From 381ea04355deae554aeb84f373f012e28518a5f2 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Mon, 26 Jan 2015 11:03:08 +0000
Subject: coverity#1244946 Untrusted value as argument

Change-Id: Id7ad0f2060afb2f12d3111400f45d3d63e6abf8f
---
 tools/source/generic/poly2.cxx | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'tools')

diff --git a/tools/source/generic/poly2.cxx b/tools/source/generic/poly2.cxx
index 9ed24b1b7484..f6b6f3efc2ce 100644
--- a/tools/source/generic/poly2.cxx
+++ b/tools/source/generic/poly2.cxx
@@ -578,6 +578,15 @@ SvStream& ReadPolyPolygon( SvStream& rIStream, tools::PolyPolygon& rPolyPoly )
     // Read number of polygons
     rIStream.ReadUInt16( nPolyCount );
 
+    const size_t nMinRecordSize = sizeof(sal_uInt16);
+    const size_t nMaxRecords = rIStream.remainingSize() / nMinRecordSize;
+    if (nPolyCount > nMaxRecords)
+    {
+        SAL_WARN("vcl.gdi", "Parsing error: " << nMaxRecords <<
+                 " max possible entries, but " << nPolyCount << " claimed, truncating");
+        nPolyCount = nMaxRecords;
+    }
+
     if( nPolyCount )
     {
         if ( rPolyPoly.mpImplPolyPolygon->mnRefCount > 1 )
-- 
cgit v1.2.3