summaryrefslogtreecommitdiff
path: root/filter
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2014-11-17 15:22:08 +0000
committerCaolán McNamara <caolanm@redhat.com>2014-11-17 15:22:08 +0000
commiteb6d27321d2d5f9d069c4a3cbcc9bc6e5b4c98ab (patch)
treeea6667e3e2eed79feaa702830f5c4ca8ffa3d311 /filter
parent6ca5cc5b1aea3c7dc9f8c5f96eb9b9237430278f (diff)
afl: divide-by-zero
Change-Id: Ided311873f654c0f40dae57c8876a6412ee97d3e
Diffstat (limited to 'filter')
-rw-r--r--filter/qa/cppunit/data/met/fail/afl-divide-zero-1.metbin0 -> 629 bytes
-rw-r--r--filter/source/graphicfilter/ios2met/ios2met.cxx9
2 files changed, 8 insertions, 1 deletions
diff --git a/filter/qa/cppunit/data/met/fail/afl-divide-zero-1.met b/filter/qa/cppunit/data/met/fail/afl-divide-zero-1.met
new file mode 100644
index 000000000000..62ccf48f6d89
--- /dev/null
+++ b/filter/qa/cppunit/data/met/fail/afl-divide-zero-1.met
Binary files differ
diff --git a/filter/source/graphicfilter/ios2met/ios2met.cxx b/filter/source/graphicfilter/ios2met/ios2met.cxx
index 5f1d17f16b00..aa29380d5fd6 100644
--- a/filter/source/graphicfilter/ios2met/ios2met.cxx
+++ b/filter/source/graphicfilter/ios2met/ios2met.cxx
@@ -2357,7 +2357,14 @@ void OS2METReader::ReadField(sal_uInt16 nFieldType, sal_uInt16 nFieldSize)
pOS2MET->SeekRel(4);
nStartIndex=ReadBigEndianWord();
pOS2MET->SeekRel(3);
- pOS2MET->ReadUChar( nbyte ); nBytesPerCol=((sal_uInt16)nbyte) & 0x00ff;
+ pOS2MET->ReadUChar( nbyte );
+ nBytesPerCol=((sal_uInt16)nbyte) & 0x00ff;
+ if (nBytesPerCol == 0)
+ {
+ pOS2MET->SetError(SVSTREAM_FILEFORMAT_ERROR);
+ ErrorCode=4;
+ break;
+ }
nEndIndex=nStartIndex+(nElemLen-11)/nBytesPerCol;
for (i=nStartIndex; i<nEndIndex; i++) {
if (nBytesPerCol > 3) pOS2MET->SeekRel(nBytesPerCol-3);
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-27 23:17:22 +0000