summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--svl/source/items/itemset.cxx10
1 files changed, 10 insertions, 0 deletions
diff --git a/svl/source/items/itemset.cxx b/svl/source/items/itemset.cxx
index eb5ffaa4522e..9dc809f6c7f8 100644
--- a/svl/source/items/itemset.cxx
+++ b/svl/source/items/itemset.cxx
@@ -1487,6 +1487,16 @@ SvStream &SfxItemSet::Load
// Load Item count and as many Items
sal_uInt16 nCount = 0;
rStream.ReadUInt16( nCount );
+
+ const size_t nMinRecordSize = sizeof(sal_uInt16) * 2;
+ const size_t nMaxRecords = rStream.remainingSize() / nMinRecordSize;
+ if (nCount > nMaxRecords)
+ {
+ SAL_WARN("svl", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nCount << " claimed, truncating");
+ nCount = nMaxRecords;
+ }
+
for ( sal_uInt16 i = 0; i < nCount; ++i )
{
// Load Surrogate/Item and resolve Surrogate
generated by cgit (git 2.34.1) at 2024-08-21 11:16:24 +0000