diff options
author | Caolán McNamara <caolanm@redhat.com> | 2015-08-24 14:05:00 +0100 |
---|---|---|
committer | David Tardon <dtardon@redhat.com> | 2015-08-25 07:19:40 +0000 |
commit | d8b8bb7bb6a4b50190efd9f1f6909f42e353546c (patch) | |
tree | 2dbaf1cae56488de5f281486d02b9aa19f256d50 /sw | |
parent | cce05bd5e655ae1db7165e086183371bf071dae3 (diff) |
limit seeks to valid area
(cherry picked from commit c0c9075163f06c0b5c2ad9cf428f1cfacf9fe1fb)
Change-Id: I401d93491999a3fc3db4f597eea9c4fe5b9bc926
Reviewed-on: https://gerrit.libreoffice.org/17955
Reviewed-by: David Tardon <dtardon@redhat.com>
Tested-by: David Tardon <dtardon@redhat.com>
Diffstat (limited to 'sw')
-rw-r--r-- | sw/qa/core/data/ww5/pass/hang-2.doc | bin | 0 -> 4353 bytes | |||
-rw-r--r-- | sw/source/filter/ww8/ww8scan.cxx | 9 |
2 files changed, 4 insertions, 5 deletions
diff --git a/sw/qa/core/data/ww5/pass/hang-2.doc b/sw/qa/core/data/ww5/pass/hang-2.doc Binary files differnew file mode 100644 index 000000000000..5f76093f952e --- /dev/null +++ b/sw/qa/core/data/ww5/pass/hang-2.doc diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx index 1dbf102e8834..c227c12d0803 100644 --- a/sw/source/filter/ww8/ww8scan.cxx +++ b/sw/source/filter/ww8/ww8scan.cxx @@ -6726,9 +6726,8 @@ WW8Dop::WW8Dop(SvStream& rSt, sal_Int16 nFib, sal_Int32 nPos, sal_uInt32 nSize) sal_uInt8* pData = pDataPtr; sal_uInt32 nRead = nMaxDopSize < nSize ? nMaxDopSize : nSize; - rSt.Seek( nPos ); - if (2 > nSize || nRead != rSt.Read(pData, nRead)) - nDopError = ERR_SWG_READ_ERROR; // Error melden + if (nSize < 2 || !checkSeek(rSt, nPos) || nRead != rSt.Read(pData, nRead)) + nDopError = ERR_SWG_READ_ERROR; // report error else { if (nMaxDopSize > nRead) @@ -7575,8 +7574,8 @@ SEPr::SEPr() : bool checkSeek(SvStream &rSt, sal_uInt32 nOffset) { - return (nOffset != SAL_MAX_UINT32 && - rSt.Seek(nOffset) == static_cast<sal_Size>(nOffset)); + const sal_uInt64 nMaxSeek(rSt.Tell() + rSt.remainingSize()); + return (nOffset <= nMaxSeek && rSt.Seek(nOffset) == nOffset); } bool checkRead(SvStream &rSt, void *pDest, sal_uInt32 nLength) |