ofz#58928 Heap-buffer-overflow READ

since: commit ba0bf0ab2c24d309e8a938cec26daa41eba9c8cf Date: Mon Mar 21 20:20:02 2022 +0100 tdf#142249 EMF Implement EMR_POLYDRAW record Change-Id: I9234a66d9f8691b9b051950b818884429b5f7277 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151728 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2023-05-13 17:08:29 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2023-05-13 21:05:16 +0200
commit: 16941a925c38022a8ab07088d2e42e0b9aa44b78 (patch)
tree: 5e36b596265e3a5cd35b52d46ea1c9acd2cf0941 /emfio
parent: 3772a3d1ce574a60bef9b120509e444b4fa27e13 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/emfio/source/reader/emfreader.cxx b/emfio/source/reader/emfreader.cxx
index ceb797f568b0..dcb8a2379148 100644
--- a/emfio/source/reader/emfreader.cxx
+++ b/emfio/source/reader/emfreader.cxx
@@ -1009,6 +1009,11 @@ namespace emfio
                             }
                             else if (aPointTypes[i] & PT_BEZIERTO)
                             {
+                                if (aPoints.size() - i < 3)
+                                {
+                                    SAL_WARN("emfio", "EMF file error: Not enough Bezier points.");
+                                    break;
+                                }
                                 tools::Polygon aPolygon(4);
                                 aPolygon[0] = maActPos;
                                 aPolygon[1] = aPoints[i++];
author	Caolán McNamara <caolanm@redhat.com>	2023-05-13 17:08:29 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2023-05-13 21:05:16 +0200
commit	16941a925c38022a8ab07088d2e42e0b9aa44b78 (patch)
tree	5e36b596265e3a5cd35b52d46ea1c9acd2cf0941 /emfio
parent	3772a3d1ce574a60bef9b120509e444b4fa27e13 (diff)