filter/source/graphicfilter/itiff/itiff.cxx | 8 ++++++++ vcl/source/filter/jpeg/jpegc.cxx | 4 +++- 2 files changed, 11 insertions(+), 1 deletion(-)
New commits: commit 28570ba820fb1d5ef30d3f7d3420f6c8136dba56 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Fri Feb 1 20:46:44 2019 +0000 Commit: Caolán McNamara <caol...@redhat.com> CommitDate: Sat Feb 2 08:48:19 2019 +0100 ofz#12812 tiff Timeout Change-Id: I5a9ccea6509760cd8a98087b5b3ea4b347947b0f Reviewed-on: https://gerrit.libreoffice.org/67261 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> Tested-by: Caolán McNamara <caol...@redhat.com> diff --git a/filter/source/graphicfilter/itiff/itiff.cxx b/filter/source/graphicfilter/itiff/itiff.cxx index 4e121351530d..85dc9d297265 100644 --- a/filter/source/graphicfilter/itiff/itiff.cxx +++ b/filter/source/graphicfilter/itiff/itiff.cxx @@ -21,6 +21,7 @@ #include <sal/config.h> #include <sal/log.hxx> +#include <unotools/configmgr.hxx> #include <vcl/FilterConfigItem.hxx> #include <vcl/graph.hxx> #include <vcl/BitmapTools.hxx> @@ -1593,6 +1594,13 @@ bool TIFFReader::ReadTIFF(SvStream & rTIFF, Graphic & rGraphic ) } } + if (bStatus) + { + sal_Int32 nResult = 0; + if (utl::ConfigManager::IsFuzzing() && (o3tl::checked_multiply(nImageWidth, nImageLength, nResult) || nResult > 4000000)) + bStatus = false; + } + if ( bStatus ) { maBitmapPixelSize = Size(nImageWidth, nImageLength); commit 4aac7bc92ab91dadab6ad0bd3324494fbaa84625 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Thu Jan 31 19:54:42 2019 +0000 Commit: Caolán McNamara <caol...@redhat.com> CommitDate: Sat Feb 2 08:48:07 2019 +0100 ofz#11203 fuzzing timeout Change-Id: I0feb8aa17f71a6efddc1b8b95008116b36f0a1f0 Reviewed-on: https://gerrit.libreoffice.org/67239 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> Tested-by: Caolán McNamara <caol...@redhat.com> diff --git a/vcl/source/filter/jpeg/jpegc.cxx b/vcl/source/filter/jpeg/jpegc.cxx index 7c1192eda24b..f6e18a59461c 100644 --- a/vcl/source/filter/jpeg/jpegc.cxx +++ b/vcl/source/filter/jpeg/jpegc.cxx @@ -19,6 +19,7 @@ #include <sal/config.h> #include <sal/log.hxx> +#include <o3tl/safeint.hxx> #include <stdio.h> #include <stdlib.h> @@ -216,7 +217,8 @@ static void ReadJPEG(JpegStuff& rContext, JPEGReader* pJPEGReader, void* pInputS long nWidth = rContext.cinfo.output_width; long nHeight = rContext.cinfo.output_height; - if (nWidth > 2000 && nHeight > 2000 && utl::ConfigManager::IsFuzzing()) + long nResult = 0; + if (utl::ConfigManager::IsFuzzing() && (o3tl::checked_multiply(nWidth, nHeight, nResult) || nResult > 4000000)) return; bool bGray = (rContext.cinfo.output_components == 1); _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits