diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2015-07-13 20:44:16 +0100 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2015-07-13 22:52:00 +0200 |
| commit | ec9e5a231e3f38e58e0dcc83f5a714037dc34b38 (patch) | |
| tree | e7b4c66a98d6f5e4b7f5d3455a2e37b83058a4ba | |
| parent | 902e90c99b78e423fc18d91053f9f3039202b0e0 (diff) | |
fix a third emf crash
Change-Id: I3b5d0daf05e3272d2afa0da84ff0b1f8d5c965a4
(cherry picked from commit 173fd90387e8bb7f33c2608628f12c7f772f0277)
| -rw-r--r-- | vcl/qa/cppunit/graphicfilter/data/emf/fail/crash-3.emf | bin | 0 -> 456 bytes | |||
| -rw-r--r-- | vcl/source/filter/wmf/enhwmf.cxx | 4 |
2 files changed, 3 insertions, 1 deletions
diff --git a/vcl/qa/cppunit/graphicfilter/data/emf/fail/crash-3.emf b/vcl/qa/cppunit/graphicfilter/data/emf/fail/crash-3.emf Binary files differnew file mode 100644 index 000000000000..92da5f05ac7b --- /dev/null +++ b/vcl/qa/cppunit/graphicfilter/data/emf/fail/crash-3.emf diff --git a/vcl/source/filter/wmf/enhwmf.cxx b/vcl/source/filter/wmf/enhwmf.cxx index a9b69389e825..4d1098968fcf 100644 --- a/vcl/source/filter/wmf/enhwmf.cxx +++ b/vcl/source/filter/wmf/enhwmf.cxx @@ -1287,7 +1287,9 @@ bool EnhWMFReader::ReadEnhWMF() DBG_ASSERT( ( nOptions & ( ETO_PDY | ETO_GLYPH_INDEX ) ) == 0, "SJ: ETO_PDY || ETO_GLYPH_INDEX in EMF" ); Point aPos( ptlReferenceX, ptlReferenceY ); - if ( nLen > 0 && nLen < static_cast<sal_Int32>( SAL_MAX_UINT32 / sizeof(sal_Int32) ) ) + bool bLenSane = nLen > 0 && nLen < static_cast<sal_Int32>( SAL_MAX_UINT32 / sizeof(sal_Int32) ); + bool bOffStringSane = nOffString <= nEndPos - nCurPos; + if (bLenSane && bOffStringSane) { if ( offDx && (( nCurPos + offDx + nLen * 4 ) <= nNextPos ) ) { |