filter/source/xsltfilter/OleHandler.cxx | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
New commits:
commit 5d474fc14581eaceb1defa7eabf5bcd335143b2d
Author: Michael Stahl <mst...@redhat.com>
Date: Wed May 10 21:19:58 2017 +0200
tdf#107709 filter: MSO2003XML import: fix invalid OLE lengths
The oleLength was -28160 for the bugdoc, so i guess the shifting of
signed chars there is perhaps not ideal, better upcast and
shift as unsigned.
Change-Id: I068013a10e18043c1534c7c61be8ff8a5556d460
(cherry picked from commit 088b898856a82d7ac4851a6e7dfe4d189d881f8e)
Reviewed-on: https://gerrit.libreoffice.org/37486
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: Miklos Vajna <vmik...@collabora.co.uk>
diff --git a/filter/source/xsltfilter/OleHandler.cxx
b/filter/source/xsltfilter/OleHandler.cxx
index 6564d2ea88a9..2f2bd04f9eef 100644
--- a/filter/source/xsltfilter/OleHandler.cxx
+++ b/filter/source/xsltfilter/OleHandler.cxx
@@ -117,8 +117,14 @@ namespace XSLT
{
return "Can not read the length.";
}
- int oleLength = (aLength[0] << 0) + (aLength[1] << 8)
- + (aLength[2] << 16) + (aLength[3] << 24);
+ sal_Int32 const oleLength = (static_cast<sal_uInt8>(aLength[0]) << 0U)
+ | (static_cast<sal_uInt8>(aLength[1]) << 8U)
+ | (static_cast<sal_uInt8>(aLength[2]) << 16U)
+ | (static_cast<sal_uInt8>(aLength[3]) <<
24U);
+ if (oleLength < 0)
+ {
+ return "invalid oleLength";
+ }
Sequence<sal_Int8> content(oleLength);
//Read all bytes. The compressed length should less then the
uncompressed length
readbytes = subStream->readBytes(content, oleLength);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
