coverity#1242895 Untrusted loop bound

Change-Id: Ib54ed3f18c91142f1c217f618d88e36a646cf931
author: Caolán McNamara <caolanm@redhat.com> 2015-02-07 20:30:50 +0000
committer: Caolán McNamara <caolanm@redhat.com> 2015-02-08 12:29:28 +0000
commit: cfb0c6d7a3fb07fdfbbee712bf8cc3121f922e4d (patch)
tree: c18148b8d7cd793b6b5215a2782662d1fb9f72c9 /sc
parent: b42d7e4f5d496da81e7e86f437ee275729201907 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/sc/source/filter/starcalc/scflt.cxx b/sc/source/filter/starcalc/scflt.cxx
index 63c9b0e6cd82..c2c1dabc0766 100644
--- a/sc/source/filter/starcalc/scflt.cxx
+++ b/sc/source/filter/starcalc/scflt.cxx
@@ -1534,7 +1534,16 @@ void Sc10Import::LoadTables()
             return;
         }
 
-        rStream.ReadUInt16( DataCount );
+        rStream.ReadUInt16(DataCount);
+        const size_t nMinRecordSize = sizeof(sal_uInt16)*2;
+        const size_t nMaxRecords = rStream.remainingSize() / nMinRecordSize;
+        if (DataCount > nMaxRecords)
+        {
+            SAL_WARN("sc", "Parsing error: " << nMaxRecords <<
+                     " max possible entries, but " << DataCount << " claimed, truncating");
+            DataCount = nMaxRecords;
+        }
+
         DataStart = 0;
         for (i=0; i < DataCount; i++)
         {
author	Caolán McNamara <caolanm@redhat.com>	2015-02-07 20:30:50 +0000
committer	Caolán McNamara <caolanm@redhat.com>	2015-02-08 12:29:28 +0000
commit	cfb0c6d7a3fb07fdfbbee712bf8cc3121f922e4d (patch)
tree	c18148b8d7cd793b6b5215a2782662d1fb9f72c9 /sc
parent	b42d7e4f5d496da81e7e86f437ee275729201907 (diff)