summaryrefslogtreecommitdiff
path: root/basic/source
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2014-11-14 10:19:24 +0000
committerCaolán McNamara <caolanm@redhat.com>2014-11-14 12:02:48 +0000
commit41029bcdd094b516bb4f4926fca18ce60092a013 (patch)
treebb0081630b84fc5d9ffc8e8b7f59a1a3e961c41a /basic/source
parent480475b28864d9df245e4190c94939060a8c2cc1 (diff)
coverity#1242865 Untrusted value as argument
Change-Id: Ie7a7a2e7894a204dd55833416b7cbc5b01826e64
Diffstat (limited to 'basic/source')
-rw-r--r--basic/source/classes/image.cxx11
1 files changed, 11 insertions, 0 deletions
diff --git a/basic/source/classes/image.cxx b/basic/source/classes/image.cxx
index 1543caec5cac..8e52b450a21c 100644
--- a/basic/source/classes/image.cxx
+++ b/basic/source/classes/image.cxx
@@ -202,7 +202,17 @@ bool SbiImage::Load( SvStream& r, sal_uInt32& nVersion )
case B_LINERANGES:
break;
case B_STRINGPOOL:
+ {
if( bBadVer ) break;
+ //assuming an empty string with just the lead 32bit len indicator
+ const size_t nMinStringSize = 4;
+ const size_t nMaxStrings = r.remainingSize() / nMinStringSize;
+ if (nCount > nMaxStrings)
+ {
+ SAL_WARN("basic", "Parsing error: " << nMaxStrings <<
+ " max possible entries, but " << nCount << " claimed, truncating");
+ nCount = nMaxStrings;
+ }
MakeStrings( nCount );
short i;
for( i = 0; i < nStrings && SbiGood( r ); i++ )
@@ -227,6 +237,7 @@ bool SbiImage::Load( SvStream& r, sal_uInt32& nVersion )
}
}
break;
+ }
case B_MODEND:
goto done;
default:
generated by cgit (git 2.34.1) at 2025-02-15 00:50:21 +0000