cid#1306208 sanitize loop bound

Change-Id: I33d0013a193f4d9a2f92332cde71ce2d00bd02a4
author: David Tardon <dtardon@redhat.com> 2017-09-16 10:35:41 +0200
committer: David Tardon <dtardon@redhat.com> 2017-09-16 10:35:41 +0200
commit: 99db282d016e6b642da6463d00447cbdbb6dbff0 (patch)
tree: 07964236ea1dd261adf8eb5dceaf6c6410d345a5
parent: 692a72d740642fb7fec7fc1af85d9b6a15c8f3be (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/FHParser.cpp b/src/lib/FHParser.cpp
index 0959305..c439b9a 100644
--- a/src/lib/FHParser.cpp
+++ b/src/lib/FHParser.cpp
@@ -2382,6 +2382,8 @@ void libfreehand::FHParser::readUString(librevenge::RVNGInputStream *input, libf
   long startPosition = input->tell();
   unsigned short size = readU16(input);
   unsigned short length = readU16(input);
+  if (length > getRemainingLength(input) / 2)
+    length = getRemainingLength(input) / 2;
   std::vector<unsigned short> ustr;
   unsigned short character = 0;
   if (length)
author	David Tardon <dtardon@redhat.com>	2017-09-16 10:35:41 +0200
committer	David Tardon <dtardon@redhat.com>	2017-09-16 10:35:41 +0200
commit	99db282d016e6b642da6463d00447cbdbb6dbff0 (patch)
tree	07964236ea1dd261adf8eb5dceaf6c6410d345a5
parent	692a72d740642fb7fec7fc1af85d9b6a15c8f3be (diff)