src/lib/CDRInternalStream.cpp | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-)
New commits: commit 4a57bcd203c54a68a88c1540a734c825906618a2 Author: Caolán McNamara <[email protected]> AuthorDate: Fri May 22 20:43:08 2026 +0000 Commit: Caolán McNamara <[email protected]> CommitDate: Sat May 23 16:24:34 2026 +0200 avoid integer wrap in CDRInternalStream::read bounds check Compute remaining bytes as "bufSize - pos" after a non-negative clamp on m_offset, then take the smaller of numBytes and remaining. Change-Id: I036e40d55d613ad2ff3cd151224b8b80101b7c61 Reviewed-on: https://gerrit.libreoffice.org/c/libcdr/+/205581 Tested-by: Caolán McNamara <[email protected]> Reviewed-by: Caolán McNamara <[email protected]> diff --git a/src/lib/CDRInternalStream.cpp b/src/lib/CDRInternalStream.cpp index 6063a02..9da2f00 100644 --- a/src/lib/CDRInternalStream.cpp +++ b/src/lib/CDRInternalStream.cpp @@ -104,12 +104,13 @@ const unsigned char *libcdr::CDRInternalStream::read(unsigned long numBytes, uns if (numBytes == 0) return nullptr; - unsigned long numBytesToRead; + if (m_offset < 0) + return nullptr; - if ((m_offset+numBytes) < m_buffer.size()) - numBytesToRead = numBytes; - else - numBytesToRead = m_buffer.size() - m_offset; + const unsigned long bufSize = m_buffer.size(); + const unsigned long pos = static_cast<unsigned long>(m_offset); + const unsigned long remaining = pos < bufSize ? bufSize - pos : 0; + const unsigned long numBytesToRead = numBytes < remaining ? numBytes : remaining; numBytesRead = numBytesToRead; // about as paranoid as we can be..
