vcl/source/filter/itiff/itiff.cxx | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-)
New commits: commit 041eef2563198c50470236736fa6949e0b66cda5 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Mon Jun 27 15:42:56 2022 +0100 Commit: Caolán McNamara <caol...@redhat.com> CommitDate: Mon Jun 27 17:56:43 2022 +0200 ofz#48407 OOM Change-Id: I4e0ee34cffd17203b88602caecbd547fa5b58d80 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136501 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> diff --git a/vcl/source/filter/itiff/itiff.cxx b/vcl/source/filter/itiff/itiff.cxx index d8895b8cff31..c607930e6007 100644 --- a/vcl/source/filter/itiff/itiff.cxx +++ b/vcl/source/filter/itiff/itiff.cxx @@ -147,16 +147,6 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic& rGraphic) break; } - if (utl::ConfigManager::IsFuzzing()) - { - const uint64_t MAX_SIZE = 500000000; - if (TIFFTileSize64(tif) > MAX_SIZE) - { - SAL_WARN("filter.tiff", "skipping large tiffs"); - break; - } - } - uint32_t nPixelsRequired; constexpr size_t nMaxPixelsAllowed = SAL_MAX_INT32/4; // two buffers currently required, so limit further @@ -167,6 +157,16 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic& rGraphic) break; } + if (utl::ConfigManager::IsFuzzing()) + { + const uint64_t MAX_SIZE = 200000000; + if (TIFFTileSize64(tif) > MAX_SIZE || nPixelsRequired > MAX_SIZE) + { + SAL_WARN("filter.tiff", "skipping large tiffs"); + break; + } + } + std::vector<uint32_t> raster(nPixelsRequired); if (TIFFReadRGBAImageOriented(tif, w, h, raster.data(), ORIENTATION_TOPLEFT, 1)) {