summaryrefslogtreecommitdiffstats
path: root/source/kde/patch/calligra/calligra.words.fix_overflow.diff
diff options
context:
space:
mode:
Diffstat (limited to 'source/kde/patch/calligra/calligra.words.fix_overflow.diff')
-rw-r--r--source/kde/patch/calligra/calligra.words.fix_overflow.diff16
1 files changed, 16 insertions, 0 deletions
diff --git a/source/kde/patch/calligra/calligra.words.fix_overflow.diff b/source/kde/patch/calligra/calligra.words.fix_overflow.diff
new file mode 100644
index 000000000..1a68b3f9d
--- /dev/null
+++ b/source/kde/patch/calligra/calligra.words.fix_overflow.diff
@@ -0,0 +1,16 @@
+diff --git a/filters/words/msword-odf/wv2/src/styles.cpp b/filters/words/msword-odf/wv2/src/styles.cpp
+index 02a82a0..78ac31d 100644
+--- a/filters/words/msword-odf/wv2/src/styles.cpp
++++ b/filters/words/msword-odf/wv2/src/styles.cpp
+@@ -248,6 +248,11 @@ throw(InvalidFormatException)
+ #ifdef WV2_DEBUG_STYLESHEET
+ wvlog << "cbUPX: " << cbUPX << endl;
+ #endif
++ // do not overflow the allocated buffer grupx
++ if (offset + cbUPX > grupxLen) {
++ wvlog << "====> Error: grupx would overflow!" << endl;
++ return false;
++ }
+ for ( U16 j = 0; j < cbUPX; ++j ) {
+ grupx[ offset + j ] = stream->readU8(); // read the whole UPX
+ #ifdef WV2_DEBUG_STYLESHEET