diff options
author | Caolán McNamara <caolanm@redhat.com> | 2014-07-20 20:37:40 +0100 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2014-07-21 09:13:43 +0100 |
commit | f5d33e5e70d74d18893a67672eac95b84483226b (patch) | |
tree | c511ad03454cad52170c87c3dd6f40fd88647ab3 /vcl | |
parent | 8306c25ef416a22fde6f31311b530b4caea1bba6 (diff) |
Resolves: coverity#706171 Untrusted value as argument
limit nBytesToRead to remaining size of file
also zero last byte of alloced block, seeing as the
block is size+1 and we only read size into it
Change-Id: I2729ec7bb9de20731531f32da864c572fa83ce58
Diffstat (limited to 'vcl')
-rw-r--r-- | vcl/generic/fontmanager/helper.cxx | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/vcl/generic/fontmanager/helper.cxx b/vcl/generic/fontmanager/helper.cxx index 0e4bc89a8c4b..3a313190ea80 100644 --- a/vcl/generic/fontmanager/helper.cxx +++ b/vcl/generic/fontmanager/helper.cxx @@ -248,12 +248,12 @@ bool psp::convertPfbToPfa( ::osl::File& rInFile, ::osl::File& rOutFile ) bool bSuccess = true; bool bEof = false; unsigned char buffer[256]; - sal_uInt64 nRead; - sal_uInt64 nOrgPos = 0; - rInFile.getPos( nOrgPos ); + sal_uInt64 nSize(0); + rInFile.getSize(nSize); while( bSuccess && ! bEof ) { + sal_uInt64 nRead; // read leading bytes bEof = ((0 != rInFile.read( buffer, 6, nRead)) || (nRead != 6)); if( bEof ) @@ -285,7 +285,12 @@ bool psp::convertPfbToPfa( ::osl::File& rInFile, ::osl::File& rOutFile ) } else if( nType == 1 || nType == 2 ) { - boost::scoped_array<unsigned char> pBuffer(new unsigned char[ nBytesToRead+1 ]); + sal_uInt64 nOrgPos(0); + rInFile.getPos(nOrgPos); + nBytesToRead = std::min<sal_uInt64>(nBytesToRead, nSize - nOrgPos); + + boost::scoped_array<unsigned char> pBuffer(new unsigned char[nBytesToRead+1]); + pBuffer[nBytesToRead] = 0; if( ! rInFile.read( pBuffer.get(), nBytesToRead, nRead ) && nRead == nBytesToRead ) { |