ofz: more check bounds on read

Change-Id: I70018ee2ab282c11547f5bf9d81b2ee74c74aa04
author: Caolán McNamara <caolanm@redhat.com> 2017-04-02 16:50:38 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2017-04-02 16:50:38 +0100
commit: fb41ebff32371ee7a7e07f671f7c769a8bb18718 (patch)
tree: 912fbb430522007b3e190cd15693353d3555e867 /filter/source/graphicfilter
parent: adb597102e6d8c8688510881f2142a999ada03ce (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/filter/source/graphicfilter/icgm/class1.cxx b/filter/source/graphicfilter/icgm/class1.cxx
index 0d297bbe0a10..895dd8247d0b 100644
--- a/filter/source/graphicfilter/icgm/class1.cxx
+++ b/filter/source/graphicfilter/icgm/class1.cxx
@@ -192,6 +192,10 @@ void CGM::ImplDoClass1()
             {
                 sal_uInt32 nCharSetType = ImplGetUI16();
                 sal_uInt32 nSize = ImplGetUI(1);
+
+                if (static_cast<sal_uIntPtr>(mpEndValidSource - (mpSource + mnParaSize)) < nSize)
+                    throw css::uno::Exception("attempt to read past end of input", nullptr);
+
                 pElement->aFontList.InsertCharSet( (CharSetType)nCharSetType, mpSource + mnParaSize, nSize );
                 mnParaSize += nSize;
             }
author	Caolán McNamara <caolanm@redhat.com>	2017-04-02 16:50:38 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2017-04-02 16:50:38 +0100
commit	fb41ebff32371ee7a7e07f671f7c769a8bb18718 (patch)
tree	912fbb430522007b3e190cd15693353d3555e867 /filter/source/graphicfilter
parent	adb597102e6d8c8688510881f2142a999ada03ce (diff)