core.git: vcl/headless

Caolán McNamara (via logerrit) Sat, 15 Nov 2025 08:27:21 -0800

 vcl/headless/CairoCommon.cxx |   13 +++++++++++++
 1 file changed, 13 insertions(+)


New commits:
commit 39c2889537def121f5d99caf7d72331760deebe7
Author:     Caolán McNamara <[email protected]>
AuthorDate: Sat Nov 15 16:03:13 2025 +0000
Commit:     Caolán McNamara <[email protected]>
CommitDate: Sat Nov 15 17:26:53 2025 +0100

    ofz#458957507 Integer-overflow in cairo
    
    Change-Id: I10a95d7d87967b70b20e6cc5a30859497c61227d
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/194053
    Reviewed-by: Caolán McNamara <[email protected]>
    Tested-by: Caolán McNamara <[email protected]>

diff --git a/vcl/headless/CairoCommon.cxx b/vcl/headless/CairoCommon.cxx
index fff84da6297c..069e7260d17f 100644
--- a/vcl/headless/CairoCommon.cxx
+++ b/vcl/headless/CairoCommon.cxx
@@ -947,6 +947,19 @@ void CairoCommon::drawPolyPolygon(const 
basegfx::B2DHomMatrix& rObjectToDevice,
         return;
     }
 
+    static const bool bFuzzing = comphelper::IsFuzzing();
+    if (bFuzzing)
+    {
+        const basegfx::B2DRange aRange(rPolyPolygon.getB2DRange());
+        if (aRange.getMaxX() - aRange.getMinX() > 0x10000000
+            || aRange.getMaxY() - aRange.getMinY() > 0x10000000)
+        {
+            SAL_WARN("vcl.gdi", "drawPolyPolygon, skipping suspicious range 
of: "
+                                    << aRange << " for fuzzing performance");
+            return;
+        }
+    }
+
     if (!bHasLine)
     {
         // don't bother trying to draw stuff which is effectively invisible, 
speeds up

core.git: vcl/headless

Reply via email to