ofz#937 sanity check claimed record length

Change-Id: Ic0b9b23764bd7533adbc746419d38da8ab7ce704

4 files changed, 5 insertions, 1 deletions

diff --git a/vcl/qa/cppunit/graphicfilter/data/svm/pass/mapmode-1.svm b/vcl/qa/cppunit/graphicfilter/data/svm/fail/mapmode-1.svm
index 2fce465f7653..2fce465f7653 100644
--- a/vcl/qa/cppunit/graphicfilter/data/svm/pass/mapmode-1.svm
+++ b/vcl/qa/cppunit/graphicfilter/data/svm/fail/mapmode-1.svm
diff --git a/vcl/qa/cppunit/graphicfilter/data/svm/pass/mapmode-2.svm b/vcl/qa/cppunit/graphicfilter/data/svm/fail/mapmode-2.svm
index 1b3cd14167cf..1b3cd14167cf 100644
--- a/vcl/qa/cppunit/graphicfilter/data/svm/pass/mapmode-2.svm
+++ b/vcl/qa/cppunit/graphicfilter/data/svm/fail/mapmode-2.svm
diff --git a/vcl/qa/cppunit/graphicfilter/data/svm/pass/mapmode-3.svm b/vcl/qa/cppunit/graphicfilter/data/svm/fail/mapmode-3.svm
index b4afeb09f2d8..b4afeb09f2d8 100644
--- a/vcl/qa/cppunit/graphicfilter/data/svm/pass/mapmode-3.svm
+++ b/vcl/qa/cppunit/graphicfilter/data/svm/fail/mapmode-3.svm
diff --git a/vcl/source/gdi/svmconverter.cxx b/vcl/source/gdi/svmconverter.cxx
index 9c56e6edf487..cb0f87ac387e 100644
--- a/vcl/source/gdi/svmconverter.cxx
+++ b/vcl/source/gdi/svmconverter.cxx
@@ -1024,7 +1024,11 @@ void SVMConverter::ImplConvertFromSVM1( SvStream& rIStm, GDIMetaFile& rMtf )
                         ImplReadUnicodeComment( nUnicodeCommentStreamPos, rIStm, aStr );
                     rMtf.AddAction( new MetaTextArrayAction( aPt, aStr, pDXAry.get(), nIndex, nLen ) );
                 }
-                rIStm.Seek( nActBegin + nActionSize );
+
+                if (nActionSize < 24)
+                    rIStm.SetError(SVSTREAM_FILEFORMAT_ERROR);
+                else
+                    rIStm.Seek(nActBegin + nActionSize);
             }
             break;