diff options
author | Caolán McNamara <caolanm@redhat.com> | 2021-03-31 20:14:07 +0100 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2021-04-01 11:35:14 +0200 |
commit | 7e22869694a7a1dd66d68e262727e64cc4dd6384 (patch) | |
tree | eb72c6caff2470728eaa776200c53945ef036131 /sc/source/filter | |
parent | 903902f826129705f1fafc5583a13be645e145b5 (diff) |
cid#1473732 Untrusted loop bound
and
cid#1474044 Untrusted loop bound
Change-Id: If30dc454d60adca11fd1a53ecf472555e328bd42
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113441
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'sc/source/filter')
-rw-r--r-- | sc/source/filter/excel/xltoolbar.cxx | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/sc/source/filter/excel/xltoolbar.cxx b/sc/source/filter/excel/xltoolbar.cxx index acf6d8339f20..c4178ccafea1 100644 --- a/sc/source/filter/excel/xltoolbar.cxx +++ b/sc/source/filter/excel/xltoolbar.cxx @@ -100,19 +100,20 @@ bool ScCTB::Read( SvStream &rS ) } rS.ReadUInt32( ectbid ); - sal_Int16 nIndexes = tb.getcCL(); - - if (nIndexes > 0) + sal_Int16 nCL = tb.getcCL(); + if (nCL > 0) { + auto nIndexes = o3tl::make_unsigned(nCL); + const size_t nMinRecordSize = 11; // ScTBC's TBCHeader reads min 11 bytes const size_t nMaxPossibleRecords = rS.remainingSize() / nMinRecordSize; - if (o3tl::make_unsigned(nIndexes) > nMaxPossibleRecords) + if (nIndexes > nMaxPossibleRecords) { SAL_WARN("sc.filter", "ScCTB::Read more entries claimed than stream could contain"); return false; } - for ( sal_Int16 index = 0; index < nIndexes; ++index ) + for (decltype(nIndexes) index = 0; index < nIndexes; ++index) { ScTBC aTBC; aTBC.Read( rS ); |