vcl/source/gdi/metaact.cxx | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
New commits:
commit 21b88575af9e11115a6b124d8d9cb4e0a95e9fea
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Nov 26 19:27:03 2022 +0000
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Sat Nov 26 21:36:52 2022 +0100
ofz#53764 Integer-overflow
Change-Id: I0d0ec07801fd612fde3028d4aad2f154c27bc551
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143327
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index ef32bc0f3fb3..0c426d1f930d 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -736,8 +736,25 @@ MetaTextRectAction::MetaTextRectAction( const
tools::Rectangle& rRect,
mnStyle ( nStyle )
{}
+static bool AllowRect(const tools::Rectangle& rRect)
+{
+ static bool bFuzzing = utl::ConfigManager::IsFuzzing();
+ if (bFuzzing)
+ {
+ if (rRect.Top() > 0x20000000 || rRect.Top() < -0x20000000)
+ {
+ SAL_WARN("vcl", "skipping huge rect top: " << rRect.Top());
+ return false;
+ }
+ }
+ return true;
+}
+
void MetaTextRectAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(maRect))
+ return;
+
pOut->DrawText( maRect, maStr, mnStyle );
}
@@ -850,7 +867,8 @@ MetaBmpScaleAction::MetaBmpScaleAction( const Point& rPt,
const Size& rSz,
static bool AllowScale(const Size& rSource, const Size& rDest)
{
- if (utl::ConfigManager::IsFuzzing())
+ static bool bFuzzing = utl::ConfigManager::IsFuzzing();
+ if (bFuzzing)
{
constexpr int nMaxScaleWhenFuzzing = 512;
