cid#1219682 sanitize loop bound

Change-Id: Ifa4db921d7123379caf542e66e7c075de3f87ab3
author: David Tardon <dtardon@redhat.com> 2017-09-16 10:48:01 +0200
committer: David Tardon <dtardon@redhat.com> 2017-09-16 10:49:59 +0200
commit: 39264a242cabab28ac8aa873935f28993da13dd1 (patch)
tree: 96201c91e24826713d3506125b8ec2c46958426d
parent: 7330ed37729eb29006363a4a9b440bbeb6e185b5 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/FHParser.cpp b/src/lib/FHParser.cpp
index c0d7c2a..d817e86 100644
--- a/src/lib/FHParser.cpp
+++ b/src/lib/FHParser.cpp
@@ -2370,6 +2370,8 @@ void libfreehand::FHParser::readTString(librevenge::RVNGInputStream *input, libf
   unsigned short size2 = readU16(input);
   unsigned short size = readU16(input);
   input->seek(16, librevenge::RVNG_SEEK_CUR);
+  if (size > getRemainingLength(input) / 2)
+    size = getRemainingLength(input) / 2;
   std::vector<unsigned> elements;
   for (unsigned short i = 0; i < size; ++i)
     elements.push_back(_readRecordId(input));
author	David Tardon <dtardon@redhat.com>	2017-09-16 10:48:01 +0200
committer	David Tardon <dtardon@redhat.com>	2017-09-16 10:49:59 +0200
commit	39264a242cabab28ac8aa873935f28993da13dd1 (patch)
tree	96201c91e24826713d3506125b8ec2c46958426d
parent	7330ed37729eb29006363a4a9b440bbeb6e185b5 (diff)