ofz#12828 svm Timeout

Change-Id: I12f493a90177838ea4f29c2b4411846df19241a4 Reviewed-on: https://gerrit.libreoffice.org/67260 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>

ofz#12828 svm Timeout
Change-Id: I12f493a90177838ea4f29c2b4411846df19241a4 Reviewed-on: https://gerrit.libreoffice.org/67260 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
8b20ac02 · Caolán McNamara · ad972aad · 8b20ac02
Kaydet (Commit) 8b20ac02 authored Şub 01, 2019 tarafından Caolán McNamara
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 2 deletions

dibtools.cxx vcl/source/gdi/dibtools.cxx +7 -2

No files found.
--- a/vcl/source/gdi/dibtools.cxx
+++ b/vcl/source/gdi/dibtools.cxx
@@ -29,6 +29,7 @@
 #include <tools/stream.hxx>
 #include <tools/fract.hxx>
 #include <tools/helpers.hxx>
+#include <unotools/configmgr.hxx>
 #include <vcl/bitmapex.hxx>
 #include <vcl/bitmapaccess.hxx>
 #include <vcl/outdev.hxx>
@@ -544,6 +545,12 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r
            rIStm.ReadUInt32( nBMask );
        }
+        const long nWidth(rHeader.nWidth);
+        const long nHeight(rHeader.nHeight);
+        long nResult = 0;
+        if (utl::ConfigManager::IsFuzzing() && (o3tl::checked_multiply(nWidth, nHeight, nResult) || nResult > 4000000))
+            return false;
        if (bRLE)
        {
            if(!rHeader.nSizeImage)
@@ -561,8 +568,6 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r
        }
        else
        {
-            const long nWidth(rHeader.nWidth);
-            const long nHeight(rHeader.nHeight);
            if (nAlignedWidth > rIStm.remainingSize())
            {
                // ofz#11188 avoid timeout