summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2017-05-07 14:56:51 +0100
committerCaolán McNamara <caolanm@redhat.com>2017-05-07 14:59:56 +0100
commitf5c0d7508b972898153bbf4069c9ea48f53d64d5 (patch)
tree1b5b8c682db79906089d783f863fc240b2db42fd
parentaa722151d0e76fddbc3801667f5d613690d5a4d9 (diff)
ofz check against expected struct size
don't copy vector and const up as well Change-Id: Ia9c9dd9e0dee2300f8f60eec15b67e4a349c8a93
-rw-r--r--sw/source/filter/ww8/ww8par.cxx12
1 files changed, 8 insertions, 4 deletions
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index e6c87cf0d852..aa22f3a9e6da 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -4979,10 +4979,14 @@ sal_uLong SwWW8ImplReader::CoreLoad(WW8Glossary *pGloss)
for (size_t i=0; i < aLinkStrings.size() && i < aStringIds.size(); ++i)
{
- ww::bytes stringId = aStringIds[i];
- WW8_STRINGID *stringIdStruct = reinterpret_cast<WW8_STRINGID*>(&stringId[0]);
- m_aLinkStringMap[SVBT16ToShort(stringIdStruct->nStringId)] =
- aLinkStrings[i];
+ const ww::bytes& stringId = aStringIds[i];
+ if (stringId.size() < sizeof(WW8_STRINGID))
+ {
+ SAL_WARN("sw.ww8", "SwWW8ImplReader::CoreLoad: WW8_STRINGID is too short");
+ continue;
+ }
+ const WW8_STRINGID *stringIdStruct = reinterpret_cast<const WW8_STRINGID*>(stringId.data());
+ m_aLinkStringMap[SVBT16ToShort(stringIdStruct->nStringId)] = aLinkStrings[i];
}
ReadDocVars(); // import document variables as meta information.