[Libreoffice-commits] core.git: Branch 'libreoffice-4-4' - vcl/source
Caolán McNamara
caolanm at redhat.com
Mon Jul 13 06:15:15 PDT 2015
vcl/source/filter/wmf/winwmf.cxx | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
New commits:
commit f202ff6ba07a75e0423fa8e5be2e0f41dc7f056d
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Jul 10 11:34:03 2015 +0100
fix potential hang here
Change-Id: Id62cdb90420b9ccf4e98fc1af46c70db6ed60ee0
(cherry picked from commit 7eef63bb2a4d14cb35201f84f38855910f468e20)
Reviewed-on: https://gerrit.libreoffice.org/16923
Reviewed-by: David Tardon <dtardon at redhat.com>
Tested-by: David Tardon <dtardon at redhat.com>
diff --git a/vcl/source/filter/wmf/winwmf.cxx b/vcl/source/filter/wmf/winwmf.cxx
index bee19b6..4667844 100644
--- a/vcl/source/filter/wmf/winwmf.cxx
+++ b/vcl/source/filter/wmf/winwmf.cxx
@@ -1713,14 +1713,19 @@ bool WMFReader::GetPlaceableBound( Rectangle& rPlaceableBound, SvStream* pStm )
}
break;
}
- nPos += nRSize * 2;
- if ( nPos <= nEnd )
- pStm->Seek( nPos );
- else
- {
- pStm->SetError( SVSTREAM_FILEFORMAT_ERROR );
- bRet = false;
- }
+
+ const sal_uInt32 nAvailableBytes = nEnd - nPos;
+ const sal_uInt32 nMaxPossibleRecordSize = nAvailableBytes/2;
+ if (nRSize <= nMaxPossibleRecordSize)
+ {
+ nPos += nRSize * 2;
+ pStm->Seek( nPos );
+ }
+ else
+ {
+ pStm->SetError( SVSTREAM_FILEFORMAT_ERROR );
+ bRet = false;
+ }
}
}
else
More information about the Libreoffice-commits
mailing list