check ppt property size against max available len

Change-Id: Ie99a68ea34edfb480d41cf832d3044f4bf686585 Reviewed-on: https://gerrit.libreoffice.org/43661 Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2017-10-21 16:59:19 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2017-10-21 18:51:02 +0200
commit: 96976553c41e8e7af47ad3d25927f5018279f6c7 (patch)
tree: 2064a351379e373df36b18975c6e1ce31b793622
parent: ea6858c1e388c2d17a0825f3d21353ded67083eb (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/sd/source/filter/ppt/propread.cxx b/sd/source/filter/ppt/propread.cxx
index ed1f9e4923d2..6854a7dc1a44 100644
--- a/sd/source/filter/ppt/propread.cxx
+++ b/sd/source/filter/ppt/propread.cxx
@@ -326,7 +326,13 @@ void Section::Read( SotStorageStream *pStrm )
 
     mnTextEnc = RTL_TEXTENCODING_MS_1252;
     sal_uInt32 nSecSize(0), nPropCount(0);
-    pStrm->ReadUInt32( nSecSize ).ReadUInt32( nPropCount );
+    pStrm->ReadUInt32(nSecSize).ReadUInt32(nPropCount);
+    if (nSecSize > nStrmSize)
+    {
+        SAL_WARN("sd.filter", "Section Len " << nSecSize << " claimed, only " << nStrmSize << " possible");
+        nSecSize = nStrmSize;
+    }
+
     while (nPropCount--)
     {
         sal_uInt32 nPropId(0), nPropOfs(0);
@@ -514,7 +520,7 @@ void Section::Read( SotStorageStream *pStrm )
         }
         pStrm->Seek(nCurrent);
     }
-    pStrm->Seek( nSecOfs + nSecSize );
+    pStrm->Seek(nSecOfs + nSecSize);
 }
 
 Section& Section::operator=( const Section& rSection )
author	Caolán McNamara <caolanm@redhat.com>	2017-10-21 16:59:19 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2017-10-21 18:51:02 +0200
commit	96976553c41e8e7af47ad3d25927f5018279f6c7 (patch)
tree	2064a351379e373df36b18975c6e1ce31b793622
parent	ea6858c1e388c2d17a0825f3d21353ded67083eb (diff)