[Libreoffice-commits] core.git: Branch 'libreoffice-4-4' - vcl/qa vcl/source
Caolán McNamara
caolanm at redhat.com
Tue Jul 14 01:32:07 PDT 2015
vcl/qa/cppunit/graphicfilter/data/emf/fail/crash-3.emf |binary
vcl/source/filter/wmf/enhwmf.cxx | 4 +++-
2 files changed, 3 insertions(+), 1 deletion(-)
New commits:
commit 5b8ec42cd7d09291c0662aacbaaa507eafda1ea4
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jul 13 20:44:16 2015 +0100
fix a third emf crash
Change-Id: I3b5d0daf05e3272d2afa0da84ff0b1f8d5c965a4
(cherry picked from commit 173fd90387e8bb7f33c2608628f12c7f772f0277)
Reviewed-on: https://gerrit.libreoffice.org/17023
Reviewed-by: David Tardon <dtardon at redhat.com>
Tested-by: David Tardon <dtardon at redhat.com>
diff --git a/vcl/qa/cppunit/graphicfilter/data/emf/fail/crash-3.emf b/vcl/qa/cppunit/graphicfilter/data/emf/fail/crash-3.emf
new file mode 100644
index 0000000..92da5f0
Binary files /dev/null and b/vcl/qa/cppunit/graphicfilter/data/emf/fail/crash-3.emf differ
diff --git a/vcl/source/filter/wmf/enhwmf.cxx b/vcl/source/filter/wmf/enhwmf.cxx
index 553f871..63e4104 100644
--- a/vcl/source/filter/wmf/enhwmf.cxx
+++ b/vcl/source/filter/wmf/enhwmf.cxx
@@ -1425,7 +1425,9 @@ bool EnhWMFReader::ReadEnhWMF()
DBG_ASSERT( ( nOptions & ( ETO_PDY | ETO_GLYPH_INDEX ) ) == 0, "SJ: ETO_PDY || ETO_GLYPH_INDEX in EMF" );
Point aPos( ptlReferenceX, ptlReferenceY );
- if ( nLen > 0 && nLen < static_cast<sal_Int32>( SAL_MAX_UINT32 / sizeof(sal_Int32) ) )
+ bool bLenSane = nLen > 0 && nLen < static_cast<sal_Int32>( SAL_MAX_UINT32 / sizeof(sal_Int32) );
+ bool bOffStringSane = nOffString <= nEndPos - nCurPos;
+ if (bLenSane && bOffStringSane)
{
if ( offDx && (( nCurPos + offDx + nLen * 4 ) <= nNextPos ) )
{
More information about the Libreoffice-commits
mailing list