libcdr.git: src/lib

Libreoffice Gerrit user Sat, 23 May 2026 08:57:38 -0700

 src/lib/CDRParser.cpp |    6 ++++++
 1 file changed, 6 insertions(+)

New commits:
commit acc5132102da5814b6eb7cc31d0a3a9fc343211b
Author:     Caolán McNamara <[email protected]>
AuthorDate: Fri May 22 20:59:20 2026 +0000
Commit:     Caolán McNamara <[email protected]>
CommitDate: Sat May 23 17:57:14 2026 +0200


    cap CDRParser::parseRecords nesting depth
    
    similar to:
    
    commit dc5e9b17437c52af805e6674fbcd9a31e4ffd987
    Date:   Wed Jan 31 13:28:51 2018 +0100
    
        ofz#5845 limit max. record nesting depth
    
    Change-Id: I388c025129c9d91163f9c05b75c17b25d620902a
    Reviewed-on: https://gerrit.libreoffice.org/c/libcdr/+/205588
    Tested-by: Caolán McNamara <[email protected]>
    Reviewed-by: Caolán McNamara <[email protected]>

diff --git a/src/lib/CDRParser.cpp b/src/lib/CDRParser.cpp
index 3db6f62..e683421 100644
--- a/src/lib/CDRParser.cpp
+++ b/src/lib/CDRParser.cpp
@@ -564,12 +564,18 @@ void 
libcdr::CDRParser::readWaldoLoda(librevenge::RVNGInputStream *input, unsign
   input->seek(startPosition + length, librevenge::RVNG_SEEK_SET);
 }
 
+// Matches the sibling CMXParser::MAX_RECORD_DEPTH for the same kind of
+// RIFF-style chunk nesting in the CMX parser.
+constexpr unsigned MAX_RECORD_NESTING = 1 << 10;
+
 bool libcdr::CDRParser::parseRecords(librevenge::RVNGInputStream *input, const 
std::vector<unsigned> &blockLengths, unsigned level)
 {
   if (!input)
   {
     return false;
   }
+  if (level > MAX_RECORD_NESTING)
+    return false;
   m_collector->collectLevel(level);
   while (!input->isEnd())
   {

libcdr.git: src/lib

Reply via email to