sw/source/filter/ww8/ww8par.cxx | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-)
New commits: commit a36a425f28a1cff5e364d1e9f667c92e7698c7f7 Author: Caolán McNamara <caol...@redhat.com> Date: Sun May 7 14:56:51 2017 +0100 ofz check against expected struct size don't copy vector and const up as well Change-Id: Ia9c9dd9e0dee2300f8f60eec15b67e4a349c8a93 (cherry picked from commit f5c0d7508b972898153bbf4069c9ea48f53d64d5) Reviewed-on: https://gerrit.libreoffice.org/37345 Tested-by: Jenkins <c...@libreoffice.org> Reviewed-by: Michael Stahl <mst...@redhat.com> diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx index 80749085cb86..cf06fc768513 100644 --- a/sw/source/filter/ww8/ww8par.cxx +++ b/sw/source/filter/ww8/ww8par.cxx @@ -5021,10 +5021,14 @@ sal_uLong SwWW8ImplReader::CoreLoad(WW8Glossary *pGloss) for (size_t i=0; i < aLinkStrings.size() && i < aStringIds.size(); ++i) { - ww::bytes stringId = aStringIds[i]; - WW8_STRINGID *stringIdStruct = reinterpret_cast<WW8_STRINGID*>(&stringId[0]); - m_aLinkStringMap[SVBT16ToShort(stringIdStruct->nStringId)] = - aLinkStrings[i]; + const ww::bytes& stringId = aStringIds[i]; + if (stringId.size() < sizeof(WW8_STRINGID)) + { + SAL_WARN("sw.ww8", "SwWW8ImplReader::CoreLoad: WW8_STRINGID is too short"); + continue; + } + const WW8_STRINGID *stringIdStruct = reinterpret_cast<const WW8_STRINGID*>(stringId.data()); + m_aLinkStringMap[SVBT16ToShort(stringIdStruct->nStringId)] = aLinkStrings[i]; } ReadDocVars(); // import document variables as meta information.
_______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits