diff options
author | David Tardon <dtardon@redhat.com> | 2016-01-21 12:28:19 +0100 |
---|---|---|
committer | David Tardon <dtardon@redhat.com> | 2016-01-21 12:30:21 +0100 |
commit | 32b0e02e5b82a8a13822e115574c6b77e30127ef (patch) | |
tree | 860013797cd77f7bc679bf57e7c4e9827d742938 /vcl/source/gdi | |
parent | 8608b276aee2075ce06ff33bcbac8899d427ad51 (diff) |
at least partially sanitize image dimensions
... to avoid enormous allocations later.
Change-Id: I8ffb050f095bd7ba2fee5be738bb30cd45170b82
Diffstat (limited to 'vcl/source/gdi')
-rw-r--r-- | vcl/source/gdi/dibtools.cxx | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx index 59db04c7456d..e5b67fa6000c 100644 --- a/vcl/source/gdi/dibtools.cxx +++ b/vcl/source/gdi/dibtools.cxx @@ -301,6 +301,17 @@ bool ImplReadDIBInfoHeader(SvStream& rIStm, DIBV5Header& rHeader, bool& bTopDown return false; } + if (rHeader.nCompression == 0) + { + sal_uInt64 nMaxSize = rIStm.remainingSize(); + if (rHeader.nHeight != 0) + nMaxSize /= rHeader.nHeight; + if (rHeader.nPlanes != 0) + nMaxSize /= rHeader.nPlanes; + if (sal_Int64(nMaxSize) < rHeader.nWidth) + return false; + } + return rIStm.good(); } |