vcl/source/filter/itiff/itiff.cxx | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
New commits:
commit 7e06a8adc513c4fd29e3fed037a48126071abc86
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri May 20 20:16:17 2022 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Sat May 21 18:34:33 2022 +0200
tiff: add some error checks
Change-Id: I55ca42f637c802bc917eeba5c08cc82074edd523
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134697
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/vcl/source/filter/itiff/itiff.cxx
b/vcl/source/filter/itiff/itiff.cxx
index 8fa61c4509b5..dde8a1f996b7 100644
--- a/vcl/source/filter/itiff/itiff.cxx
+++ b/vcl/source/filter/itiff/itiff.cxx
@@ -162,8 +162,23 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic&
rGraphic)
{
uint32_t w, h;
- TIFFGetField(tif, TIFFTAG_IMAGEWIDTH, &w);
- TIFFGetField(tif, TIFFTAG_IMAGELENGTH, &h);
+ if (TIFFGetField(tif, TIFFTAG_IMAGEWIDTH, &w) != 1)
+ {
+ SAL_WARN("filter.tiff", "missing width");
+ break;
+ }
+
+ if (TIFFGetField(tif, TIFFTAG_IMAGELENGTH, &h) != 1)
+ {
+ SAL_WARN("filter.tiff", "missing height");
+ break;
+ }
+
+ if (w > SAL_MAX_INT32 / 8 || h > SAL_MAX_INT32 / 8)
+ {
+ SAL_WARN("filter.tiff", "image too large");
+ break;
+ }
Bitmap bitmap(Size(w, h), vcl::PixelFormat::N24_BPP);
AlphaMask bitmapAlpha(Size(w, h));
@@ -171,6 +186,12 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic&
rGraphic)
BitmapScopedWriteAccess access(bitmap);
AlphaScopedWriteAccess accessAlpha(bitmapAlpha);
+ if (!access || !accessAlpha)
+ {
+ SAL_WARN("filter.tiff", "could not create bitmaps");
+ break;
+ }
+
aContext.pWriteAccess = access.get();
aContext.pAlphaAccess = accessAlpha.get();
