diff options
Diffstat (limited to 'editeng')
| -rw-r--r-- | editeng/source/editeng/editobj.cxx | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/editeng/source/editeng/editobj.cxx b/editeng/source/editeng/editobj.cxx index 9c1da0e83a65..b100bd47299d 100644 --- a/editeng/source/editeng/editobj.cxx +++ b/editeng/source/editeng/editobj.cxx @@ -1266,9 +1266,18 @@ void EditTextObjectImpl::CreateData( SvStream& rIStream ) rtl_TextEncoding eSrcEncoding = GetSOLoadTextEncoding( (rtl_TextEncoding)nCharSet ); // The number of paragraphs ... - sal_uInt16 nParagraphs; + sal_uInt16 nParagraphs(0); rIStream.ReadUInt16( nParagraphs ); + const size_t nMinParaRecordSize = 6 + eSrcEncoding == RTL_TEXTENCODING_UNICODE ? 4 : 2; + const size_t nMaxParaRecords = rIStream.remainingSize() / nMinParaRecordSize; + if (nParagraphs > nMaxParaRecords) + { + SAL_WARN("editeng", "Parsing error: " << nMaxParaRecords << + " max possible entries, but " << nParagraphs<< " claimed, truncating"); + nParagraphs = nMaxParaRecords; + } + // The individual paragraphs ... for ( sal_uLong nPara = 0; nPara < nParagraphs; nPara++ ) { @@ -1280,7 +1289,7 @@ void EditTextObjectImpl::CreateData( SvStream& rIStream ) // StyleName and Family... pC->GetStyle() = rIStream.ReadUniOrByteString(eSrcEncoding); - sal_uInt16 nStyleFamily; + sal_uInt16 nStyleFamily(0); rIStream.ReadUInt16( nStyleFamily ); pC->GetFamily() = (SfxStyleFamily)nStyleFamily; |