[Libreoffice-commits] core.git: Branch 'libreoffice-4-2' - lotuswordpro/source
Caolán McNamara
caolanm at redhat.com
Thu Jul 3 07:19:41 PDT 2014
lotuswordpro/source/filter/tocread.cxx | 10 ++++++++++
1 file changed, 10 insertions(+)
New commits:
commit 574399df9c2ebf3c328a3b95455d3a9fac84771f
Author: Caolán McNamara <caolanm at redhat.com>
Date: Thu Jul 3 11:17:37 2014 +0100
coverity#1222240 Untrusted value as argument
and
coverity#1222239 Untrusted value as argument
(cherry picked from commit 5e043613266113a873c55ad45ab0fb1ae14286e8)
Change-Id: I48bacfd988a34d67ffa542edba7cba1bb9b0b3cc
Reviewed-on: https://gerrit.libreoffice.org/10052
Tested-by: Markus Mohrhard <markus.mohrhard at googlemail.com>
Reviewed-by: Markus Mohrhard <markus.mohrhard at googlemail.com>
diff --git a/lotuswordpro/source/filter/tocread.cxx b/lotuswordpro/source/filter/tocread.cxx
index c27909c..8be2015 100644
--- a/lotuswordpro/source/filter/tocread.cxx
+++ b/lotuswordpro/source/filter/tocread.cxx
@@ -67,6 +67,16 @@ CBenTOCReader::ReadLabelAndTOC()
if ((Err = ReadLabel(&TOCOffset, &cTOCSize)) != BenErr_OK)
return Err;
+ unsigned long nLength;
+ if ((Err = cpContainer->GetSize(&nLength)) != BenErr_OK)
+ return Err;
+
+ if (TOCOffset > nLength)
+ return BenErr_ReadPastEndOfTOC;
+
+ if (cTOCSize > nLength - TOCOffset)
+ return BenErr_ReadPastEndOfTOC;
+
if ((Err = cpContainer->SeekToPosition(TOCOffset)) != BenErr_OK)
return Err;
More information about the Libreoffice-commits
mailing list