coverity#1266493 Use of untrusted scalar value

Change-Id: Iba051da07f5ffafcab559fe03a4e93f21a2d4f8a

1 files changed, 8 insertions, 1 deletions

diff --git a/editeng/source/items/flditem.cxx b/editeng/source/items/flditem.cxx
index 57de9870c461..9155c27ef3aa 100644
--- a/editeng/source/items/flditem.cxx
+++ b/editeng/source/items/flditem.cxx
@@ -567,7 +567,14 @@ static OUString read_unicode( SvPersistStream & rStm )
     rtl_uString *pStr = NULL;
     sal_uInt16 nL = 0;
     rStm.ReadUInt16( nL );
-    if ( nL )
+    const size_t nMaxRecords = rStm.remainingSize() / sizeof(sal_Unicode);
+    if (nL > nMaxRecords)
+    {
+        SAL_WARN("editeng", "Parsing error: " << nMaxRecords <<
+                 " max possible entries, but " << nL << " claimed, truncating");
+        nL = nMaxRecords;
+    }
+    if (nL)
     {
         pStr = rtl_uString_alloc(nL);
         //endian specific?, yipes!