diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2019-04-27 11:52:11 +0100 |
|---|---|---|
| committer | Michael Stahl <Michael.Stahl@cib.de> | 2019-04-29 11:47:41 +0200 |
| commit | dc3752ef01e7646af1978337aa5ba458f27774b6 (patch) | |
| tree | e107108ea4300bc6de3e12a80637dc530fa6ad7d | |
| parent | tdf#113076 vcl windows opengl: specific italic set font was clipped on ... (diff) | |
| download | core-dc3752ef01e7646af1978337aa5ba458f27774b6.tar.gz core-dc3752ef01e7646af1978337aa5ba458f27774b6.zip | |
ofz#14469 null deref
since...
commit af84fc9d906626255aaf136eefc5e55236e0e8a6
Date: Tue Apr 23 15:48:41 2019 +0200
lazy image loading shouldn't read the entire .xls file (tdf#124828)
nLength is just an unchecked value in the dff stream, it might not be sane
so limit it to the max len of the stream
Change-Id: Ia8a2830478952afe1317b5cd795f35059d9b380a
Reviewed-on: https://gerrit.libreoffice.org/71413
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>
| -rw-r--r-- | vcl/source/filter/graphicfilter.cxx | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/vcl/source/filter/graphicfilter.cxx b/vcl/source/filter/graphicfilter.cxx index 0cc982e68082..9be6f0723079 100644 --- a/vcl/source/filter/graphicfilter.cxx +++ b/vcl/source/filter/graphicfilter.cxx @@ -1443,7 +1443,9 @@ Graphic GraphicFilter::ImportUnloadedGraphic(SvStream& rIStream, sal_uInt64 size ErrCode nStatus = ImpTestOrFindFormat("", rIStream, nFormat); rIStream.Seek(nStreamBegin); - const sal_uInt32 nStreamLength( sizeLimit ? sizeLimit : rIStream.remainingSize()); + sal_uInt32 nStreamLength(rIStream.remainingSize()); + if (sizeLimit && sizeLimit < nStreamLength) + nStreamLength = sizeLimit; OUString aFilterName = pConfig->GetImportFilterName(nFormat); OUString aExternalFilterName = pConfig->GetExternalFilterName(nFormat, false); |