filter/source/graphicfilter/idxf/dxfentrd.cxx | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
New commits:
commit 2a9b4363ca190f1d783d540e95a031357f852858
Author: Caolán McNamara <caol...@redhat.com>
Date: Tue Jan 17 21:25:28 2017 +0000
ofz#415 crash in DXFVector::DXFVector
Change-Id: Ia8edfebd0b69ed2500e2c3f575d51f40dc8718c0
diff --git a/filter/source/graphicfilter/idxf/dxfentrd.cxx
b/filter/source/graphicfilter/idxf/dxfentrd.cxx
index f9a5d97..a3e64f1 100644
--- a/filter/source/graphicfilter/idxf/dxfentrd.cxx
+++ b/filter/source/graphicfilter/idxf/dxfentrd.cxx
@@ -421,7 +421,8 @@ void DXFLWPolyLineEntity::EvaluateGroup( DXFGroupReader &
rDGR )
case 90 :
{
nCount = rDGR.GetI();
- if ( nCount )
+ // limit alloc to max reasonable size based on remaining data in
stream
+ if (nCount > 0 && static_cast<sal_uInt32>(nCount) <=
rDGR.remainingSize())
pP.reset( new DXFVector[ nCount ] );
}
break;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
