cid#1448412 Untrusted value as argument

Change-Id: I89196af1fc823ef9fcf1e5a9cdb4ee07d72d6600 Reviewed-on: https://gerrit.libreoffice.org/81950 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2019-11-02 20:34:50 +0000
committer: Caolán McNamara <caolanm@redhat.com> 2019-11-03 21:42:07 +0100
commit: f59630c6315031cfc44c0f21cc9a1cd151b81ff0 (patch)
tree: b76eb70f871aac2bc0ef399a458f6d770b745ac7 /comphelper
parent: make some classes module-private (diff)
download: core-f59630c6315031cfc44c0f21cc9a1cd151b81ff0.tar.gz
core-f59630c6315031cfc44c0f21cc9a1cd151b81ff0.zip
1 files changed, 13 insertions, 1 deletions
diff --git a/comphelper/source/misc/backupfilehelper.cxx b/comphelper/source/misc/backupfilehelper.cxx
index 5421f1510ba4..464fbeb89048 100644
--- a/comphelper/source/misc/backupfilehelper.cxx
+++ b/comphelper/source/misc/backupfilehelper.cxx
@@ -154,7 +154,19 @@ namespace
             return false;
         }
 
-        std::vector< sal_Char > aTarget(nLength);
+        sal_uInt64 nPos;
+        if (osl::File::E_None != rFile->getPos(nPos))
+            return false;
+
+        sal_uInt64 nSize;
+        if (osl::File::E_None != rFile->getSize(nSize))
+            return false;
+
+        const auto nRemainingSize = nSize - nPos;
+        if (nLength > nRemainingSize)
+            return false;
+
+        std::vector<sal_Char> aTarget(nLength);
         sal_uInt64 nBaseRead(0);
 
         // read rTarget
author	Caolán McNamara <caolanm@redhat.com>	2019-11-02 20:34:50 +0000
committer	Caolán McNamara <caolanm@redhat.com>	2019-11-03 21:42:07 +0100
commit	f59630c6315031cfc44c0f21cc9a1cd151b81ff0 (patch)
tree	b76eb70f871aac2bc0ef399a458f6d770b745ac7 /comphelper
parent	make some classes module-private (diff)
download	core-f59630c6315031cfc44c0f21cc9a1cd151b81ff0.tar.gz core-f59630c6315031cfc44c0f21cc9a1cd151b81ff0.zip