cid#1219687 sanitize loop bound

Change-Id: I6448038bdc54c7dd6a6e906d8d51a19c4a1a1ef3
author: David Tardon <dtardon@redhat.com> 2017-09-16 10:52:39 +0200
committer: David Tardon <dtardon@redhat.com> 2017-09-16 10:52:39 +0200
commit: 109141a84f4a8076e2a906569e95a53f4306afa5 (patch)
tree: 3644e4afc81d9bcec52fea58ce6a6cfbb5cf7dec
parent: 4d287fb51e6f0f36283d22908767c7b9e985f09e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/FHParser.cpp b/src/lib/FHParser.cpp
index ec79fdf..585fa8c 100644
--- a/src/lib/FHParser.cpp
+++ b/src/lib/FHParser.cpp
@@ -1459,6 +1459,8 @@ void libfreehand::FHParser::readMultiColorList(librevenge::RVNGInputStream *inpu
   std::vector<FHColorStop> colorStops;
   unsigned short num = readU16(input);
   input->seek(2, librevenge::RVNG_SEEK_CUR);
+  if (num > getRemainingLength(input) / 10)
+    num = getRemainingLength(input) / 10;
   for (unsigned short i = 0; i < num; ++i)
   {
     FHColorStop colorStop;
author	David Tardon <dtardon@redhat.com>	2017-09-16 10:52:39 +0200
committer	David Tardon <dtardon@redhat.com>	2017-09-16 10:52:39 +0200
commit	109141a84f4a8076e2a906569e95a53f4306afa5 (patch)
tree	3644e4afc81d9bcec52fea58ce6a6cfbb5cf7dec
parent	4d287fb51e6f0f36283d22908767c7b9e985f09e (diff)