[Libreoffice-commits] core.git: vcl/source

Fri, 12 May 2023 08:57:27 -0700 

 vcl/source/filter/itiff/itiff.cxx |   10 ++++++++++
 1 file changed, 10 insertions(+)

New commits:
commit c0fd5835c01e84d2351d60785e2e5fa33814e82e
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri May 12 15:44:03 2023 +0100
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Fri May 12 17:57:02 2023 +0200

    ofz#58883 Out-of-memory
    
    Change-Id: I91de8f537ae237de814ed7e933fb6d0a3cc98466
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151708
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/vcl/source/filter/itiff/itiff.cxx 
b/vcl/source/filter/itiff/itiff.cxx
index a31a1c384efd..439cbd856182 100644
--- a/vcl/source/filter/itiff/itiff.cxx
+++ b/vcl/source/filter/itiff/itiff.cxx
@@ -161,6 +161,16 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic& 
rGraphic)
         bool bOk = !o3tl::checked_multiply(w, h, nPixelsRequired) && 
nPixelsRequired <= nMaxPixelsAllowed / 2;
         SAL_WARN_IF(!bOk, "filter.tiff", "skipping oversized tiff image " << w 
<< " x " << h);
 
+        if (!TIFFIsTiled(tif))
+        {
+            size_t nStripSize = TIFFStripSize(tif);
+            if (nStripSize > SAL_MAX_INT32)
+            {
+                SAL_WARN("filter.tiff", "skipping oversized tiff strip size " 
<< nStripSize);
+                bOk = false;
+            }
+        }
+
         if (bOk && bFuzzing)
         {
             const uint64_t MAX_PIXEL_SIZE = 120000000;

Reply via email to