[Libreoffice-commits] core.git: lotuswordpro/source

Caolán McNamara (via logerrit) Thu, 13 Jan 2022 11:26:26 -0800

 lotuswordpro/source/filter/lwpdrawobj.cxx |    3 +++
 1 file changed, 3 insertions(+)


New commits:
commit 444477a07bcaf59181dbbc719b913566091deadc
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Jan 13 16:57:48 2022 +0000
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Thu Jan 13 20:25:11 2022 +0100

    ofz#43577 valid reclen must be >= 20
    
    Change-Id: I454bff4acfcd85701a7f094a8bd76898825e9ce2
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128388
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/lotuswordpro/source/filter/lwpdrawobj.cxx 
b/lotuswordpro/source/filter/lwpdrawobj.cxx
index 55d23be1ef7b..0e78359fa0c6 100644
--- a/lotuswordpro/source/filter/lwpdrawobj.cxx
+++ b/lotuswordpro/source/filter/lwpdrawobj.cxx
@@ -1362,6 +1362,9 @@ void LwpDrawBitmap::Read()
     m_pStream->ReadUInt16( m_aBmpRec.nTranslation );
     m_pStream->ReadUInt16( m_aBmpRec.nRotation );
 
+    if (m_aObjHeader.nRecLen < 20)
+        throw BadRead();
+
     // 20 == length of draw-specific fields.
     // 14 == length of bmp file header.
     m_aBmpRec.nFileSize = m_aObjHeader.nRecLen - 20 + 14;

[Libreoffice-commits] core.git: lotuswordpro/source

Reply via email to