vcl/source/filter/itiff/itiff.cxx | 45 ++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 23 deletions(-)
New commits: commit 63ae3bd49834b9961f43b5a082ec809878acb891 Author: Caolán McNamara <caolan.mcnam...@collabora.com> AuthorDate: Sat Oct 28 20:10:24 2023 +0100 Commit: Caolán McNamara <caolan.mcnam...@collabora.com> CommitDate: Sun Oct 29 10:16:00 2023 +0100 ofz#63518 don't allow short read with PHOTOMETRIC_YCBCR format which the old parser didn't support Change-Id: I63e426f57e893b13dd800f4af1ed4b50751dbb2b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158600 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com> diff --git a/vcl/source/filter/itiff/itiff.cxx b/vcl/source/filter/itiff/itiff.cxx index 39bc51a00860..acd9e6d8e1ae 100644 --- a/vcl/source/filter/itiff/itiff.cxx +++ b/vcl/source/filter/itiff/itiff.cxx @@ -171,6 +171,14 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic& rGraphic) } } + uint16_t PhotometricInterpretation(0); + uint16_t Compression(COMPRESSION_NONE); + if (bOk) + { + TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &PhotometricInterpretation); + TIFFGetField(tif, TIFFTAG_COMPRESSION, &Compression); + } + if (bOk && bFuzzing) { const uint64_t MAX_PIXEL_SIZE = 120000000; @@ -194,26 +202,18 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic& rGraphic) SAL_WARN_IF(!bOk, "filter.tiff", "skipping slow bizarre ratio tile of " << tw << " x " << th << " for image of " << w << " x " << h); } - uint16_t PhotometricInterpretation; - if (TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &PhotometricInterpretation) == 1) + if (PhotometricInterpretation == PHOTOMETRIC_LOGL) { - if (PhotometricInterpretation == PHOTOMETRIC_LOGL) - { - uint32_t nLogLBufferRequired; - bOk &= !o3tl::checked_multiply(tw, th, nLogLBufferRequired) && nLogLBufferRequired < MAX_PIXEL_SIZE; - SAL_WARN_IF(!bOk, "filter.tiff", "skipping oversized tiff tile " << tw << " x " << th); - } + uint32_t nLogLBufferRequired; + bOk &= !o3tl::checked_multiply(tw, th, nLogLBufferRequired) && nLogLBufferRequired < MAX_PIXEL_SIZE; + SAL_WARN_IF(!bOk, "filter.tiff", "skipping oversized tiff tile " << tw << " x " << th); } - uint16_t Compression; - if (TIFFGetField(tif, TIFFTAG_COMPRESSION, &Compression) == 1) + if (Compression == COMPRESSION_CCITTFAX4) { - if (Compression == COMPRESSION_CCITTFAX4) - { - uint32_t DspRuns; - bOk &= !o3tl::checked_multiply(tw, static_cast<uint32_t>(4), DspRuns) && DspRuns < MAX_PIXEL_SIZE; - SAL_WARN_IF(!bOk, "filter.tiff", "skipping oversized tiff tile width: " << tw); - } + uint32_t DspRuns; + bOk &= !o3tl::checked_multiply(tw, static_cast<uint32_t>(4), DspRuns) && DspRuns < MAX_PIXEL_SIZE; + SAL_WARN_IF(!bOk, "filter.tiff", "skipping oversized tiff tile width: " << tw); } } } @@ -223,14 +223,13 @@ bool ImportTiffGraphicImport(SvStream& rTIFF, Graphic& rGraphic) std::vector<uint32_t> raster(nPixelsRequired); - uint16_t compression(COMPRESSION_NONE); - const bool bNewCodec = TIFFGetField(tif, TIFFTAG_COMPRESSION, &compression) == 1 && - compression >= COMPRESSION_ZSTD; // >= 50000 at time of writing + const bool bNewCodec = Compression >= COMPRESSION_ZSTD; // >= 50000 at time of writing // For tdf#149417 we generally allow one short read for fidelity with the old - // parser that this replaced. But don't allow that for new format variations - // that the old parser didn't handle so we don't take libtiff into uncharted - // territory. - aContext.bAllowOneShortRead = !bNewCodec; + // parser that this replaced. But don't allow that for: + // a) new compression variations that the old parser didn't handle + // b) complicated pixel layout variations that the old parser didn't handle + // so we don't take libtiff into uncharted territory. + aContext.bAllowOneShortRead = !bNewCodec && PhotometricInterpretation != PHOTOMETRIC_YCBCR; if (TIFFReadRGBAImageOriented(tif, w, h, raster.data(), ORIENTATION_TOPLEFT, 1)) {