cid#1219695 sanitize loop bound

Change-Id: Ie611c0413bdaec407f970a2be78a4ee3eeb75bce
author: David Tardon <dtardon@redhat.com> 2017-09-16 10:56:36 +0200
committer: David Tardon <dtardon@redhat.com> 2017-09-16 10:56:36 +0200
commit: 6ef5ce8b2a70647ca86f12ef4dc68efff9517b51 (patch)
tree: c955f1c04f5423cad9aa7f02549a443f96ecfc9d
parent: 1245e978c060059f94021e2ceae725518e1708f0 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/FHParser.cpp b/src/lib/FHParser.cpp
index 47e9a96..3c2d2bd 100644
--- a/src/lib/FHParser.cpp
+++ b/src/lib/FHParser.cpp
@@ -1629,6 +1629,8 @@ void libfreehand::FHParser::readParagraph(librevenge::RVNGInputStream *input, li
   FHParagraph paragraph;
   paragraph.m_paraStyleId = _readRecordId(input);
   paragraph.m_textBlokId = _readRecordId(input);
+  if (size > getRemainingLength(input) / 24)
+    size = getRemainingLength(input) / 24;
   for (unsigned short i = 0; i < size; ++i)
   {
     std::pair<unsigned, unsigned> charStyleId;
author	David Tardon <dtardon@redhat.com>	2017-09-16 10:56:36 +0200
committer	David Tardon <dtardon@redhat.com>	2017-09-16 10:56:36 +0200
commit	6ef5ce8b2a70647ca86f12ef4dc68efff9517b51 (patch)
tree	c955f1c04f5423cad9aa7f02549a443f96ecfc9d
parent	1245e978c060059f94021e2ceae725518e1708f0 (diff)