From b4f43c09170281863b3cd76812e63fb2d8716287 Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Mon, 6 Nov 2017 21:24:37 +0000 Subject: ofz#3577 Timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit little speculative given https://github.com/google/oss-fuzz/issues/960 Change-Id: Ie844ebdd1e693ce8589fba9b7370d55914d844a7 Reviewed-on: https://gerrit.libreoffice.org/44377 Tested-by: Jenkins Reviewed-by: Caolán McNamara Tested-by: Caolán McNamara --- sfx2/source/doc/oleprops.cxx | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'sfx2') diff --git a/sfx2/source/doc/oleprops.cxx b/sfx2/source/doc/oleprops.cxx index 7a73f434bbaf..f860d9b5be11 100644 --- a/sfx2/source/doc/oleprops.cxx +++ b/sfx2/source/doc/oleprops.cxx @@ -276,7 +276,7 @@ OUString SfxOleStringHelper::ImplLoadString8( SvStream& rStrm ) const return OUString(); // load character buffer OString sValue(read_uInt8s_ToOString(rStrm, nSize - 1)); - if (rStrm.good()) + if (rStrm.good() && rStrm.remainingSize()) rStrm.SeekRel(1); // skip null-byte at end return OStringToOUString(sValue, GetTextEncoding()); } @@ -292,14 +292,13 @@ OUString SfxOleStringHelper::ImplLoadString16( SvStream& rStrm ) return OUString(); // load character buffer OUString aValue = read_uInt16s_ToOUString(rStrm, nSize - 1); - if (rStrm.good()) - { - sal_Int32 nSkip(2); // skip null-byte at end - // stream is always padded to 32-bit boundary, skip 2 bytes on odd character count - if ((nSize & 1) == 1) - nSkip += 2; + sal_Int32 nSkip(2); // skip null-byte at end + // stream is always padded to 32-bit boundary, skip 2 bytes on odd character count + if ((nSize & 1) == 1) + nSkip += 2; + nSkip = std::min(nSkip, rStrm.remainingSize()); + if (rStrm.good() && nSkip) rStrm.SeekRel(nSkip); - } return aValue; } -- cgit