diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2015-01-25 20:59:20 +0000 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2015-01-25 20:59:20 +0000 |
| commit | 2987f8d8d6bb005814660a1a10a5eebb74aef312 (patch) | |
| tree | bed0a35b68117382a9bc7e040adbe2986ff6ca1a /editeng | |
| parent | 90ec1a60777ad9e78ad5fafd712cc98371782d7f (diff) | |
coverity#1266493 Use of untrusted scalar value
Change-Id: Iba051da07f5ffafcab559fe03a4e93f21a2d4f8a
Diffstat (limited to 'editeng')
| -rw-r--r-- | editeng/source/items/flditem.cxx | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/editeng/source/items/flditem.cxx b/editeng/source/items/flditem.cxx index 57de9870c461..9155c27ef3aa 100644 --- a/editeng/source/items/flditem.cxx +++ b/editeng/source/items/flditem.cxx @@ -567,7 +567,14 @@ static OUString read_unicode( SvPersistStream & rStm ) rtl_uString *pStr = NULL; sal_uInt16 nL = 0; rStm.ReadUInt16( nL ); - if ( nL ) + const size_t nMaxRecords = rStm.remainingSize() / sizeof(sal_Unicode); + if (nL > nMaxRecords) + { + SAL_WARN("editeng", "Parsing error: " << nMaxRecords << + " max possible entries, but " << nL << " claimed, truncating"); + nL = nMaxRecords; + } + if (nL) { pStr = rtl_uString_alloc(nL); //endian specific?, yipes! |