[Libreoffice-commits] core.git: lotuswordpro/source

Caolán McNamara (via logerrit) Sun, 09 Jan 2022 11:04:49 -0800

 lotuswordpro/source/filter/lwpdrawobj.cxx |   23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)


New commits:
commit 27e9de358b4afc6a89b09c173316cee0abfb471d
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Jan 9 16:07:32 2022 +0000
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Sun Jan 9 20:04:08 2022 +0100

    ofz#43446 Undefined-shift
    
    Change-Id: Ibe3485983ecf764ca8b8e667b470c6b210b6d2d4
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128192
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/lotuswordpro/source/filter/lwpdrawobj.cxx 
b/lotuswordpro/source/filter/lwpdrawobj.cxx
index 4adb32b7fdd3..2ea201082cce 100644
--- a/lotuswordpro/source/filter/lwpdrawobj.cxx
+++ b/lotuswordpro/source/filter/lwpdrawobj.cxx
@@ -1343,6 +1343,22 @@ LwpDrawBitmap::~LwpDrawBitmap()
 {
 }
 
+static bool IsValid(const BmpInfoHeader2& rHeader)
+{
+    if (rHeader.nPlanes != 1)
+        return false;
+
+    if (rHeader.nBitCount != 0 && rHeader.nBitCount != 1 &&
+        rHeader.nBitCount != 4 && rHeader.nBitCount != 8 &&
+        rHeader.nBitCount != 16 && rHeader.nBitCount != 24 &&
+        rHeader.nBitCount != 32)
+    {
+        return false;
+    }
+
+    return true;
+}
+
 /**
  * @descr   reading function of class LwpDrawBitmap
  */
@@ -1369,6 +1385,9 @@ void LwpDrawBitmap::Read()
         m_pStream->ReadUInt16( aInfoHeader2.nPlanes );
         m_pStream->ReadUInt16( aInfoHeader2.nBitCount );
 
+        if (!IsValid(aInfoHeader2))
+            throw BadRead();
+
         N = aInfoHeader2.nPlanes * aInfoHeader2.nBitCount;
         if (N == 24)
         {
@@ -1385,6 +1404,10 @@ void LwpDrawBitmap::Read()
         m_pStream->ReadUInt32( aInfoHeader2.nHeight );
         m_pStream->ReadUInt16( aInfoHeader2.nPlanes );
         m_pStream->ReadUInt16( aInfoHeader2.nBitCount );
+
+        if (!IsValid(aInfoHeader2))
+            throw BadRead();
+
         N = aInfoHeader2.nPlanes * aInfoHeader2.nBitCount;
         if (N == 24)
         {

[Libreoffice-commits] core.git: lotuswordpro/source

Reply via email to