ofz: libFuzzer: out-of-memory

from "unstable" log file https://oss-fuzz-build-logs.storage.googleapis.com/build_logs/libreoffice/latest.txt #5 0x617248 in operator new[](unsigned long) /src/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:84 #6 0x710843 in MetaCommentAction::Read(SvStream&, ImplMetaReadData*) /src/libreoffice/vcl/source/gdi/metaact.cxx:3363:18 #7 0x6e1921 in MetaAction::ReadMetaAction(SvStream&, ImplMetaReadData*) /src/libreoffice/vcl/source/gdi/metaact.cxx:266:18 Change-Id: I518adea27565d1fbe91c8817f41850deb0ba9877
author: Caolán McNamara <caolanm@redhat.com> 2017-02-17 20:49:58 +0000
committer: Caolán McNamara <caolanm@redhat.com> 2017-02-17 20:49:58 +0000
commit: 6f53409ef3a45e0c26cc87247dd2ea9aa4539d55 (patch)
tree: e4781ef695ddf4fb608d72aa2e01126fd674df18
parent: 273823de644f2086377795d3afb51a39d30bfeaa (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 05b24da91e1e..3ef90028434c 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -3354,6 +3354,13 @@ void MetaCommentAction::Read( SvStream& rIStm, ImplMetaReadData* )
     maComment = read_uInt16_lenPrefixed_uInt8s_ToOString(rIStm);
     rIStm.ReadInt32( mnValue ).ReadUInt32( mnDataSize );
 
+    if (mnDataSize > rIStm.remainingSize())
+    {
+        SAL_WARN("vcl.gdi", "Parsing error: " << rIStm.remainingSize() <<
+                 " available data, but " << mnDataSize << " claimed, truncating");
+        mnDataSize = rIStm.remainingSize();
+    }
+
     SAL_INFO("vcl.gdi", "MetaCommentAction::Read " << maComment);
 
     delete[] mpData;
author	Caolán McNamara <caolanm@redhat.com>	2017-02-17 20:49:58 +0000
committer	Caolán McNamara <caolanm@redhat.com>	2017-02-17 20:49:58 +0000
commit	6f53409ef3a45e0c26cc87247dd2ea9aa4539d55 (patch)
tree	e4781ef695ddf4fb608d72aa2e01126fd674df18
parent	273823de644f2086377795d3afb51a39d30bfeaa (diff)