ofz: MemorySanitizer: use-of-uninitialized-value

Change-Id: I342465eb02709a7e07d3088ecbb427a7ae900d30 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121472 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2021-09-01 14:30:11 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2021-09-01 20:26:11 +0200
commit: 2313a43d78c9a172e709d56ed9a933f2a17c2f93 (patch)
tree: 7a29ee691899e95f04cc974386d4cd059df51077 /sw/source/filter/ww8
parent: 71a8f5db9dd79ce1e023c22286a57856c4b7b3fc (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index afa244ad5c87..074b908d213c 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -4138,10 +4138,19 @@ Word2CHPX ReadWord2Chpx(SvStream &rSt, std::size_t nOffset, sal_uInt8 nSize)
 {
     Word2CHPX aChpx;
 
-    if (!nSize)
+    if (!nSize || !checkSeek(rSt, nOffset))
         return aChpx;
 
-    rSt.Seek(nOffset);
+    const size_t nMaxByteCount = rSt.remainingSize();
+    if (!nMaxByteCount)
+        return aChpx;
+
+    if (nSize > nMaxByteCount)
+    {
+        SAL_WARN("sw.ww8", "ReadWord2Chpx: truncating out of range "
+            << nSize << " to " << nMaxByteCount);
+        nSize = nMaxByteCount;
+    }
 
     sal_uInt8 nCount=0;
author	Caolán McNamara <caolanm@redhat.com>	2021-09-01 14:30:11 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2021-09-01 20:26:11 +0200
commit	2313a43d78c9a172e709d56ed9a933f2a17c2f93 (patch)
tree	7a29ee691899e95f04cc974386d4cd059df51077 /sw/source/filter/ww8
parent	71a8f5db9dd79ce1e023c22286a57856c4b7b3fc (diff)