[Libreoffice-commits] core.git: filter/source

Caolán McNamara Sun, 02 Apr 2017 08:51:49 -0700

 filter/source/graphicfilter/icgm/class1.cxx |    4 ++++
 1 file changed, 4 insertions(+)


New commits:
commit fb41ebff32371ee7a7e07f671f7c769a8bb18718
Author: CaolÃ¡n McNamara <caol...@redhat.com>
Date:   Sun Apr 2 16:50:38 2017 +0100

    ofz: more check bounds on read
    
    Change-Id: I70018ee2ab282c11547f5bf9d81b2ee74c74aa04

diff --git a/filter/source/graphicfilter/icgm/class1.cxx 
b/filter/source/graphicfilter/icgm/class1.cxx
index 0d297bbe0a10..895dd8247d0b 100644
--- a/filter/source/graphicfilter/icgm/class1.cxx
+++ b/filter/source/graphicfilter/icgm/class1.cxx
@@ -192,6 +192,10 @@ void CGM::ImplDoClass1()
             {
                 sal_uInt32 nCharSetType = ImplGetUI16();
                 sal_uInt32 nSize = ImplGetUI(1);
+
+                if (static_cast<sal_uIntPtr>(mpEndValidSource - (mpSource + 
mnParaSize)) < nSize)
+                    throw css::uno::Exception("attempt to read past end of 
input", nullptr);
+
                 pElement->aFontList.InsertCharSet( (CharSetType)nCharSetType, 
mpSource + mnParaSize, nSize );
                 mnParaSize += nSize;
             }

_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: filter/source

Reply via email to