vcl/source/font/font.cxx | 11 +++++++++++ 1 file changed, 11 insertions(+)
New commits: commit d357c9fdf9581ba27314dbf6c2433cbdd3e3b602 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Fri May 6 10:51:56 2022 +0100 Commit: Caolán McNamara <caol...@redhat.com> CommitDate: Fri May 6 15:02:03 2022 +0200 ofz#47268 Integer-overflow Change-Id: I263f206ce677c9ee1b198ee08f4461272b4adc04 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133931 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> diff --git a/vcl/source/font/font.cxx b/vcl/source/font/font.cxx index fe610aac576a..2b7f22ad0f01 100644 --- a/vcl/source/font/font.cxx +++ b/vcl/source/font/font.cxx @@ -20,6 +20,7 @@ #include <tools/stream.hxx> #include <tools/vcompat.hxx> #include <tools/gen.hxx> +#include <unotools/configmgr.hxx> #include <unotools/fontcfg.hxx> #include <unotools/fontdefs.hxx> #include <o3tl/hash_combine.hxx> @@ -465,6 +466,16 @@ SvStream& ReadImplFont( SvStream& rIStm, ImplFont& rImplFont, tools::Long& rnNor TypeSerializer aSerializer(rIStm); aSerializer.readSize(rImplFont.maAverageFontSize); + static const bool bFuzzing = utl::ConfigManager::IsFuzzing(); + if (bFuzzing) + { + if (rImplFont.maAverageFontSize.Width() > 8192) + { + SAL_WARN("vcl.gdi", "suspicious average width of: " << rImplFont.maAverageFontSize.Width()); + rImplFont.maAverageFontSize.setWidth(8192); + } + } + rIStm.ReadUInt16( nTmp16 ); rImplFont.SetCharSet( static_cast<rtl_TextEncoding>(nTmp16) ); rIStm.ReadUInt16( nTmp16 ); rImplFont.SetFamilyType( static_cast<FontFamily>(nTmp16) ); rIStm.ReadUInt16( nTmp16 ); rImplFont.SetPitch( static_cast<FontPitch>(nTmp16) );