diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2017-04-05 10:36:06 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2017-04-05 12:08:17 +0100 |
| commit | a32ef811014a9ae10e8d996e61cff39b3c99028d (patch) | |
| tree | 4483e11417fedc9bf69b601a5bdd11a746b085a0 | |
| parent | 58b56f8c78eef15c70e1afd6b52c79a800a185ab (diff) | |
ofz: infinite loop and oom
Change-Id: Ibb23b5808ae465294adf2342d5535784476f5395
| -rw-r--r-- | sw/source/filter/ww8/ww8graf.cxx | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sw/source/filter/ww8/ww8graf.cxx b/sw/source/filter/ww8/ww8graf.cxx index 8967f5b0d04e..a6b659775660 100644 --- a/sw/source/filter/ww8/ww8graf.cxx +++ b/sw/source/filter/ww8/ww8graf.cxx @@ -1336,7 +1336,8 @@ SdrObject* SwWW8ImplReader::ReadGrafPrimitive(short& rLeft, SfxAllItemSet &rSet) // into an object hierarchy with a little effort. SdrObject *pRet=nullptr; WW8_DPHEAD aHd; // Lese Draw-Primitive-Header - bool bCouldRead = checkRead(*m_pStrm, &aHd, sizeof(WW8_DPHEAD)); + bool bCouldRead = checkRead(*m_pStrm, &aHd, sizeof(WW8_DPHEAD)) && + SVBT16ToShort(aHd.cb) >= sizeof(WW8_DPHEAD); OSL_ENSURE(bCouldRead, "Graphic Primitive header short read" ); if (!bCouldRead) { |