vcl/source/gdi/gfxlink.cxx | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
New commits:
commit 89914fee18f9cc5354e21073f97c8121db7df85f
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Mar 10 11:51:17 2017 +0000
ofz#786 avoid svm oom
Change-Id: Ib4920d6537437fe060c453f249fa7f8da230bfc7
diff --git a/vcl/source/gdi/gfxlink.cxx b/vcl/source/gdi/gfxlink.cxx
index 4fdd0e1..abe94b0 100644
--- a/vcl/source/gdi/gfxlink.cxx
+++ b/vcl/source/gdi/gfxlink.cxx
@@ -213,14 +213,13 @@ SvStream& ReadGfxLink( SvStream& rIStream, GfxLink&
rGfxLink)
{
Size aSize;
MapMode aMapMode;
- sal_uInt32 nSize;
- sal_uInt32 nUserId;
- sal_uInt16 nType;
bool bMapAndSizeValid( false );
std::unique_ptr<VersionCompat> pCompat(new VersionCompat( rIStream,
StreamMode::READ ));
// Version 1
- rIStream.ReadUInt16( nType ).ReadUInt32( nSize ).ReadUInt32( nUserId );
+ sal_uInt16 nType(0);
+ sal_uInt32 nSize(0), nUserId(0);
+ rIStream.ReadUInt16(nType).ReadUInt32(nSize).ReadUInt32(nUserId);
if( pCompat->GetVersion() >= 2 )
{
@@ -231,6 +230,13 @@ SvStream& ReadGfxLink( SvStream& rIStream, GfxLink&
rGfxLink)
pCompat.reset(); // destructor writes stuff into the header
+ auto nRemainingData = rIStream.remainingSize();
+ if (nSize > nRemainingData)
+ {
+ SAL_WARN("vcl", "graphic link stream is smaller than requested size");
+ nSize = nRemainingData;
+ }
+
std::unique_ptr<sal_uInt8[]> pBuf(new sal_uInt8[ nSize ]);
rIStream.ReadBytes( pBuf.get(), nSize );
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
