use a read-only stream when reading graphic data

EmbeddedObjectRef::GetGraphicStream() creates a writable
SvMemoryStream, read the graphics data into it and then returns
the stream, which will be afterwards used to decode the graphics.
But if the data is broken, incorrect seeking may cause a seek
way past the buffer, and since the stream is writable, it would
be done and cause problems such as running out of memory.
The VersionCompatRead class is one such place that reads size
from the stream and then seeks based on the read data.

Add SvMemoryStream::MakeReadOnly() that will change the stream
to be read-only after the initial read of the data into it.

Change-Id: I1d44aabaf73071a691adafa489e65e4f5e3f021d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137002
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lunak@collabora.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/svtools/source/misc/embedhlp.cxx b/svtools/source/misc/embedhlp.cxx
index 809a2b155790..91a591ec8724 100644
--- a/svtools/source/misc/embedhlp.cxx
+++ b/svtools/source/misc/embedhlp.cxx
@@ -632,7 +632,7 @@ std::unique_ptr<SvStream> EmbeddedObjectRef::GetGraphicStream( bool bUpdate ) co
         if ( xStream.is() )
         {
             const sal_Int32 nConstBufferSize = 32000;
-            std::unique_ptr<SvStream> pStream(new SvMemoryStream( 32000, 32000 ));
+            std::unique_ptr<SvMemoryStream> pStream(new SvMemoryStream( 32000, 32000 ));
             try
             {
                 sal_Int32 nRead=0;
@@ -644,6 +644,7 @@ std::unique_ptr<SvStream> EmbeddedObjectRef::GetGraphicStream( bool bUpdate ) co
                 }
                 while ( nRead == nConstBufferSize );
                 pStream->Seek(0);
+                pStream->MakeReadOnly();
                 return pStream;
             }
             catch (const uno::Exception&)