vcl/source/filter/graphicfilter.cxx | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
New commits:
commit 3b69a91bf7b3ccf665c55373121f78f921408009
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Apr 27 11:52:11 2019 +0100
Commit: Michael Stahl <michael.st...@cib.de>
CommitDate: Mon Apr 29 11:47:04 2019 +0200
ofz#14469 null deref
since...
commit af84fc9d906626255aaf136eefc5e55236e0e8a6
Date: Tue Apr 23 15:48:41 2019 +0200
lazy image loading shouldn't read the entire .xls file (tdf#124828)
nLength is just an unchecked value in the dff stream, it might not be sane
so limit it to the max len of the stream
Change-Id: Ia8a2830478952afe1317b5cd795f35059d9b380a
Reviewed-on: https://gerrit.libreoffice.org/71414
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@cib.de>
diff --git a/vcl/source/filter/graphicfilter.cxx
b/vcl/source/filter/graphicfilter.cxx
index cad4d4ae1fd5..654393238eba 100644
--- a/vcl/source/filter/graphicfilter.cxx
+++ b/vcl/source/filter/graphicfilter.cxx
@@ -1454,7 +1454,9 @@ Graphic GraphicFilter::ImportUnloadedGraphic(SvStream&
rIStream, sal_uInt64 size
ErrCode nStatus = ImpTestOrFindFormat("", rIStream, nFormat);
rIStream.Seek(nStreamBegin);
- const sal_uInt32 nStreamLength( sizeLimit ? sizeLimit :
rIStream.Seek(STREAM_SEEK_TO_END) - nStreamBegin);
+ sal_uInt32 nStreamLength(rIStream.remainingSize());
+ if (sizeLimit && sizeLimit < nStreamLength)
+ nStreamLength = sizeLimit;
OUString aFilterName = pConfig->GetImportFilterName(nFormat);
OUString aExternalFilterName = pConfig->GetExternalFilterName(nFormat,
false);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
