cid#1219683 sanitize loop bound

Change-Id: Iada90b4cef5e35e465e385b45ef1e61dd1265c9d
author: David Tardon <dtardon@redhat.com> 2017-09-16 10:50:29 +0200
committer: David Tardon <dtardon@redhat.com> 2017-09-16 10:50:29 +0200
commit: cbf555d5fec350e261cc1698c77043a730b01efa (patch)
tree: 2e51735fe4f4484656768c783c77368b69153a58
parent: a2f0d4c7ce6951c761e7debaa820bb6523a2f7f9 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/FHParser.cpp b/src/lib/FHParser.cpp
index e4ea395..477dbbd 100644
--- a/src/lib/FHParser.cpp
+++ b/src/lib/FHParser.cpp
@@ -1388,6 +1388,8 @@ void libfreehand::FHParser::readList(librevenge::RVNGInputStream *input, libfree
   input->seek(6, librevenge::RVNG_SEEK_CUR);
   FHList lst;
   lst.m_listType = readU16(input);
+  if (size > getRemainingLength(input) / 2)
+    size = getRemainingLength(input) / 2;
   for (unsigned short i = 0; i < size; ++i)
     lst.m_elements.push_back(_readRecordId(input));
   if (m_version < 9)
author	David Tardon <dtardon@redhat.com>	2017-09-16 10:50:29 +0200
committer	David Tardon <dtardon@redhat.com>	2017-09-16 10:50:29 +0200
commit	cbf555d5fec350e261cc1698c77043a730b01efa (patch)
tree	2e51735fe4f4484656768c783c77368b69153a58
parent	a2f0d4c7ce6951c761e7debaa820bb6523a2f7f9 (diff)