[Libreoffice-commits] core.git: vcl/source

Libreoffice Gerrit user Fri, 11 Jan 2019 03:29:51 -0800

 vcl/source/gdi/dibtools.cxx |    8 ++++++++
 1 file changed, 8 insertions(+)


New commits:
commit bd4f12d62493509763b2a279441ac9501e830f25
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Jan 11 09:28:18 2019 +0000
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Fri Jan 11 12:29:19 2019 +0100

    ofz#11188 avoid timeout
    
    Change-Id: I3726eb249e3bc290fa9bd5e8fe6747b1ce5ce9bb
    Reviewed-on: https://gerrit.libreoffice.org/66149
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    Tested-by: Caolán McNamara <caol...@redhat.com>

diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx
index 07c7c043f2d6..b6735649a909 100644
--- a/vcl/source/gdi/dibtools.cxx
+++ b/vcl/source/gdi/dibtools.cxx
@@ -563,6 +563,14 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& 
rHeader, BitmapWriteAccess& r
         {
             const long nWidth(rHeader.nWidth);
             const long nHeight(rHeader.nHeight);
+            if (nAlignedWidth > rIStm.remainingSize())
+            {
+                // ofz#11188 avoid timeout
+                // all following paths will enter a case statement, and nCount
+                // is always at least 1, so we can check here before allocation
+                // if at least one row can be read
+                return false;
+            }
             std::vector<sal_uInt8> aBuf(nAlignedWidth);
 
             const long nI(bTopDown ? 1 : -1);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: vcl/source

Reply via email to