coverity#1222238 Untrusted loop bound

Change-Id: I1a4dec8727d0a27f7fd0396fd22d955f61daaee4
author: Caolán McNamara <caolanm@redhat.com> 2014-10-17 15:59:56 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2014-10-18 10:45:28 +0100
commit: 5a89092d5fe43638832ea8f86df34f81869337d9 (patch)
tree: 7b3af8cf918b77e1269a70d54bd2d98ea4f1435a
parent: 38a1f24c4c2cb0863ba170d12048e68e56197b38 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index f0d1007d6477..cc13d172e3a8 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -2045,6 +2045,14 @@ static GlyphOffsets *GlyphOffsetsNew(sal_uInt8 *sfntP, sal_uInt32 sfntLen)
     sal_uInt32 locaLen = 0;
     sal_Int16 indexToLocFormat = 0;
 
+    sal_uInt32 nMaxPossibleTables = sfntLen / (3*sizeof(sal_uInt32)); /*the three GetUInt32 calls*/
+    if (numTables > nMaxPossibleTables)
+    {
+        SAL_WARN( "vcl.fonts", "GlyphOffsetsNew claimed to have "
+            << numTables  << " tables, but that's impossibly large");
+        numTables = nMaxPossibleTables;
+    }
+
     for (i = 0; i < numTables; i++) {
         sal_uInt32 nLargestFixedOffsetPos = 12 + 16 * i + 12;
         sal_uInt32 nMinSize = nLargestFixedOffsetPos + sizeof(sal_uInt32);
author	Caolán McNamara <caolanm@redhat.com>	2014-10-17 15:59:56 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2014-10-18 10:45:28 +0100
commit	5a89092d5fe43638832ea8f86df34f81869337d9 (patch)
tree	7b3af8cf918b77e1269a70d54bd2d98ea4f1435a
parent	38a1f24c4c2cb0863ba170d12048e68e56197b38 (diff)