[Libreoffice-commits] core.git: Branch 'libreoffice-6-1-6' - vcl/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Tue Apr 30 14:32:56 UTC 2019
vcl/source/filter/graphicfilter.cxx | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
New commits:
commit e80bac9279564c366691cbd51cf557c7083d37c3
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Sat Apr 27 11:52:11 2019 +0100
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Apr 30 16:32:03 2019 +0200
ofz#14469 null deref
since...
commit af84fc9d906626255aaf136eefc5e55236e0e8a6
Date: Tue Apr 23 15:48:41 2019 +0200
lazy image loading shouldn't read the entire .xls file (tdf#124828)
nLength is just an unchecked value in the dff stream, it might not be sane
so limit it to the max len of the stream
Change-Id: Ia8a2830478952afe1317b5cd795f35059d9b380a
Reviewed-on: https://gerrit.libreoffice.org/71415
Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
Tested-by: Xisco Faulí <xiscofauli at libreoffice.org>
Reviewed-by: Noel Grandin <noel.grandin at collabora.co.uk>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/vcl/source/filter/graphicfilter.cxx b/vcl/source/filter/graphicfilter.cxx
index cad4d4ae1fd5..654393238eba 100644
--- a/vcl/source/filter/graphicfilter.cxx
+++ b/vcl/source/filter/graphicfilter.cxx
@@ -1454,7 +1454,9 @@ Graphic GraphicFilter::ImportUnloadedGraphic(SvStream& rIStream, sal_uInt64 size
ErrCode nStatus = ImpTestOrFindFormat("", rIStream, nFormat);
rIStream.Seek(nStreamBegin);
- const sal_uInt32 nStreamLength( sizeLimit ? sizeLimit : rIStream.Seek(STREAM_SEEK_TO_END) - nStreamBegin);
+ sal_uInt32 nStreamLength(rIStream.remainingSize());
+ if (sizeLimit && sizeLimit < nStreamLength)
+ nStreamLength = sizeLimit;
OUString aFilterName = pConfig->GetImportFilterName(nFormat);
OUString aExternalFilterName = pConfig->GetExternalFilterName(nFormat, false);
More information about the Libreoffice-commits
mailing list