sw/source/filter/ww8/ww8par2.cxx | 8 ++++++++
1 file changed, 8 insertions(+)
New commits:
commit d79935cb3154ca86aca01043d7c196cc161db67b
Author: Caolán McNamara <caol...@redhat.com>
Date: Tue Apr 4 19:13:12 2017 +0100
ofz: check olst sprm for valid ANLD payload len
Change-Id: Ic1b6681a3f48ef0fe3f52eda9db8b7bc003ded55
(cherry picked from commit 98151bf95bda8d647310bdba6936dc6b388b05de)
Reviewed-on: https://gerrit.libreoffice.org/36099
Reviewed-by: Michael Stahl <mst...@redhat.com>
Tested-by: Michael Stahl <mst...@redhat.com>
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index ff6bcb0ca1a7..57d5f644f2b7 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -917,6 +917,14 @@ void SwWW8ImplReader::Read_OLST( sal_uInt16, const
sal_uInt8* pData, short nLen
m_pNumOlst = nullptr;
return;
}
+
+ if (static_cast<size_t>(nLen) < sizeof(WW8_OLST))
+ {
+ SAL_WARN("sw.ww8", "WW8_OLST property is " << nLen << " long, needs to
be at least " << sizeof(WW8_OLST));
+ m_pNumOlst = nullptr;
+ return;
+ }
+
m_pNumOlst = new WW8_OLST;
if( nLen < sal::static_int_cast< sal_Int32 >(sizeof( WW8_OLST )) ) //
fill if to short
memset( m_pNumOlst, 0, sizeof( *m_pNumOlst ) );
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
