From 0934ed1a40c59c169354b177d7dab4228de66171 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Mon, 26 Jan 2015 11:26:41 +0000
Subject: coverity#1266485 Untrusted value as argument

Change-Id: I7708ecaf5412535055584ed6c71beaa9cd71c10c
---
 vcl/source/gdi/jobset.cxx | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/vcl/source/gdi/jobset.cxx b/vcl/source/gdi/jobset.cxx
index b37b970b4803..8066718bee4f 100644
--- a/vcl/source/gdi/jobset.cxx
+++ b/vcl/source/gdi/jobset.cxx
@@ -227,9 +227,15 @@ SvStream& ReadJobSetup( SvStream& rIStream, JobSetup& rJobSetup )
 
         sal_uInt16 nSystem = 0;
         rIStream.ReadUInt16( nSystem );
-
+        const size_t nRead = nLen - sizeof(nLen) - sizeof(nSystem);
+        if (nRead > rIStream.remainingSize())
+        {
+            SAL_WARN("vcl", "Parsing error: " << rIStream.remainingSize() <<
+                     " max possible entries, but " << nRead << " claimed, truncating");
+            return rIStream;
+        }
         boost::scoped_array<char> pTempBuf(new char[nLen]);
-        rIStream.Read( pTempBuf.get(),  nLen - sizeof( nLen ) - sizeof( nSystem ) );
+        rIStream.Read(pTempBuf.get(),  nRead);
         if ( nLen >= sizeof(ImplOldJobSetupData)+4 )
         {
             ImplOldJobSetupData* pData = reinterpret_cast<ImplOldJobSetupData*>(pTempBuf.get());
-- 
cgit v1.2.3