[Libreoffice-commits] core.git: Branch 'libreoffice-5-3' - sw/source
Caolán McNamara
caolanm at redhat.com
Wed Apr 5 11:04:58 UTC 2017
sw/source/filter/ww8/ww8par2.cxx | 8 ++++++++
1 file changed, 8 insertions(+)
New commits:
commit 14028af4d978f126779e641a9605c6d4d864b3b6
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue Apr 4 19:13:12 2017 +0100
ofz: check olst sprm for valid ANLD payload len
Change-Id: Ic1b6681a3f48ef0fe3f52eda9db8b7bc003ded55
(cherry picked from commit 98151bf95bda8d647310bdba6936dc6b388b05de)
Reviewed-on: https://gerrit.libreoffice.org/36098
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Michael Stahl <mstahl at redhat.com>
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index bfab2e78a20f..bcc424d4fc83 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -926,6 +926,14 @@ void SwWW8ImplReader::Read_OLST( sal_uInt16, const sal_uInt8* pData, short nLen
m_pNumOlst = nullptr;
return;
}
+
+ if (static_cast<size_t>(nLen) < sizeof(WW8_OLST))
+ {
+ SAL_WARN("sw.ww8", "WW8_OLST property is " << nLen << " long, needs to be at least " << sizeof(WW8_OLST));
+ m_pNumOlst = nullptr;
+ return;
+ }
+
m_pNumOlst = new WW8_OLST;
if( nLen < sal::static_int_cast< sal_Int32 >(sizeof( WW8_OLST )) ) // fill if to short
memset( m_pNumOlst, 0, sizeof( *m_pNumOlst ) );
More information about the Libreoffice-commits
mailing list