ofz: header has to be at least 1 pair long

Change-Id: I5725048519a2b68265e90d12b1e4bcb506c56fc2 (cherry picked from commit e72f3ce68e18ac604469ce5e856341a469af27ff) Reviewed-on: https://gerrit.libreoffice.org/36520 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Michael Stahl <mstahl@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2017-04-13 13:01:35 +0100
committer: Michael Stahl <mstahl@redhat.com> 2017-04-13 19:28:21 +0200
commit: ed8d18338f705fe249c88f1e735d1b45a408b2f7 (patch)
tree: 631e6891a845118986d1012ffc20d7197b8de2ac
parent: 0b8263c8efd7851eb0c9d2a12436adc96c78fcd5 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/sw/source/filter/ww8/ww8graf.cxx b/sw/source/filter/ww8/ww8graf.cxx
index 0fe0bf5287cf..72ee4ea7d805 100644
--- a/sw/source/filter/ww8/ww8graf.cxx
+++ b/sw/source/filter/ww8/ww8graf.cxx
@@ -1253,12 +1253,20 @@ SdrObject* SwWW8ImplReader::ReadCaptionBox(WW8_DPHEAD* pHd, SfxAllItemSet &rSet)
         return nullptr;
 
     sal_uInt16 nCount = SVBT16ToShort( aCallB.dpPolyLine.aBits1 ) >> 1 & 0x7fff;
+    if (nCount < 1)
+    {
+        SAL_WARN("sw.ww8", "Short CaptionBox header");
+        return nullptr;
+    }
+
     std::unique_ptr<SVBT16[]> xP(new SVBT16[nCount * 2]);
 
     bool bCouldRead = checkRead(*m_pStrm, xP.get(), nCount * 4);      // Punkte einlesen
-    OSL_ENSURE(bCouldRead, "Short CaptionBox header");
     if (!bCouldRead)
+    {
+        SAL_WARN("sw.ww8", "Short CaptionBox header");
         return nullptr;
+    }
 
     sal_uInt8 nTyp = (sal_uInt8)nCount - 1;
     if( nTyp == 1 && SVBT16ToShort( xP[0] ) == SVBT16ToShort( xP[2] ) )
author	Caolán McNamara <caolanm@redhat.com>	2017-04-13 13:01:35 +0100
committer	Michael Stahl <mstahl@redhat.com>	2017-04-13 19:28:21 +0200
commit	ed8d18338f705fe249c88f1e735d1b45a408b2f7 (patch)
tree	631e6891a845118986d1012ffc20d7197b8de2ac
parent	0b8263c8efd7851eb0c9d2a12436adc96c78fcd5 (diff)