diff options
| author | David Tardon <dtardon@redhat.com> | 2017-09-15 20:04:43 +0200 |
|---|---|---|
| committer | David Tardon <dtardon@redhat.com> | 2017-09-15 20:04:43 +0200 |
| commit | b51b2c3f55115ca61054fd8689c67939d4f3d999 (patch) | |
| tree | 09badcfbbba7a37665326137d15afb85980e8692 | |
| parent | e5301b388190e7562e4cb0984e94e55636029f7d (diff) | |
cid#1371571 sanitize loop bound
Change-Id: I4d943db17124508785044e0896f2ebe6e1258fb9
| -rw-r--r-- | src/lib/CMXParser.cpp | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/CMXParser.cpp b/src/lib/CMXParser.cpp index 1f6c2d0..5d77181 100644 --- a/src/lib/CMXParser.cpp +++ b/src/lib/CMXParser.cpp @@ -1941,6 +1941,7 @@ void libcdr::CMXParser::readIxtl(librevenge::RVNGInputStream *input) return; } unsigned type = readU16(input, m_bigEndian); + sanitizeNumRecords(numRecords, m_precision, 4, 4 - 1, 0, getRemainingLength(input)); for (unsigned j = 1; j <= numRecords; ++j) { switch (type) |