vcl/source/filter/graphicfilter.cxx | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
New commits:
commit 9c9acc9e6ac1a085232242138510cc7d711e9922
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Apr 27 11:52:11 2019 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Sat Apr 27 15:32:45 2019 +0200
ofz#14469 null deref
since...
commit af84fc9d906626255aaf136eefc5e55236e0e8a6
Date: Tue Apr 23 15:48:41 2019 +0200
lazy image loading shouldn't read the entire .xls file (tdf#124828)
nLength is just an unchecked value in the dff stream, it might not be sane
so limit it to the max len of the stream
Change-Id: Ia8a2830478952afe1317b5cd795f35059d9b380a
Reviewed-on: https://gerrit.libreoffice.org/71412
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
Tested-by: Caolán McNamara <caol...@redhat.com>
diff --git a/vcl/source/filter/graphicfilter.cxx
b/vcl/source/filter/graphicfilter.cxx
index 10a4559a8db4..7a0cb0f6412c 100644
--- a/vcl/source/filter/graphicfilter.cxx
+++ b/vcl/source/filter/graphicfilter.cxx
@@ -1442,7 +1442,9 @@ Graphic GraphicFilter::ImportUnloadedGraphic(SvStream&
rIStream, sal_uInt64 size
ErrCode nStatus = ImpTestOrFindFormat("", rIStream, nFormat);
rIStream.Seek(nStreamBegin);
- const sal_uInt32 nStreamLength( sizeLimit ? sizeLimit :
rIStream.remainingSize());
+ sal_uInt32 nStreamLength(rIStream.remainingSize());
+ if (sizeLimit && sizeLimit < nStreamLength)
+ nStreamLength = sizeLimit;
OUString aFilterName = pConfig->GetImportFilterName(nFormat);
OUString aExternalFilterName = pConfig->GetExternalFilterName(nFormat,
false);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
