vcl/source/gdi/TypeSerializer.cxx | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
New commits: commit ac03040f68d91f6a185596108a8f055e74b99042 Author: Caolán McNamara <[email protected]> AuthorDate: Sun Mar 1 15:26:55 2026 +0000 Commit: Caolán McNamara <[email protected]> CommitDate: Sun Mar 1 19:57:49 2026 +0100 ofz#473156285 Integer-overflow FWIW oox/source/drawingml/fillproperties.cxx is also clamping nOffsetX/nOffsetY to max 100. nBorder > 100% doesn't seem to make sense and the various GtkAdjustments for the ui limit those to 100% too. Change-Id: I9efb765af549ac13bdbd9c50a313f0d902059522 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/200713 Tested-by: Caolán McNamara <[email protected]> Reviewed-by: Caolán McNamara <[email protected]> diff --git a/vcl/source/gdi/TypeSerializer.cxx b/vcl/source/gdi/TypeSerializer.cxx index 2cb21cba49d2..2a1cd01cf35e 100644 --- a/vcl/source/gdi/TypeSerializer.cxx +++ b/vcl/source/gdi/TypeSerializer.cxx @@ -76,8 +76,23 @@ void TypeSerializer::readGradient(Gradient& rGradient) nAngle = 0; } rGradient.SetAngle(Degree10(nAngle)); + if (nBorder > 100) + { + SAL_WARN("vcl", "border out of range " << nBorder); + nBorder = 100; + } rGradient.SetBorder(nBorder); + if (nOffsetX > 100) + { + SAL_WARN("vcl", "offset x out of range " << nOffsetX); + nOffsetX = 100; + } rGradient.SetOfsX(nOffsetX); + if (nOffsetY > 100) + { + SAL_WARN("vcl", "offset y out of range " << nOffsetY); + nOffsetY = 100; + } rGradient.SetOfsY(nOffsetY); rGradient.SetStartIntensity(nIntensityStart); rGradient.SetEndIntensity(nIntensityEnd);
