source

Caolán McNamara (via logerrit) Sat, 12 Mar 2022 04:24:13 -0800

 vcl/qa/cppunit/graphicfilter/data/svm/pass/ofz45269-1.svm |binary
 vcl/source/filter/svm/SvmReader.cxx                       |   35 +++++++++-----
 2 files changed, 24 insertions(+), 11 deletions(-)


New commits:
commit 916aca240195b3e224ea374df4d447201bf852be
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Mar 11 15:33:44 2022 +0000
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Sat Mar 12 13:23:28 2022 +0100

    ofz#45269 Integer-overflow
    
    Change-Id: I9fe6c4753da609933c8ce5ef051e49351a25fd56
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131386
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/vcl/qa/cppunit/graphicfilter/data/svm/pass/ofz45269-1.svm 
b/vcl/qa/cppunit/graphicfilter/data/svm/pass/ofz45269-1.svm
new file mode 100644
index 000000000000..4dceee3a9db4
Binary files /dev/null and 
b/vcl/qa/cppunit/graphicfilter/data/svm/pass/ofz45269-1.svm differ
diff --git a/vcl/source/filter/svm/SvmReader.cxx 
b/vcl/source/filter/svm/SvmReader.cxx
index 550e9e59bcfd..fe05c3439719 100644
--- a/vcl/source/filter/svm/SvmReader.cxx
+++ b/vcl/source/filter/svm/SvmReader.cxx
@@ -826,6 +826,24 @@ rtl::Reference<MetaAction> SvmReader::BmpHandler()
     return pAction;
 }
 
+namespace
+{
+void sanitizeNegativeSizeDimensions(Size& rSize)
+{
+    if (rSize.Width() < 0)
+    {
+        SAL_WARN("vcl.gdi", "sanitizeNegativeSizeDimensions: negative width");
+        rSize.setWidth(0);
+    }
+
+    if (rSize.Height() < 0)
+    {
+        SAL_WARN("vcl.gdi", "sanitizeNegativeSizeDimensions: negative height");
+        rSize.setHeight(0);
+    }
+}
+}
+
 rtl::Reference<MetaAction> SvmReader::BmpScaleHandler()
 {
     rtl::Reference<MetaBmpScaleAction> pAction(new MetaBmpScaleAction);
@@ -836,8 +854,10 @@ rtl::Reference<MetaAction> SvmReader::BmpScaleHandler()
     TypeSerializer aSerializer(mrStream);
     Point aPoint;
     aSerializer.readPoint(aPoint);
+
     Size aSz;
     aSerializer.readSize(aSz);
+    sanitizeNegativeSizeDimensions(aSz);
 
     pAction->SetBitmap(aBmp);
     pAction->SetPoint(aPoint);
@@ -902,17 +922,7 @@ rtl::Reference<MetaAction> SvmReader::BmpExScaleHandler()
 
     Size aSize;
     aSerializer.readSize(aSize);
-    if (aSize.Width() < 0)
-    {
-        SAL_WARN("vcl.gdi", "MetaBmpExScaleAction: negative width");
-        aSize.setWidth(0);
-    }
-
-    if (aSize.Height() < 0)
-    {
-        SAL_WARN("vcl.gdi", "MetaBmpExScaleAction: negative height");
-        aSize.setHeight(0);
-    }
+    sanitizeNegativeSizeDimensions(aSize);
 
     pAction->SetBitmapEx(aBmpEx);
     pAction->SetPoint(aPoint);
@@ -1300,8 +1310,11 @@ rtl::Reference<MetaAction> 
SvmReader::FloatTransparentHandler(ImplMetaReadData*
     TypeSerializer aSerializer(mrStream);
     Point aPoint;
     aSerializer.readPoint(aPoint);
+
     Size aSize;
     aSerializer.readSize(aSize);
+    sanitizeNegativeSizeDimensions(aSize);
+
     Gradient aGradient;
     aSerializer.readGradient(aGradient);

[Libreoffice-commits] core.git: vcl/qa vcl/source

Reply via email to