[Libreoffice-commits] libcdr.git: src/lib
David Tardon
dtardon at redhat.com
Wed Dec 23 05:11:53 PST 2015
src/lib/CDRParser.cpp | 3 +++
1 file changed, 3 insertions(+)
New commits:
commit 2c9213f3747093f0f6d91541c17a24269f5f46e9
Author: David Tardon <dtardon at redhat.com>
Date: Wed Dec 23 14:10:37 2015 +0100
coverity#1219662 untrusted loop bound
Change-Id: Iff5a8739581c3a996a910e642a5db6eab0976bb6
diff --git a/src/lib/CDRParser.cpp b/src/lib/CDRParser.cpp
index 36fbe01..d90a7c5 100644
--- a/src/lib/CDRParser.cpp
+++ b/src/lib/CDRParser.cpp
@@ -2187,6 +2187,9 @@ void libcdr::CDRParser::readPolygonCoords(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG(("CDRParser::readPolygonCoords\n"));
unsigned short pointNum = readU16(input);
+ const unsigned short pointSize = 2 * (m_precision == PRECISION_16BIT ? 2 : 4) + 1;
+ if (pointNum > getRemainingLength(input) / pointSize)
+ pointNum = getRemainingLength(input) / pointSize;
input->seek(2, librevenge::RVNG_SEEK_CUR);
std::vector<std::pair<double, double> > points;
std::vector<unsigned char> pointTypes;
More information about the Libreoffice-commits
mailing list