summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--vcl/source/gdi/svmconverter.cxx16
1 files changed, 11 insertions, 5 deletions
diff --git a/vcl/source/gdi/svmconverter.cxx b/vcl/source/gdi/svmconverter.cxx
index 2e08f1aaeb2b..2cadb221247b 100644
--- a/vcl/source/gdi/svmconverter.cxx
+++ b/vcl/source/gdi/svmconverter.cxx
@@ -1404,21 +1404,27 @@ void SVMConverter::ImplConvertFromSVM1( SvStream& rIStm, GDIMetaFile& rMtf )
case GDI_COMMENT_COMMENT:
{
- sal_Int32 nValue;
- sal_uInt32 nDataSize;
std::vector<sal_uInt8> aData;
- sal_Int32 nFollowingActionCount;
OString aComment = read_uInt16_lenPrefixed_uInt8s_ToOString(rIStm);
- rIStm.ReadInt32( nValue ).ReadUInt32( nDataSize );
+ sal_Int32 nValue(0);
+ sal_uInt32 nDataSize(0);
+ rIStm.ReadInt32(nValue).ReadUInt32(nDataSize);
if (nDataSize)
{
+ const size_t nMaxPossibleData = rIStm.remainingSize();
+ if (nDataSize > nMaxPossibleActions)
+ {
+ SAL_WARN("vcl.gdi", "svm record claims to have: " << nDataSize << " data, but only " << nMaxPossibleData << " possible");
+ nDataSize = nMaxPossibleActions;
+ }
aData.resize(nDataSize);
nDataSize = rIStm.ReadBytes(aData.data(), nDataSize);
}
- rIStm.ReadInt32( nFollowingActionCount );
+ sal_Int32 nFollowingActionCount(0);
+ rIStm.ReadInt32(nFollowingActionCount);
ImplSkipActions( rIStm, nFollowingActionCount );
rMtf.AddAction(new MetaCommentAction(aComment, nValue, aData.data(), nDataSize));
generated by cgit (git 2.34.1) at 2024-07-27 17:51:23 +0000