diff options
Diffstat (limited to 'vcl')
-rw-r--r-- | vcl/qa/cppunit/graphicfilter/data/wmf/pass/CVE-2015-0848-1.wmf (renamed from vcl/qa/cppunit/graphicfilter/data/wmf/fail/CVE-2015-0848-1.wmf) | bin | 4192 -> 4192 bytes | |||
-rw-r--r-- | vcl/source/gdi/dibtools.cxx | 14 |
2 files changed, 12 insertions, 2 deletions
diff --git a/vcl/qa/cppunit/graphicfilter/data/wmf/fail/CVE-2015-0848-1.wmf b/vcl/qa/cppunit/graphicfilter/data/wmf/pass/CVE-2015-0848-1.wmf Binary files differindex 1512a2256bc2..1512a2256bc2 100644 --- a/vcl/qa/cppunit/graphicfilter/data/wmf/fail/CVE-2015-0848-1.wmf +++ b/vcl/qa/cppunit/graphicfilter/data/wmf/pass/CVE-2015-0848-1.wmf diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx index de8615226492..4088d6287894 100644 --- a/vcl/source/gdi/dibtools.cxx +++ b/vcl/source/gdi/dibtools.cxx @@ -939,6 +939,18 @@ bool ImplReadDIBBody(SvStream& rIStm, Bitmap& rBmp, AlphaMask* pBmpAlpha, sal_uL } case BITFIELDS: break; + default: + // tdf#122958 invalid compression value used + if (aHeader.nCompression & 0x000F) + { + // lets assume that there was an error in the generating application + // and allow through as COMPRESS_NONE if the bottom byte is 0 + SAL_WARN( "vcl", "bad bmp compression scheme: " << aHeader.nCompression << ", rejecting bmp"); + return false; + } + else + SAL_WARN( "vcl", "bad bmp compression scheme: " << aHeader.nCompression << ", assuming meant to be COMPRESS_NONE"); + SAL_FALLTHROUGH; case ZCOMPRESS: case COMPRESS_NONE: { @@ -950,8 +962,6 @@ bool ImplReadDIBBody(SvStream& rIStm, Bitmap& rBmp, AlphaMask* pBmpAlpha, sal_uL return false; break; } - default: - return false; } const Size aSizePixel(aHeader.nWidth, aHeader.nHeight); |