filter/qa/cppunit/data/tiff/fail/loop.tif |binary
filter/source/graphicfilter/itiff/itiff.cxx | 12 +++++++++++-
2 files changed, 11 insertions(+), 1 deletion(-)
New commits:
commit 07b3e1504f1175c9b626a4c729032604613cf8fb
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Jul 17 09:23:17 2015 +0100
detect loop in tif format
Change-Id: I27645566cd9fc0ac8cf753f0217ae6cf0fa9929e
(cherry picked from commit 290465b0effecb6d620adc20ca279f8057eeab9a)
Reviewed-on: https://gerrit.libreoffice.org/17150
Reviewed-by: David Tardon <dtar...@redhat.com>
Tested-by: David Tardon <dtar...@redhat.com>
diff --git a/filter/qa/cppunit/data/tiff/fail/loop.tif
b/filter/qa/cppunit/data/tiff/fail/loop.tif
new file mode 100644
index 0000000..6d8cee7
Binary files /dev/null and b/filter/qa/cppunit/data/tiff/fail/loop.tif differ
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx
b/filter/source/graphicfilter/itiff/itiff.cxx
index 9dfa328..0474c5b 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -1226,9 +1226,19 @@ bool TIFFReader::ReadTIFF(SvStream & rTIFF, Graphic &
rGraphic )
}
while( nOffset );
+ std::vector<sal_uInt32> aSeenIfds;
+
for ( sal_uInt32 nNextIfd = nFirstIfd; nNextIfd && bStatus; )
{
- pTIFF->Seek( nOrigPos + nNextIfd );
+ if (std::find(aSeenIfds.begin(), aSeenIfds.end(), nNextIfd) !=
aSeenIfds.end())
+ {
+ SAL_WARN("filter.tiff", "Parsing error: " << nNextIfd <<
+ " already processed, format loop");
+ bStatus = false;
+ break;
+ }
+ pTIFF->Seek(nOrigPos + nNextIfd);
+ aSeenIfds.push_back(nNextIfd);
{
bByteSwap = false;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
