vcl/source/filter/svm/SvmReader.cxx | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
New commits: commit 9e2b0a7399bb53cba9ae4cdb3b0e2cbbe04d602d Author: Caolán McNamara <[email protected]> AuthorDate: Wed Jul 14 20:25:06 2021 +0100 Commit: Caolán McNamara <[email protected]> CommitDate: Wed Jul 14 22:38:42 2021 +0200 cid#1487034 Untrusted value as argument Change-Id: I2c0edac58b92b9d828c62ff3b8859f23ed1d3c85 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118954 Tested-by: Caolán McNamara <[email protected]> Reviewed-by: Caolán McNamara <[email protected]> diff --git a/vcl/source/filter/svm/SvmReader.cxx b/vcl/source/filter/svm/SvmReader.cxx index 56197443757d..f8336068a0ac 100644 --- a/vcl/source/filter/svm/SvmReader.cxx +++ b/vcl/source/filter/svm/SvmReader.cxx @@ -663,6 +663,13 @@ rtl::Reference<MetaAction> SvmReader::TextHandler(ImplMetaReadData* pData) if (aCompat.GetVersion() >= 2) // Version 2 aStr = read_uInt16_lenPrefixed_uInt16s_ToOUString(mrStream); + if (nTmpIndex + nTmpLen > aStr.getLength()) + { + SAL_WARN("vcl.gdi", "inconsistent offset and len"); + pAction->SetIndex(0); + pAction->SetLen(aStr.getLength()); + } + pAction->SetText(aStr); return pAction; @@ -696,8 +703,9 @@ rtl::Reference<MetaAction> SvmReader::TextArrayHandler(ImplMetaReadData* pData) sal_Int32 nAryLen(0); mrStream.ReadInt32(nAryLen); - if (nTmpLen > aStr.getLength() - nTmpIndex) + if (nTmpIndex + nTmpLen > aStr.getLength()) { + SAL_WARN("vcl.gdi", "inconsistent offset and len"); pAction->SetIndex(0); pAction->SetLen(aStr.getLength()); return pAction; @@ -735,6 +743,7 @@ rtl::Reference<MetaAction> SvmReader::TextArrayHandler(ImplMetaReadData* pData) if (nTmpIndex + nTmpLen > aStr.getLength()) { + SAL_WARN("vcl.gdi", "inconsistent offset and len"); pAction->SetIndex(0); pAction->SetLen(aStr.getLength()); aArray.reset(); _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
