cid#1306206 sanitize loop bound

Change-Id: I10b8c3fdf81c526394eca87b6b23b0955827aef3
author: David Tardon <dtardon@redhat.com> 2017-09-16 10:33:15 +0200
committer: David Tardon <dtardon@redhat.com> 2017-09-16 10:33:15 +0200
commit: 8b63d7a1f93d8ce4951ac56d5854b9c622657ce4 (patch)
tree: a10941a93c3267363a1b91c016325fdf313107ac
parent: 44b4814516b60546a1268dbd5e4c23f5b85be116 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/FHParser.cpp b/src/lib/FHParser.cpp
index 0a39273..31f0b9d 100644
--- a/src/lib/FHParser.cpp
+++ b/src/lib/FHParser.cpp
@@ -2195,6 +2195,8 @@ void libfreehand::FHParser::readTextBlok(librevenge::RVNGInputStream *input, lib
 {
   unsigned short size = readU16(input);
   unsigned short length = readU16(input);
+  if (length > getRemainingLength(input) / 2)
+    length = getRemainingLength(input) / 2;
   std::vector<unsigned short> characters;
   for (unsigned i = 0; i < length; ++i)
     characters.push_back(readU16(input));
author	David Tardon <dtardon@redhat.com>	2017-09-16 10:33:15 +0200
committer	David Tardon <dtardon@redhat.com>	2017-09-16 10:33:15 +0200
commit	8b63d7a1f93d8ce4951ac56d5854b9c622657ce4 (patch)
tree	a10941a93c3267363a1b91c016325fdf313107ac
parent	44b4814516b60546a1268dbd5e4c23f5b85be116 (diff)