coverity#1242810 Untrusted loop bound

Change-Id: I457f0f92dc32630e52efbb2bd068208a8570c5d0
author: Caolán McNamara <caolanm@redhat.com> 2014-11-17 12:05:06 +0000
committer: Caolán McNamara <caolanm@redhat.com> 2014-11-17 14:53:23 +0000
commit: 0f83c393d34e879a6fadcc21faad5e9d3835637b (patch)
tree: 5ea22cb182a3353bed25ff189217f0d03f18c8a5 /svl
parent: 357f9d22a0537a2af888d0b88ca3f1b2628d6516 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/svl/source/items/itemset.cxx b/svl/source/items/itemset.cxx
index eb5ffaa4522e..9dc809f6c7f8 100644
--- a/svl/source/items/itemset.cxx
+++ b/svl/source/items/itemset.cxx
@@ -1487,6 +1487,16 @@ SvStream &SfxItemSet::Load
     // Load Item count and as many Items
     sal_uInt16 nCount = 0;
     rStream.ReadUInt16( nCount );
+
+    const size_t nMinRecordSize = sizeof(sal_uInt16) * 2;
+    const size_t nMaxRecords = rStream.remainingSize() / nMinRecordSize;
+    if (nCount > nMaxRecords)
+    {
+        SAL_WARN("svl", "Parsing error: " << nMaxRecords <<
+                 " max possible entries, but " << nCount << " claimed, truncating");
+        nCount = nMaxRecords;
+    }
+
     for ( sal_uInt16 i = 0; i < nCount; ++i )
     {
         // Load Surrogate/Item and resolve Surrogate
author	Caolán McNamara <caolanm@redhat.com>	2014-11-17 12:05:06 +0000
committer	Caolán McNamara <caolanm@redhat.com>	2014-11-17 14:53:23 +0000
commit	0f83c393d34e879a6fadcc21faad5e9d3835637b (patch)
tree	5ea22cb182a3353bed25ff189217f0d03f18c8a5 /svl
parent	357f9d22a0537a2af888d0b88ca3f1b2628d6516 (diff)