[Libreoffice-commits] core.git: 2 commits - package/source vcl/source

Thu, 30 Mar 2023 15:02:39 -0700 

 package/source/zipapi/XUnbufferedStream.cxx |    9 +++++++--
 vcl/source/outdev/textline.cxx              |    2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

New commits:
commit df6bf128ae89d9b4a85fc8300ff7c5e0769e8055
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 30 21:07:40 2023 +0100
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Thu Mar 30 22:02:16 2023 +0000

    ofz#57493 Timeout
    
    Change-Id: I7d4776d77385dc46f496b873c75e2be25840f86b
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149774
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/vcl/source/outdev/textline.cxx b/vcl/source/outdev/textline.cxx
index 4481ca8011c3..77d77a9349fb 100644
--- a/vcl/source/outdev/textline.cxx
+++ b/vcl/source/outdev/textline.cxx
@@ -277,7 +277,7 @@ void OutputDevice::ImplDrawWaveTextLine( tools::Long 
nBaseX, tools::Long nBaseY,
                                          bool bIsAbove )
 {
     static bool bFuzzing = utl::ConfigManager::IsFuzzing();
-    if (bFuzzing && nWidth > 100000)
+    if (bFuzzing && nWidth > 20000)
     {
         SAL_WARN("vcl.gdi", "drawLine, skipping suspicious WaveTextLine of 
length: "
                                 << nWidth << " for fuzzing performance");
commit 397e2d5118dcc5ebd8dedfe731de02fb4277960f
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 30 21:03:01 2023 +0100
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Thu Mar 30 22:02:08 2023 +0000

    ofz#57529 Integer-overflow
    
    Change-Id: I93775299aa340e2e645a04be5d0bc36a9caea103
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149773
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/package/source/zipapi/XUnbufferedStream.cxx 
b/package/source/zipapi/XUnbufferedStream.cxx
index b0a18cc0a683..e3c31d5fca1c 100644
--- a/package/source/zipapi/XUnbufferedStream.cxx
+++ b/package/source/zipapi/XUnbufferedStream.cxx
@@ -28,6 +28,7 @@
 #include <algorithm>
 #include <string.h>
 
+#include <o3tl/safeint.hxx>
 #include <osl/diagnose.h>
 #include <osl/mutex.hxx>
 #include <utility>
@@ -65,20 +66,24 @@ XUnbufferedStream::XUnbufferedStream(
 , mbCheckCRC(!bRecoveryMode)
 {
     mnZipCurrent = maEntry.nOffset;
+    sal_Int64 nSize;
     if ( mbRawStream )
     {
         mnZipSize = maEntry.nMethod == DEFLATED ? maEntry.nCompressedSize : 
maEntry.nSize;
-        mnZipEnd = maEntry.nOffset + mnZipSize;
+        nSize = mnZipSize;
     }
     else
     {
         mnZipSize = maEntry.nSize;
-        mnZipEnd = maEntry.nMethod == DEFLATED ? maEntry.nOffset + 
maEntry.nCompressedSize : maEntry.nOffset + maEntry.nSize;
+        nSize = maEntry.nMethod == DEFLATED ? maEntry.nCompressedSize : 
maEntry.nSize;
     }
 
     if (mnZipSize < 0)
         throw ZipIOException("The stream seems to be broken!");
 
+    if (o3tl::checked_add(maEntry.nOffset, nSize, mnZipEnd))
+        throw ZipIOException("Integer-overflow");
+
     bool bHaveEncryptData = rData.is() && rData->m_aInitVector.hasElements() &&
         ((rData->m_aSalt.hasElements() && rData->m_nIterationCount != 0)
          ||

Reply via email to