(10);
+    aScaleY *= aDrawMap.GetScaleY();
+    if (TooLargeScaleForMapMode(aScaleY))
+        aScaleY.ReduceInaccurate(10);
+
+    aDrawMap.SetScaleX(aScaleX);
+    aDrawMap.SetScaleY(aScaleY);
 
     // #i47260# Convert logical output position to offset within
     // the metafile's mapmode. Therefore, disable pixel offset on
-- 
cgit