vcl/source/filter/itiff/itiff.cxx | 11 +++++++++++
1 file changed, 11 insertions(+)
New commits:
commit 027d937ac3baa357511f9974d958ef2002c7f60a
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue May 24 12:48:37 2022 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Tue May 24 17:51:13 2022 +0200
ofz#47591 avoid OOM
Change-Id: Ic36cae516177d58a2bbf34a1afc2f843cdc431d7
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134868
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/vcl/source/filter/itiff/itiff.cxx
b/vcl/source/filter/itiff/itiff.cxx
index b682d759f115..41255140617a 100644
--- a/vcl/source/filter/itiff/itiff.cxx
+++ b/vcl/source/filter/itiff/itiff.cxx
@@ -25,6 +25,7 @@
#include <vcl/animate/Animation.hxx>
#include <bitmap/BitmapWriteAccess.hxx>
#include <tools/stream.hxx>
+#include <unotools/configmgr.hxx>
#include <tiffio.h>
@@ -125,6 +126,16 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic&
rGraphic)
break;
}
+ if (utl::ConfigManager::IsFuzzing())
+ {
+ const uint64_t MAX_SIZE = 500000000;
+ if (TIFFTileSize64(tif) > MAX_SIZE)
+ {
+ SAL_WARN("filter.tiff", "skipping large tiffs");
+ return false;
+ }
+ }
+
size_t npixels = w * h;
std::vector<uint32_t> raster(npixels);
if (TIFFReadRGBAImageOriented(tif, w, h, raster.data(),
ORIENTATION_TOPLEFT, 1))
