From 7f0b3e90ad8cc6c16e2004cc0739150352c8d7e6 Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Tue, 28 Feb 2017 21:08:00 +0000 Subject: ofz: timeout, check availablity of point data before reading it Change-Id: I86b3041bc5123ba10bbb9b64702dfb2060b3cc23 --- filter/source/graphicfilter/ipict/ipict.cxx | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/filter/source/graphicfilter/ipict/ipict.cxx b/filter/source/graphicfilter/ipict/ipict.cxx index 4003b0fd49c7..a85e691f7b64 100644 --- a/filter/source/graphicfilter/ipict/ipict.cxx +++ b/filter/source/graphicfilter/ipict/ipict.cxx @@ -461,6 +461,12 @@ sal_uLong PictReader::ReadPolygon(tools::Polygon & rPoly) pPict->SeekRel(8); sal_uLong nDataSize = (sal_uLong)nSize; nSize=(nSize-10)/4; + const size_t nMaxPossiblePoints = pPict->remainingSize() / 2 * sizeof(sal_uInt16); + if (nSize > nMaxPossiblePoints) + { + SAL_WARN("filter.pict", "pict record claims to have: " << nSize << " points, but only " << nMaxPossiblePoints << " possible, clamping"); + nSize = nMaxPossiblePoints; + } rPoly.SetSize(nSize); for (sal_uInt16 i = 0; i < nSize; ++i) rPoly.SetPoint(ReadPoint(), i); -- cgit