sanitize lcbCmds length

Change-Id: I795ac35c80d7b61d7a9afbeae0d6d4bb789e16f8
author: Caolán McNamara <caolanm@redhat.com> 2015-08-20 09:31:30 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2015-08-20 10:39:40 +0100
commit: 721f5b054e013cc2867051bef75d6488fdb583a8 (patch)
tree: 3218d996380c6deca1827822077cbd34efcc4a87 /sw/source
parent: 170ff56b1b99ec451e9adbc9ae9c2a94dd47a692 (diff)
3 files changed, 11 insertions, 12 deletions
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 695620d2de2e..21791a99457f 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -4651,15 +4651,14 @@ void SwWW8ImplReader::StoreMacroCmds()
         {
             uno::Reference < io::XStream > xStream =
                     xRoot->openStreamElement( OUString(SL::aMSMacroCmds), embed::ElementModes::READWRITE );
-            SvStream* pStream = ::utl::UcbStreamHelper::CreateStream( xStream );
+            std::unique_ptr<SvStream> xOutStream(::utl::UcbStreamHelper::CreateStream(xStream));
 
-            sal_uInt8 *pBuffer = new sal_uInt8[m_pWwFib->lcbCmds];
-            m_pWwFib->lcbCmds = m_pTableStream->Read(pBuffer, m_pWwFib->lcbCmds);
-            pStream->Write(pBuffer, m_pWwFib->lcbCmds);
-            delete[] pBuffer;
-            delete pStream;
+            sal_uInt32 lcbCmds = std::min<sal_uInt32>(m_pWwFib->lcbCmds, m_pTableStream->remainingSize());
+            std::unique_ptr<sal_uInt8[]> xBuffer(new sal_uInt8[lcbCmds]);
+            m_pWwFib->lcbCmds = m_pTableStream->Read(xBuffer.get(), lcbCmds);
+            xOutStream->Write(xBuffer.get(), m_pWwFib->lcbCmds);
         }
-        catch ( const uno::Exception& )
+        catch (...)
         {
         }
     }
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index a34dc30a45a4..bb5552a0aeea 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -5172,14 +5172,14 @@ namespace
     {
         if (eVer <= ww::eWW2)
         {
-            sal_uInt16 nShort;
-            rSt.ReadUInt16( nShort );
+            sal_uInt16 nShort(0);
+            rSt.ReadUInt16(nShort);
             return nShort;
         }
         else
         {
-            sal_uInt32 nLong;
-            rSt.ReadUInt32( nLong );
+            sal_uInt32 nLong(0);
+            rSt.ReadUInt32(nLong);
             return nLong;
         }
     }
diff --git a/sw/source/filter/ww8/ww8scan.hxx b/sw/source/filter/ww8/ww8scan.hxx
index 4be181b81694..53e5d47c507b 100644
--- a/sw/source/filter/ww8/ww8scan.hxx
+++ b/sw/source/filter/ww8/ww8scan.hxx
@@ -1265,7 +1265,7 @@ public:
     sal_Int32 lcbPlcfbkl;   // 0x114 sal_Int32
 
     WW8_FC fcCmds;      // 0x118 FC
-    sal_Int32 lcbCmds;      // 0x11c
+    sal_uInt32 lcbCmds;      // 0x11c
 
     WW8_FC fcPlcfmcr;       // 0x120 FC
     sal_Int32 lcbPlcfmcr;       // 0x124
author	Caolán McNamara <caolanm@redhat.com>	2015-08-20 09:31:30 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2015-08-20 10:39:40 +0100
commit	721f5b054e013cc2867051bef75d6488fdb583a8 (patch)
tree	3218d996380c6deca1827822077cbd34efcc4a87 /sw/source
parent	170ff56b1b99ec451e9adbc9ae9c2a94dd47a692 (diff)