sw/qa/core/data/ww5/pass/hang-2.doc |binary
sw/source/filter/ww8/ww8scan.cxx | 9 ++++-----
2 files changed, 4 insertions(+), 5 deletions(-)
New commits:
commit 35b895a710b9f43fbffc6ff7dcc461de4663bbba
Author: Caolán McNamara <caol...@redhat.com>
Date: Mon Aug 24 14:05:00 2015 +0100
limit seeks to valid area
(cherry picked from commit c0c9075163f06c0b5c2ad9cf428f1cfacf9fe1fb)
Change-Id: I401d93491999a3fc3db4f597eea9c4fe5b9bc926
Reviewed-on: https://gerrit.libreoffice.org/17956
Reviewed-by: David Tardon <dtar...@redhat.com>
Tested-by: David Tardon <dtar...@redhat.com>
diff --git a/sw/qa/core/data/ww5/pass/hang-2.doc
b/sw/qa/core/data/ww5/pass/hang-2.doc
new file mode 100644
index 0000000..5f76093
Binary files /dev/null and b/sw/qa/core/data/ww5/pass/hang-2.doc differ
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 0339495..366bd31 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -6698,9 +6698,8 @@ WW8Dop::WW8Dop(SvStream& rSt, sal_Int16 nFib, sal_Int32
nPos, sal_uInt32 nSize)
sal_uInt8* pData = pDataPtr;
sal_uInt32 nRead = nMaxDopSize < nSize ? nMaxDopSize : nSize;
- rSt.Seek( nPos );
- if (2 > nSize || nRead != rSt.Read(pData, nRead))
- nDopError = ERR_SWG_READ_ERROR; // Error melden
+ if (nSize < 2 || !checkSeek(rSt, nPos) || nRead != rSt.Read(pData, nRead))
+ nDopError = ERR_SWG_READ_ERROR; // report error
else
{
if (nMaxDopSize > nRead)
@@ -7547,8 +7546,8 @@ SEPr::SEPr() :
bool checkSeek(SvStream &rSt, sal_uInt32 nOffset)
{
- return (nOffset != SAL_MAX_UINT32 &&
- rSt.Seek(nOffset) == static_cast<sal_Size>(nOffset));
+ const sal_uInt64 nMaxSeek(rSt.Tell() + rSt.remainingSize());
+ return (nOffset <= nMaxSeek && rSt.Seek(nOffset) == nOffset);
}
bool checkRead(SvStream &rSt, void *pDest, sal_uInt32 nLength)
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
