[Libreoffice-commits] core.git: hwpfilter/source

[Caolán McNamara]

 hwpfilter/source/hwpread.cxx |   15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

New commits:
commit 005ad924ce183b1f07f2e6193b5befac6fdda2b8
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Thu Oct 26 11:36:48 2017 +0100

    hwp fuzzing timeout
    
    Change-Id: I88656c558dfe1ef6e701ba54633bfe251bc4e279
    Reviewed-on: https://gerrit.libreoffice.org/43884
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/hwpfilter/source/hwpread.cxx b/hwpfilter/source/hwpread.cxx
index 826272f8eb74..33ff358e44fa 100644
--- a/hwpfilter/source/hwpread.cxx
+++ b/hwpfilter/source/hwpread.cxx
@@ -444,17 +444,18 @@ bool Picture::Read(HWPFile & hwpf)
         //read potentially compressed data in blocks as its more
         //likely large values are simply broken and we'll run out
         //of data before we need to realloc
-        for (size_t i = 0; i < follow_block_size; i+= SAL_MAX_UINT16)
+        unsigned char buffer[SAL_MAX_UINT16];
+        for (size_t i = 0; i < follow_block_size; i+= SAL_N_ELEMENTS(buffer))
         {
            size_t nOldSize = follow.size();
-           size_t nBlock = std::min<size_t>(SAL_MAX_UINT16, follow_block_size - nOldSize);
-           follow.resize(nOldSize + nBlock);
-           size_t nReadBlock = hwpf.Read1b(follow.data() + nOldSize, nBlock);
-           if (nBlock != nReadBlock)
+           size_t nBlock = std::min(SAL_N_ELEMENTS(buffer), follow_block_size - nOldSize);
+           size_t nReadBlock = hwpf.Read1b(buffer, nBlock);
+           if (nReadBlock)
            {
-               follow.resize(nOldSize + nReadBlock);
-               break;
+               follow.insert(follow.end(), buffer, buffer + nReadBlock);
            }
+           if (nBlock != nReadBlock)
+               break;
         }
         follow_block_size = follow.size();