summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2015-01-26 11:26:41 +0000
committerCaolán McNamara <caolanm@redhat.com>2015-01-26 12:14:45 +0000
commit0934ed1a40c59c169354b177d7dab4228de66171 (patch)
tree709be89aa3e4d61e728536d4abd73804475d329b
parent83e3abf7e41ebdbd0924227075eb861195638074 (diff)
coverity#1266485 Untrusted value as argument
Change-Id: I7708ecaf5412535055584ed6c71beaa9cd71c10c
-rw-r--r--vcl/source/gdi/jobset.cxx10
1 files changed, 8 insertions, 2 deletions
diff --git a/vcl/source/gdi/jobset.cxx b/vcl/source/gdi/jobset.cxx
index b37b970b4803..8066718bee4f 100644
--- a/vcl/source/gdi/jobset.cxx
+++ b/vcl/source/gdi/jobset.cxx
@@ -227,9 +227,15 @@ SvStream& ReadJobSetup( SvStream& rIStream, JobSetup& rJobSetup )
sal_uInt16 nSystem = 0;
rIStream.ReadUInt16( nSystem );
-
+ const size_t nRead = nLen - sizeof(nLen) - sizeof(nSystem);
+ if (nRead > rIStream.remainingSize())
+ {
+ SAL_WARN("vcl", "Parsing error: " << rIStream.remainingSize() <<
+ " max possible entries, but " << nRead << " claimed, truncating");
+ return rIStream;
+ }
boost::scoped_array<char> pTempBuf(new char[nLen]);
- rIStream.Read( pTempBuf.get(), nLen - sizeof( nLen ) - sizeof( nSystem ) );
+ rIStream.Read(pTempBuf.get(), nRead);
if ( nLen >= sizeof(ImplOldJobSetupData)+4 )
{
ImplOldJobSetupData* pData = reinterpret_cast<ImplOldJobSetupData*>(pTempBuf.get());