Kaydet (Commit) ad6d83de authored tarafından Caolán McNamara's avatar Caolán McNamara

check for legal field sizes before reading

Change-Id: I3cdb647e1a057be5bb4b32d119ee5bcbbedf7473
üst 8a7b7b7b
......@@ -2660,21 +2660,34 @@ void OS2METReader::ReadOS2MET( SvStream & rStreamOS2MET, GDIMetaFile & rGDIMetaF
pOS2MET->ReadUInt16(nFieldType);
pOS2MET->SeekRel(3);
nPos+=8; nFieldSize-=8;
if (pOS2MET->GetError()) break;
if (pOS2MET->IsEof()) {
if (pOS2MET->GetError())
break;
if (nFieldType==EndDocumnMagic)
break;
if (pOS2MET->IsEof() || nFieldSize < 8)
{
pOS2MET->SetError(SVSTREAM_FILEFORMAT_ERROR);
ErrorCode=8;
break;
}
if (nFieldType==EndDocumnMagic) break;
nPos+=8; nFieldSize-=8;
if (nFieldSize > pOS2MET->remainingSize())
{
pOS2MET->SetError(SVSTREAM_FILEFORMAT_ERROR);
ErrorCode=8;
break;
}
ReadField(nFieldType, nFieldSize);
nPos += nFieldSize;
nPos+=(sal_uLong)nFieldSize;
if (pOS2MET->Tell()>nPos) {
if (pOS2MET->Tell() > nPos)
{
pOS2MET->SetError(SVSTREAM_FILEFORMAT_ERROR);
ErrorCode=9;
break;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment