[Libreoffice-commits] core.git: sw/source
Caolán McNamara
caolanm at redhat.com
Sun May 7 14:01:57 UTC 2017
sw/source/filter/ww8/ww8par.cxx | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
New commits:
commit f5c0d7508b972898153bbf4069c9ea48f53d64d5
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sun May 7 14:56:51 2017 +0100
ofz check against expected struct size
don't copy vector and const up as well
Change-Id: Ia9c9dd9e0dee2300f8f60eec15b67e4a349c8a93
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index e6c87cf0d852..aa22f3a9e6da 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -4979,10 +4979,14 @@ sal_uLong SwWW8ImplReader::CoreLoad(WW8Glossary *pGloss)
for (size_t i=0; i < aLinkStrings.size() && i < aStringIds.size(); ++i)
{
- ww::bytes stringId = aStringIds[i];
- WW8_STRINGID *stringIdStruct = reinterpret_cast<WW8_STRINGID*>(&stringId[0]);
- m_aLinkStringMap[SVBT16ToShort(stringIdStruct->nStringId)] =
- aLinkStrings[i];
+ const ww::bytes& stringId = aStringIds[i];
+ if (stringId.size() < sizeof(WW8_STRINGID))
+ {
+ SAL_WARN("sw.ww8", "SwWW8ImplReader::CoreLoad: WW8_STRINGID is too short");
+ continue;
+ }
+ const WW8_STRINGID *stringIdStruct = reinterpret_cast<const WW8_STRINGID*>(stringId.data());
+ m_aLinkStringMap[SVBT16ToShort(stringIdStruct->nStringId)] = aLinkStrings[i];
}
ReadDocVars(); // import document variables as meta information.
More information about the Libreoffice-commits
mailing list