diff options
| author | Michael Stahl <mstahl@redhat.com> | 2013-02-25 13:15:19 +0100 |
|---|---|---|
| committer | Michael Stahl <mstahl@redhat.com> | 2013-02-25 14:27:07 +0100 |
| commit | ec0d1440cf07008a220708535848567bcbb233ea (patch) | |
| tree | 2bfdd388ff9d5a89e841d1ebae5d4f7312c70ade | |
| parent | 0cf6433117477642897fb2d874a4353eff8a1f35 (diff) | |
fdo#59405: cppcanvas: fix infinite loop in processEMFPlus
This can be observed when inserting the bugdoc from fdo#59405.
Apparently the "size" and "length" do not agree; ensure that the
"length" does not underflow.
Change-Id: Idfc68919859b8284c724831de21208e4392af328
| -rw-r--r-- | cppcanvas/source/mtfrenderer/emfplus.cxx | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/cppcanvas/source/mtfrenderer/emfplus.cxx b/cppcanvas/source/mtfrenderer/emfplus.cxx index f1b0eff12282..0c9db41dd843 100644 --- a/cppcanvas/source/mtfrenderer/emfplus.cxx +++ b/cppcanvas/source/mtfrenderer/emfplus.cxx @@ -1763,7 +1763,16 @@ namespace cppcanvas rMF.Seek (next); - length -= size; + if (size <= length) + { + length -= size; + } + else + { + SAL_WARN("cppcanvas", "ImplRenderer::processEMFPlus: " + "size " << size << " > length " << length); + length = 0; + } } } } |