From b43ad2e67550a3c085e080dead0c6fad970563f7 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Tue, 9 May 2017 11:38:16 +0100
Subject: ofz avoid oom

Change-Id: I7d7e249a75fb33ac6a72e941f6b8f92ff8edf25a
---
 sw/source/filter/ww8/ww8toolbar.cxx | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/sw/source/filter/ww8/ww8toolbar.cxx b/sw/source/filter/ww8/ww8toolbar.cxx
index 61208f586b79..33a4547ae6ba 100644
--- a/sw/source/filter/ww8/ww8toolbar.cxx
+++ b/sw/source/filter/ww8/ww8toolbar.cxx
@@ -1048,8 +1048,13 @@ bool PlfKme::Read(SvStream &rS)
     nOffSet = rS.Tell();
     Tcg255SubStruct::Read( rS );
     rS.ReadInt32( iMac );
-    if ( iMac )
+    if (iMac > 0)
     {
+        //each Kme is 14 bytes in size
+        size_t nMaxAvailableRecords = rS.remainingSize() / 14;
+        if (static_cast<sal_uInt32>(iMac) > nMaxAvailableRecords)
+            return false;
+
         rgkme.reset( new Kme[ iMac ] );
         for( sal_Int32 index=0; index<iMac; ++index )
         {
-- 
cgit