[Libreoffice-commits] core.git: Branch 'libreoffice-5-2' - sw/source
Caolán McNamara
caolanm at redhat.com
Tue Apr 4 19:19:04 UTC 2017
sw/source/filter/ww8/ww8par2.cxx | 7 +++++++
1 file changed, 7 insertions(+)
New commits:
commit d9d8631d7c0142e2ddd0bec1f986cb20f339d639
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Apr 3 21:22:00 2017 +0100
ofz: check anldPap sprm for valid ANLD payload len
Change-Id: Ie034e3b37e01c29cf19fe8ad78b1121f6eadecb2
Reviewed-on: https://gerrit.libreoffice.org/36053
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 29cf858a971273039fff50808082f231dbd43c92)
Reviewed-on: https://gerrit.libreoffice.org/36076
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Michael Stahl <mstahl at redhat.com>
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index d9b5c091751c..ff6bcb0ca1a7 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -848,6 +848,13 @@ void SwWW8ImplReader::Read_ANLevelDesc( sal_uInt16, const sal_uInt8* pData, shor
return;
}
+ if (static_cast<size_t>(nLen) < sizeof(WW8_ANLD))
+ {
+ SAL_WARN("sw.ww8", "ANLevelDesc property is " << nLen << " long, needs to be at least " << sizeof(WW8_ANLD));
+ m_nSwNumLevel = 0xff;
+ return;
+ }
+
if( m_nSwNumLevel <= MAXLEVEL // Value range mapping WW:1..9 -> SW:0..8
&& m_nSwNumLevel <= 9 ){ // No Bullets or Numbering
More information about the Libreoffice-commits
mailing list