filter/qa/cppunit/data/tiff/fail/hang-2.tiff |binary
filter/source/graphicfilter/itiff/itiff.cxx | 11 ++++++++++-
2 files changed, 10 insertions(+), 1 deletion(-)
New commits:
commit 85d5385ed47009782abbeaa538611a6367b61bb4
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Jul 17 09:59:23 2015 +0100
detect another loop in tif format
Change-Id: I950f751277d9080b4fc00c38f63453cce81bcc32
(cherry picked from commit 49bf2c6700d8f0fc9155ac2d06bf0a7bd84915d8)
Reviewed-on: https://gerrit.libreoffice.org/17154
Reviewed-by: David Tardon <dtar...@redhat.com>
Tested-by: David Tardon <dtar...@redhat.com>
diff --git a/filter/qa/cppunit/data/tiff/fail/hang-2.tiff
b/filter/qa/cppunit/data/tiff/fail/hang-2.tiff
new file mode 100644
index 0000000..28ec8c0
Binary files /dev/null and b/filter/qa/cppunit/data/tiff/fail/hang-2.tiff differ
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx
b/filter/source/graphicfilter/itiff/itiff.cxx
index 9ae2a06..80c859c 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -1178,10 +1178,19 @@ bool TIFFReader::ReadTIFF(SvStream & rTIFF, Graphic &
rGraphic )
{
sal_uInt32 nOffset = nFirstIfd;
+ std::vector<sal_uInt32> aSeenOffsets;
// calculate length of TIFF file
do
{
- pTIFF->Seek( nOrigPos + nOffset );
+ if (std::find(aSeenOffsets.begin(), aSeenOffsets.end(), nOffset)
!= aSeenOffsets.end())
+ {
+ SAL_WARN("filter.tiff", "Parsing error: " << nOffset <<
+ " already processed, format loop");
+ bStatus = false;
+ break;
+ }
+ pTIFF->Seek(nOrigPos + nOffset);
+ aSeenOffsets.push_back(nOffset);
if( pTIFF->GetError() )
{
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
