[Libreoffice-commits] core.git: Branch 'libreoffice-4-0-1' - cppcanvas/source
Michael Stahl
mstahl at redhat.com
Tue Feb 26 02:12:56 PST 2013
cppcanvas/source/mtfrenderer/emfplus.cxx | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
New commits:
commit 83707a8b8a47efd074b7f03df0da779870efa687
Author: Michael Stahl <mstahl at redhat.com>
Date: Mon Feb 25 13:15:19 2013 +0100
fdo#59405: cppcanvas: fix infinite loop in processEMFPlus
This can be observed when inserting the bugdoc from fdo#59405.
Apparently the "size" and "length" do not agree; ensure that the
"length" does not underflow.
Change-Id: Idfc68919859b8284c724831de21208e4392af328
(cherry picked from commit ec0d1440cf07008a220708535848567bcbb233ea)
Reviewed-on: https://gerrit.libreoffice.org/2394
Reviewed-by: Radek DoulÃk <rodo at novell.com>
Tested-by: Radek DoulÃk <rodo at novell.com>
(cherry picked from commit 6cf68eab5eb77b7e081ef5f8d59d196411e86567)
Reviewed-on: https://gerrit.libreoffice.org/2398
Reviewed-by: Fridrich Strba <fridrich at documentfoundation.org>
Reviewed-by: Michael Meeks <michael.meeks at suse.com>
diff --git a/cppcanvas/source/mtfrenderer/emfplus.cxx b/cppcanvas/source/mtfrenderer/emfplus.cxx
index f1b0eff..0c9db41 100644
--- a/cppcanvas/source/mtfrenderer/emfplus.cxx
+++ b/cppcanvas/source/mtfrenderer/emfplus.cxx
@@ -1763,7 +1763,16 @@ namespace cppcanvas
rMF.Seek (next);
- length -= size;
+ if (size <= length)
+ {
+ length -= size;
+ }
+ else
+ {
+ SAL_WARN("cppcanvas", "ImplRenderer::processEMFPlus: "
+ "size " << size << " > length " << length);
+ length = 0;
+ }
}
}
}
More information about the Libreoffice-commits
mailing list