summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2015-08-28 14:33:05 +0100
committerDavid Tardon <dtardon@redhat.com>2015-08-29 08:10:08 +0000
commite444e2a1204932388c0a9bdcc31296e2bd549e4b (patch)
tree2ab3800b6e3da9dac2d9804d02cce74a05d6f98c
parent00abcf33a923084f6d27b5b41c55b0b03ce04a52 (diff)
guard against 0 item size
Change-Id: I9c4c2f0fe2d892615b3c70e08da0cab6da13338a (cherry picked from commit 2aadad1e89e96cb80c15fe1069cb6365f0cade1d) Reviewed-on: https://gerrit.libreoffice.org/18113 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: David Tardon <dtardon@redhat.com>
-rw-r--r--sd/qa/unit/data/ppt/pass/crash-2.pptbin0 -> 7680 bytes
-rw-r--r--sd/source/filter/ppt/propread.cxx11
2 files changed, 9 insertions, 2 deletions
diff --git a/sd/qa/unit/data/ppt/pass/crash-2.ppt b/sd/qa/unit/data/ppt/pass/crash-2.ppt
new file mode 100644
index 000000000000..78a4da4660d8
--- /dev/null
+++ b/sd/qa/unit/data/ppt/pass/crash-2.ppt
Binary files differ
diff --git a/sd/source/filter/ppt/propread.cxx b/sd/source/filter/ppt/propread.cxx
index 4f2e37ba07e3..be288c84d58f 100644
--- a/sd/source/filter/ppt/propread.cxx
+++ b/sd/source/filter/ppt/propread.cxx
@@ -93,7 +93,7 @@ bool PropItem::Read( OUString& rString, sal_uInt32 nStringType, bool bAlign )
{
case VT_LPSTR :
{
- if ( nItemSize )
+ if (nItemSize)
{
auto nMaxSizePossible = remainingSize();
if (nItemSize > nMaxSizePossible)
@@ -101,6 +101,10 @@ bool PropItem::Read( OUString& rString, sal_uInt32 nStringType, bool bAlign )
SAL_WARN("sd.filter", "String of Len " << nItemSize << " claimed, only " << nMaxSizePossible << " possible");
nItemSize = nMaxSizePossible;
}
+ }
+
+ if (nItemSize)
+ {
try
{
sal_Char* pString = new sal_Char[ nItemSize ];
@@ -144,7 +148,7 @@ bool PropItem::Read( OUString& rString, sal_uInt32 nStringType, bool bAlign )
case VT_LPWSTR :
{
- if ( nItemSize )
+ if (nItemSize)
{
auto nMaxSizePossible = remainingSize() / sizeof(sal_Unicode);
if (nItemSize > nMaxSizePossible)
@@ -152,7 +156,10 @@ bool PropItem::Read( OUString& rString, sal_uInt32 nStringType, bool bAlign )
SAL_WARN("sd.filter", "String of Len " << nItemSize << " claimed, only " << nMaxSizePossible << " possible");
nItemSize = nMaxSizePossible;
}
+ }
+ if (nItemSize)
+ {
try
{
sal_Unicode* pString = new sal_Unicode[ nItemSize ];