vcl/source/font/font.cxx | 11 +++++++++++
1 file changed, 11 insertions(+)
New commits:
commit d357c9fdf9581ba27314dbf6c2433cbdd3e3b602
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri May 6 10:51:56 2022 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Fri May 6 15:02:03 2022 +0200
ofz#47268 Integer-overflow
Change-Id: I263f206ce677c9ee1b198ee08f4461272b4adc04
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133931
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/vcl/source/font/font.cxx b/vcl/source/font/font.cxx
index fe610aac576a..2b7f22ad0f01 100644
--- a/vcl/source/font/font.cxx
+++ b/vcl/source/font/font.cxx
@@ -20,6 +20,7 @@
#include <tools/stream.hxx>
#include <tools/vcompat.hxx>
#include <tools/gen.hxx>
+#include <unotools/configmgr.hxx>
#include <unotools/fontcfg.hxx>
#include <unotools/fontdefs.hxx>
#include <o3tl/hash_combine.hxx>
@@ -465,6 +466,16 @@ SvStream& ReadImplFont( SvStream& rIStm, ImplFont&
rImplFont, tools::Long& rnNor
TypeSerializer aSerializer(rIStm);
aSerializer.readSize(rImplFont.maAverageFontSize);
+ static const bool bFuzzing = utl::ConfigManager::IsFuzzing();
+ if (bFuzzing)
+ {
+ if (rImplFont.maAverageFontSize.Width() > 8192)
+ {
+ SAL_WARN("vcl.gdi", "suspicious average width of: " <<
rImplFont.maAverageFontSize.Width());
+ rImplFont.maAverageFontSize.setWidth(8192);
+ }
+ }
+
rIStm.ReadUInt16( nTmp16 ); rImplFont.SetCharSet(
static_cast<rtl_TextEncoding>(nTmp16) );
rIStm.ReadUInt16( nTmp16 ); rImplFont.SetFamilyType(
static_cast<FontFamily>(nTmp16) );
rIStm.ReadUInt16( nTmp16 ); rImplFont.SetPitch(
static_cast<FontPitch>(nTmp16) );
