lokdocview: guard against int overflow

If a too large rectangle is parsed, the width or the height may be larger than std::numeric_limits<int>::max(), in that case just set width/height to that max value, instead of allowing an overflow. Change-Id: Ic01319b01a3f9286501c346ea765868be57466a1

lokdocview: guard against int overflow
If a too large rectangle is parsed, the width or the height may be larger than std::numeric_limits<int>::max(), in that case just set width/height to that max value, instead of allowing an overflow. Change-Id: Ic01319b01a3f9286501c346ea765868be57466a1
28447258 · Miklos Vajna · 11aa8ac4 · 28447258
Kaydet (Commit) 28447258 authored Eyl 20, 2016 tarafından Miklos Vajna
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 2 deletions

lokdocview.cxx libreofficekit/source/gtk/lokdocview.cxx +10 -2

No files found.
--- a/libreofficekit/source/gtk/lokdocview.cxx
+++ b/libreofficekit/source/gtk/lokdocview.cxx
@@ -1035,13 +1035,21 @@ payloadToRectangle (LOKDocView* pDocView, const char* pPayload)
    ++ppCoordinate;
    if (!*ppCoordinate)
        return aRet;
-    aRet.width = atoi(*ppCoordinate);
+    long l = atol(*ppCoordinate);
+    if (l > std::numeric_limits<int>::max())
+        aRet.width = std::numeric_limits<int>::max();
+    else
+        aRet.width = l;
    if (aRet.x + aRet.width > priv->m_nDocumentWidthTwips)
        aRet.width = priv->m_nDocumentWidthTwips - aRet.x;
    ++ppCoordinate;
    if (!*ppCoordinate)
        return aRet;
-    aRet.height = atoi(*ppCoordinate);
+    l = atol(*ppCoordinate);
+    if (l > std::numeric_limits<int>::max())
+        aRet.height = std::numeric_limits<int>::max();
+    else
+        aRet.height = l;
    if (aRet.y + aRet.height > priv->m_nDocumentHeightTwips)
        aRet.height = priv->m_nDocumentHeightTwips - aRet.y;
    g_strfreev(ppCoordinates);