sw/source/filter/ww8/ww8par2.cxx | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-)
New commits: commit 2313a43d78c9a172e709d56ed9a933f2a17c2f93 Author: Caolán McNamara <[email protected]> AuthorDate: Wed Sep 1 14:30:11 2021 +0100 Commit: Caolán McNamara <[email protected]> CommitDate: Wed Sep 1 20:26:11 2021 +0200 ofz: MemorySanitizer: use-of-uninitialized-value Change-Id: I342465eb02709a7e07d3088ecbb427a7ae900d30 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121472 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx index afa244ad5c87..074b908d213c 100644 --- a/sw/source/filter/ww8/ww8par2.cxx +++ b/sw/source/filter/ww8/ww8par2.cxx @@ -4138,10 +4138,19 @@ Word2CHPX ReadWord2Chpx(SvStream &rSt, std::size_t nOffset, sal_uInt8 nSize) { Word2CHPX aChpx; - if (!nSize) + if (!nSize || !checkSeek(rSt, nOffset)) return aChpx; - rSt.Seek(nOffset); + const size_t nMaxByteCount = rSt.remainingSize(); + if (!nMaxByteCount) + return aChpx; + + if (nSize > nMaxByteCount) + { + SAL_WARN("sw.ww8", "ReadWord2Chpx: truncating out of range " + << nSize << " to " << nMaxByteCount); + nSize = nMaxByteCount; + } sal_uInt8 nCount=0;
