[Libreoffice-commits] core.git: sc/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Mon Mar 29 12:01:30 UTC 2021
sc/source/filter/excel/xltoolbar.cxx | 6 ++++++
1 file changed, 6 insertions(+)
New commits:
commit 05d651673bdd8bcda97c064421b1ab69bf144e58
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Mar 29 10:35:56 2021 +0100
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Mon Mar 29 14:00:55 2021 +0200
cid#1242796 Untrusted loop bound
Change-Id: I0ad070da424f7ce98a78104f017be26c411364a5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113302
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sc/source/filter/excel/xltoolbar.cxx b/sc/source/filter/excel/xltoolbar.cxx
index 7b4e40482a54..b15006a36813 100644
--- a/sc/source/filter/excel/xltoolbar.cxx
+++ b/sc/source/filter/excel/xltoolbar.cxx
@@ -81,6 +81,12 @@ bool ScCTB::Read( SvStream &rS )
SAL_INFO("sc.filter", "stream pos " << rS.Tell());
nOffSet = rS.Tell();
tb.Read( rS );
+
+ const size_t nMinRecordSize = 20; // TBVisualData reads 20 bytes
+ const size_t nMaxPossibleRecords = rS.remainingSize() / nMinRecordSize;
+ if (nViews > nMaxPossibleRecords)
+ return false;
+
for ( sal_uInt16 index = 0; index < nViews; ++index )
{
TBVisualData aVisData;
More information about the Libreoffice-commits
mailing list