filter/source/xsltfilter/OleHandler.cxx | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)
New commits: commit 5d474fc14581eaceb1defa7eabf5bcd335143b2d Author: Michael Stahl <mst...@redhat.com> Date: Wed May 10 21:19:58 2017 +0200 tdf#107709 filter: MSO2003XML import: fix invalid OLE lengths The oleLength was -28160 for the bugdoc, so i guess the shifting of signed chars there is perhaps not ideal, better upcast and shift as unsigned. Change-Id: I068013a10e18043c1534c7c61be8ff8a5556d460 (cherry picked from commit 088b898856a82d7ac4851a6e7dfe4d189d881f8e) Reviewed-on: https://gerrit.libreoffice.org/37486 Tested-by: Jenkins <c...@libreoffice.org> Reviewed-by: Miklos Vajna <vmik...@collabora.co.uk> diff --git a/filter/source/xsltfilter/OleHandler.cxx b/filter/source/xsltfilter/OleHandler.cxx index 6564d2ea88a9..2f2bd04f9eef 100644 --- a/filter/source/xsltfilter/OleHandler.cxx +++ b/filter/source/xsltfilter/OleHandler.cxx @@ -117,8 +117,14 @@ namespace XSLT { return "Can not read the length."; } - int oleLength = (aLength[0] << 0) + (aLength[1] << 8) - + (aLength[2] << 16) + (aLength[3] << 24); + sal_Int32 const oleLength = (static_cast<sal_uInt8>(aLength[0]) << 0U) + | (static_cast<sal_uInt8>(aLength[1]) << 8U) + | (static_cast<sal_uInt8>(aLength[2]) << 16U) + | (static_cast<sal_uInt8>(aLength[3]) << 24U); + if (oleLength < 0) + { + return "invalid oleLength"; + } Sequence<sal_Int8> content(oleLength); //Read all bytes. The compressed length should less then the uncompressed length readbytes = subStream->readBytes(content, oleLength); _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits