[Libreoffice-commits] core.git: filter/source

Caolán McNamara Tue, 28 Feb 2017 13:10:20 -0800

 filter/source/graphicfilter/ipict/ipict.cxx |    6 ++++++
 1 file changed, 6 insertions(+)


New commits:
commit 7f0b3e90ad8cc6c16e2004cc0739150352c8d7e6
Author: CaolÃ¡n McNamara <caol...@redhat.com>
Date:   Tue Feb 28 21:08:00 2017 +0000

    ofz: timeout, check availablity of point data before reading it
    
    Change-Id: I86b3041bc5123ba10bbb9b64702dfb2060b3cc23

diff --git a/filter/source/graphicfilter/ipict/ipict.cxx 
b/filter/source/graphicfilter/ipict/ipict.cxx
index 4003b0f..a85e691 100644
--- a/filter/source/graphicfilter/ipict/ipict.cxx
+++ b/filter/source/graphicfilter/ipict/ipict.cxx
@@ -461,6 +461,12 @@ sal_uLong PictReader::ReadPolygon(tools::Polygon & rPoly)
     pPict->SeekRel(8);
     sal_uLong nDataSize = (sal_uLong)nSize;
     nSize=(nSize-10)/4;
+    const size_t nMaxPossiblePoints = pPict->remainingSize() / 2 * 
sizeof(sal_uInt16);
+    if (nSize > nMaxPossiblePoints)
+    {
+        SAL_WARN("filter.pict", "pict record claims to have: " << nSize << " 
points, but only " << nMaxPossiblePoints << " possible, clamping");
+        nSize = nMaxPossiblePoints;
+    }
     rPoly.SetSize(nSize);
     for (sal_uInt16 i = 0; i < nSize; ++i)
         rPoly.SetPoint(ReadPoint(), i);

_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: filter/source

Reply via email to