vcl/source/filter/itiff/itiff.cxx | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
New commits:
commit 041eef2563198c50470236736fa6949e0b66cda5
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Jun 27 15:42:56 2022 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Mon Jun 27 17:56:43 2022 +0200
ofz#48407 OOM
Change-Id: I4e0ee34cffd17203b88602caecbd547fa5b58d80
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136501
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/vcl/source/filter/itiff/itiff.cxx
b/vcl/source/filter/itiff/itiff.cxx
index d8895b8cff31..c607930e6007 100644
--- a/vcl/source/filter/itiff/itiff.cxx
+++ b/vcl/source/filter/itiff/itiff.cxx
@@ -147,16 +147,6 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic&
rGraphic)
break;
}
- if (utl::ConfigManager::IsFuzzing())
- {
- const uint64_t MAX_SIZE = 500000000;
- if (TIFFTileSize64(tif) > MAX_SIZE)
- {
- SAL_WARN("filter.tiff", "skipping large tiffs");
- break;
- }
- }
-
uint32_t nPixelsRequired;
constexpr size_t nMaxPixelsAllowed = SAL_MAX_INT32/4;
// two buffers currently required, so limit further
@@ -167,6 +157,16 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic&
rGraphic)
break;
}
+ if (utl::ConfigManager::IsFuzzing())
+ {
+ const uint64_t MAX_SIZE = 200000000;
+ if (TIFFTileSize64(tif) > MAX_SIZE || nPixelsRequired > MAX_SIZE)
+ {
+ SAL_WARN("filter.tiff", "skipping large tiffs");
+ break;
+ }
+ }
+
std::vector<uint32_t> raster(nPixelsRequired);
if (TIFFReadRGBAImageOriented(tif, w, h, raster.data(),
ORIENTATION_TOPLEFT, 1))
{
