ofz#35504 clamp input values in cgm filter

Change-Id: I96712b8dc8f8eaad3fb8fa6710d0f07fff61b592
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118137
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>

2 files changed, 6 insertions, 1 deletions

diff --git a/filter/source/graphicfilter/icgm/class4.cxx b/filter/source/graphicfilter/icgm/class4.cxx
index 0a498426b3bc..697a466793bc 100644
--- a/filter/source/graphicfilter/icgm/class4.cxx
+++ b/filter/source/graphicfilter/icgm/class4.cxx
@@ -109,7 +109,12 @@ bool CGM::ImplGetEllipse( FloatPoint& rCenter, FloatPoint& rRadius, double& rAng
 
 static bool useless(double value)
 {
-    return std::isnan(value) || std::isinf(value);
+    if (!std::isfinite(value))
+        return true;
+    int exp;
+    std::frexp(value, &exp);
+    const int maxbits = sizeof(tools::Long) * 8;
+    return exp > maxbits;
 }
 
 void CGM::ImplDoClass4()
diff --git a/sd/qa/unit/data/cgm/fail/ofz35504-ubsan-1.cgm b/sd/qa/unit/data/cgm/fail/ofz35504-ubsan-1.cgm
new file mode 100644
index 000000000000..07aa3db00776
--- /dev/null
+++ b/sd/qa/unit/data/cgm/fail/ofz35504-ubsan-1.cgm