[Libreoffice-commits] core.git: sc/source
Caolán McNamara
caolanm at redhat.com
Wed Nov 19 01:13:26 PST 2014
sc/source/filter/excel/xilink.cxx | 11 +++++++++++
1 file changed, 11 insertions(+)
New commits:
commit 05362fd2dbb481b735e8b7e97288d842a6e3ec0b
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue Nov 18 21:22:10 2014 +0000
coverity#1242708 Untrusted loop bound
Change-Id: Ic5af417ad38cafa46051789574239996a8845ffb
diff --git a/sc/source/filter/excel/xilink.cxx b/sc/source/filter/excel/xilink.cxx
index 52e8a5a..51da063 100644
--- a/sc/source/filter/excel/xilink.cxx
+++ b/sc/source/filter/excel/xilink.cxx
@@ -272,6 +272,17 @@ XclImpExtName::MOper::MOper(svl::SharedStringPool& rPool, XclImpStream& rStrm) :
{
SCSIZE nLastCol = rStrm.ReaduInt8();
SCSIZE nLastRow = rStrm.ReaduInt16();
+
+ //assuming worse case scenario of nOp + one byte unistring len
+ const size_t nMinRecordSize = 2;
+ const size_t nMaxRows = rStrm.GetRecLeft() / (nMinRecordSize * (nLastCol+1));
+ if (nLastRow >= nMaxRows)
+ {
+ SAL_WARN("sc", "Parsing error: " << nMaxRows <<
+ " max possible rows, but " << nLastRow << " index claimed, truncating");
+ nLastRow = nMaxRows-1;
+ }
+
mxCached->Resize(nLastCol+1, nLastRow+1);
for (SCSIZE nRow = 0; nRow <= nLastRow; ++nRow)
{
More information about the Libreoffice-commits
mailing list