emfio/source/reader/emfreader.cxx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
New commits: commit 662840c33d7736a8d873b2c53f6d0cb6dd3b2998 Author: Caolán McNamara <[email protected]> AuthorDate: Thu May 11 08:44:14 2023 +0100 Commit: Caolán McNamara <[email protected]> CommitDate: Thu May 11 11:40:57 2023 +0200 ofz#58836 Out-of-memory Change-Id: I792bb179d2ac0133175e2690df6731fcb8bbbc15 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151659 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> diff --git a/emfio/source/reader/emfreader.cxx b/emfio/source/reader/emfreader.cxx index ee848097b84f..c053cee39c40 100644 --- a/emfio/source/reader/emfreader.cxx +++ b/emfio/source/reader/emfreader.cxx @@ -944,11 +944,9 @@ namespace emfio case EMR_POLYDRAW: { - sal_uInt32 nPointsCount, nBezierCount = 0; + sal_uInt32 nPointsCount(0), nBezierCount(0); std::vector<Point> aPoints; - sal_Int32 nX, nY; bool wrongFile = false; - unsigned char nPointType; std::vector<unsigned char> aPointTypes; mpInputStream->ReadInt32(nX32) .ReadInt32(nY32) @@ -956,15 +954,17 @@ namespace emfio .ReadInt32(ny32) .ReadUInt32(nPointsCount); - aPoints.reserve(nPointsCount); + aPoints.reserve(std::min<size_t>(nPointsCount, mpInputStream->remainingSize() / (sizeof(sal_Int32) * 2))); for (sal_uInt32 i = 0; i < nPointsCount && mpInputStream->good(); i++) { + sal_Int32 nX, nY; *mpInputStream >> nX >> nY; aPoints.push_back(Point(nX, nY)); } - aPointTypes.reserve(nPointsCount); + aPointTypes.reserve(std::min<size_t>(nPointsCount, mpInputStream->remainingSize())); for (sal_uInt32 i = 0; i < nPointsCount && mpInputStream->good(); i++) { + unsigned char nPointType(0); mpInputStream->ReadUChar(nPointType); aPointTypes.push_back(nPointType); SAL_INFO_IF(aPointTypes[i] == PT_MOVETO, "emfio",
