filter/source/graphicfilter/icgm/bitmap.cxx | 26 ++++++++++++++++++--------
filter/source/graphicfilter/icgm/bitmap.hxx | 6 +++---
filter/source/graphicfilter/icgm/cgm.cxx | 1 +
filter/source/graphicfilter/icgm/cgm.hxx | 1 +
4 files changed, 23 insertions(+), 11 deletions(-)
New commits:
commit e5606718a19592c1371b44fc5159a1ba0f2fffcd
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Aug 19 17:21:44 2022 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Fri Aug 19 21:33:48 2022 +0200
ofz#50242 just stop fuzzing if there's a lot of graphic inserts
Change-Id: I3d023f1cbe85642db2462a071ce80d965755f130
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138561
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/filter/source/graphicfilter/icgm/bitmap.cxx
b/filter/source/graphicfilter/icgm/bitmap.cxx
index 67652d9eccd6..f747c0af651d 100644
--- a/filter/source/graphicfilter/icgm/bitmap.cxx
+++ b/filter/source/graphicfilter/icgm/bitmap.cxx
@@ -34,14 +34,13 @@ Color BMCOL(sal_uInt32 _col) {
}
-CGMBitmap::CGMBitmap( CGM& rCGM ) :
- mpCGM ( &rCGM ),
- pCGMBitmapDescriptor ( new CGMBitmapDescriptor )
+CGMBitmap::CGMBitmap(CGM& rCGM)
+ : mpCGM(&rCGM)
+ , pCGMBitmapDescriptor(new CGMBitmapDescriptor)
{
ImplGetBitmap( *pCGMBitmapDescriptor );
};
-
CGMBitmap::~CGMBitmap()
{
}
@@ -375,11 +374,22 @@ bool CGMBitmap::ImplGetDimensions( CGMBitmapDescriptor&
rDesc )
void CGMBitmap::ImplInsert( CGMBitmapDescriptor const & rSource,
CGMBitmapDescriptor& rDest )
{
- if (utl::ConfigManager::IsFuzzing() &&
rDest.mxBitmap.GetSizePixel().Height() + rSource.mnY > SAL_MAX_UINT16)
+ ++mpCGM->mnBitmapInserts;
+ static const bool bFuzzing = utl::ConfigManager::IsFuzzing();
+ if (bFuzzing)
{
- SAL_WARN("filter.icgm", "bitmap would expand too much");
- rDest.mbStatus = false;
- return;
+ if (rDest.mxBitmap.GetSizePixel().Height() + rSource.mnY >
SAL_MAX_UINT16)
+ {
+ SAL_WARN("filter.icgm", "bitmap would expand too much");
+ rDest.mbStatus = false;
+ return;
+ }
+ if (mpCGM->mnBitmapInserts > 1024)
+ {
+ SAL_WARN("filter.icgm", "too many inserts");
+ rDest.mbStatus = false;
+ return;
+ }
}
rDest.mxBitmap.Expand( 0, rSource.mnY );
rDest.mxBitmap.CopyPixel( tools::Rectangle( Point( 0, rDest.mnY ), Size(
rSource.mnX, rSource.mnY ) ),
diff --git a/filter/source/graphicfilter/icgm/bitmap.hxx
b/filter/source/graphicfilter/icgm/bitmap.hxx
index 3e7b80f5177f..564284b22135 100644
--- a/filter/source/graphicfilter/icgm/bitmap.hxx
+++ b/filter/source/graphicfilter/icgm/bitmap.hxx
@@ -31,8 +31,8 @@ class CGMBitmapDescriptor
sal_uInt8* mpBuf;
sal_uInt8* mpEndBuf;
BitmapEx mxBitmap;
- bool mbStatus;
- bool mbVMirror;
+ bool mbStatus;
+ bool mbVMirror;
sal_uInt32 mnDstBitsPerPixel;
sal_uInt32 mnScanSize; // bytes per line
FloatPoint mnP, mnQ, mnR;
@@ -42,7 +42,7 @@ class CGMBitmapDescriptor
double mnOrientation;
sal_uInt32 mnX, mnY;
- tools::Long mnLocalColorPrecision;
+ tools::Long mnLocalColorPrecision;
sal_uInt32 mnCompressionMode;
CGMBitmapDescriptor()
diff --git a/filter/source/graphicfilter/icgm/cgm.cxx
b/filter/source/graphicfilter/icgm/cgm.cxx
index da68410535ba..d97c8b6be646 100644
--- a/filter/source/graphicfilter/icgm/cgm.cxx
+++ b/filter/source/graphicfilter/icgm/cgm.cxx
@@ -53,6 +53,7 @@ CGM::CGM(uno::Reference< frame::XModel > const & rModel)
, mbFirstOutPut(false)
, mbInDefaultReplacement(false)
, mnAct4PostReset(0)
+ , mnBitmapInserts(0)
, mpOutAct(new CGMImpressOutAct(*this, rModel))
, mpSource(nullptr)
, mpEndValidSource(nullptr)
diff --git a/filter/source/graphicfilter/icgm/cgm.hxx
b/filter/source/graphicfilter/icgm/cgm.hxx
index b344cb22e707..e2281311e438 100644
--- a/filter/source/graphicfilter/icgm/cgm.hxx
+++ b/filter/source/graphicfilter/icgm/cgm.hxx
@@ -61,6 +61,7 @@ class CGM
bool mbFirstOutPut;
bool mbInDefaultReplacement;
sal_uInt32 mnAct4PostReset;
+ int mnBitmapInserts;
std::unique_ptr<CGMBitmap> mpBitmapInUse;
std::unique_ptr<CGMChart> mpChart; // if
sal_True->"SHWSLIDEREC"
// otherwise "BEGINPIC"
commands
