don't hang on unreachable record ends

Change-Id: I288f7ff0327831603eda6e827c8acbae678dfaff

1 files changed, 12 insertions, 2 deletions

diff --git a/filter/source/msfilter/svdfppt.cxx b/filter/source/msfilter/svdfppt.cxx
index f5b79315cc29..8199766ec1dd 100644
--- a/filter/source/msfilter/svdfppt.cxx
+++ b/filter/source/msfilter/svdfppt.cxx
@@ -4061,8 +4061,18 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader& rSlideHd, SvStream& rIn, Sd
     }
 
     rSlideHd.SeekToContent( rIn );
+
+    auto nEndRecPos = rSlideHd.GetRecEndFilePos();
+    auto nStreamLen = rIn.Tell() + rIn.remainingSize();
+    if (nEndRecPos > nStreamLen)
+    {
+        SAL_WARN("filter.ms", "Parsing error: " << nStreamLen <<
+                 " max end pos, but " << nEndRecPos << " claimed, truncating");
+        nEndRecPos = nStreamLen;
+    }
+
     DffRecordHeader aTxMasterStyleHd;
-    while ( rIn.Tell() < rSlideHd.GetRecEndFilePos() )
+    while (rIn.Tell() < nEndRecPos)
     {
         ReadDffRecordHeader( rIn, aTxMasterStyleHd );
         if ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom )
@@ -4070,7 +4080,7 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader& rSlideHd, SvStream& rIn, Sd
         else
             aTxMasterStyleHd.SeekToEndOfRecord( rIn );
     }
-    while ( ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom ) && ( rIn.Tell() < rSlideHd.GetRecEndFilePos() ) ) //TODO: aTxMasterStyleHd may be used without having been properly initialized
+    while ( ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom ) && ( rIn.Tell() < nEndRecPos ) ) //TODO: aTxMasterStyleHd may be used without having been properly initialized
     {
         sal_uInt32 nInstance = aTxMasterStyleHd.nRecInstance;
         if ( ( nInstance < PPT_STYLESHEETENTRYS ) &&