include/vcl/RawBitmap.hxx | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit 4d922112e8da7b02798432aaa3795ff355c460c0
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Aug 29 16:58:11 2021 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Wed Sep 1 10:51:36 2021 +0200
ofz#37796 limit to numeric_limits<int>::max
Change-Id: I6e09226fad1e566ba2758d0084042b603b84d221
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121230
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 72da4c623baf60eb2b7073697cd36ffb3022847d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121291
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/include/vcl/RawBitmap.hxx b/include/vcl/RawBitmap.hxx
index b26d532a4032..19fe94cd2c59 100644
--- a/include/vcl/RawBitmap.hxx
+++ b/include/vcl/RawBitmap.hxx
@@ -31,6 +31,10 @@ public:
, mnBitCount(nBitCount)
{
assert(nBitCount == 24 || nBitCount == 32);
+ if (rSize.getWidth() > std::numeric_limits<sal_Int32>::max() ||
rSize.getWidth() < 0)
+ throw std::bad_alloc();
+ if (rSize.getHeight() > std::numeric_limits<sal_Int32>::max() ||
rSize.getHeight() < 0)
+ throw std::bad_alloc();
sal_Int32 nRowSize, nDataSize;
if (o3tl::checked_multiply<sal_Int32>(rSize.getWidth(), nBitCount / 8,
nRowSize)
|| o3tl::checked_multiply<sal_Int32>(nRowSize, rSize.getHeight(),
nDataSize)
