Apache OpenOffice (AOO) Bugzilla – Issue 47236
crash / load malicious data ...
Last modified: 2005-04-12 16:04:03 UTC
So - this appeared on bugtraq recently: Index: sot/source/sdstor/stgole.cxx =================================================================== RCS file: /cvs/util/sot/source/sdstor/stgole.cxx,v retrieving revision 1.4 diff -u -p -u -r1.4 stgole.cxx --- sot/source/sdstor/stgole.cxx 22 Jul 2002 12:28:43 -0000 1.4 +++ sot/source/sdstor/stgole.cxx 12 Apr 2005 10:14:48 -0000 @@ -157,7 +157,7 @@ BOOL StgCompObjStream::Load() INT32 nLen1 = 0; *this >> nLen1; sal_Char* p = new sal_Char[ (USHORT) nLen1 ]; - if( Read( p, nLen1 ) == (ULONG) nLen1 ) + if( Read( p, (USHORT) nLen1 ) == (ULONG) nLen1 ) { aUserName = String( p, gsl_getSystemTextEncoding() ); /* // Now we can read the CB format
duplicate, fixed in fwkfinal8 apparently as well as backports to 1.1.4 *** This issue has been marked as a duplicate of 46388 ***
close as dup