diff options
| author | Eike Rathke <erack@redhat.com> | 2017-11-10 10:52:19 +0100 |
|---|---|---|
| committer | Eike Rathke <erack@redhat.com> | 2017-11-10 11:04:57 +0100 |
| commit | 78bcc5ddca186f0009124a697184f332405d3e1e (patch) | |
| tree | 1e9e42acf1cc12c3cd3b46e4f51f3935eb996ffd /sc | |
| parent | 1aba1955f161cc112dab80b6b3e78ec7761616fc (diff) | |
ofz#4123 do not read past end of file
Change-Id: I1fa3543d541ea084a43a1a11f62680fa798f5647
Diffstat (limited to 'sc')
| -rw-r--r-- | sc/source/filter/inc/formel.hxx | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/sc/source/filter/inc/formel.hxx b/sc/source/filter/inc/formel.hxx index 433ba0809a94..aa7944161439 100644 --- a/sc/source/filter/inc/formel.hxx +++ b/sc/source/filter/inc/formel.hxx @@ -143,31 +143,51 @@ inline void LotusConverterBase::Ignore( const long nSeekRel ) inline void LotusConverterBase::Read( sal_uInt8& nByte ) { aIn.ReadUChar( nByte ); - nBytesLeft--; + if (aIn.good()) + nBytesLeft--; + else + { + // SvStream::ReadUChar() does not init a single char on failure. This + // behaviour is even tested in a unit test. + nByte = 0; + nBytesLeft = -1; // bail out early + } } inline void LotusConverterBase::Read( sal_uInt16& nUINT16 ) { aIn.ReadUInt16( nUINT16 ); - nBytesLeft -= 2; + if (aIn.good()) + nBytesLeft -= 2; + else + nBytesLeft = -1; // bail out early } inline void LotusConverterBase::Read( sal_Int16& nINT16 ) { aIn.ReadInt16( nINT16 ); - nBytesLeft -= 2; + if (aIn.good()) + nBytesLeft -= 2; + else + nBytesLeft = -1; // bail out early } inline void LotusConverterBase::Read( double& fDouble ) { aIn.ReadDouble( fDouble ); - nBytesLeft -= 8; + if (aIn.good()) + nBytesLeft -= 8; + else + nBytesLeft = -1; // bail out early } inline void LotusConverterBase::Read( sal_uInt32& nUINT32 ) { aIn.ReadUInt32( nUINT32 ); - nBytesLeft -= 4; + if (aIn.good()) + nBytesLeft -= 4; + else + nBytesLeft = -1; // bail out early } #endif |