diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2015-07-13 09:10:12 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2015-07-14 11:14:05 +0000 |
| commit | fdea2a41da361edddde160aaeac1af47eec4499b (patch) | |
| tree | be558d885ca3ed5af389b26b13afa38f630c747c | |
| parent | avoid endless loop with busted wmf (diff) | |
| download | core-fdea2a41da361edddde160aaeac1af47eec4499b.tar.gz core-fdea2a41da361edddde160aaeac1af47eec4499b.zip | |
emf: fix hang
Change-Id: I2410308ecccb8c5318a718bafadc7b40a98cb82b
(cherry picked from commit 8695633023cc321a095753db98bdc69d2aeee058)
Reviewed-on: https://gerrit.libreoffice.org/16976
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: David Tardon <dtardon@redhat.com>
(cherry picked from commit bcf9f7c7e06ee97106b5a555a97599e6b0ed1c13)
Reviewed-on: https://gerrit.libreoffice.org/16992
Reviewed-by: Eike Rathke <erack@redhat.com>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
| -rw-r--r-- | vcl/qa/cppunit/graphicfilter/data/emf/fail/hang-1.emf | bin | 0 -> 2225 bytes | |||
| -rw-r--r-- | vcl/source/filter/wmf/enhwmf.cxx | 2 |
2 files changed, 1 insertions, 1 deletions
diff --git a/vcl/qa/cppunit/graphicfilter/data/emf/fail/hang-1.emf b/vcl/qa/cppunit/graphicfilter/data/emf/fail/hang-1.emf Binary files differnew file mode 100644 index 000000000000..634fccdc0f22 --- /dev/null +++ b/vcl/qa/cppunit/graphicfilter/data/emf/fail/hang-1.emf diff --git a/vcl/source/filter/wmf/enhwmf.cxx b/vcl/source/filter/wmf/enhwmf.cxx index 345d06b41065..741ec15d7a9f 100644 --- a/vcl/source/filter/wmf/enhwmf.cxx +++ b/vcl/source/filter/wmf/enhwmf.cxx @@ -663,7 +663,7 @@ bool EnhWMFReader::ReadEnhWMF() SAL_INFO("vcl.emf", "\tGDI comment, length: " << length); - if( pWMF->good() && length >= 4 ) { + if( pWMF->good() && length >= 4 && length <= pWMF->remainingSize() ) { sal_uInt32 id; pWMF->ReadUInt32( id ); |