Issue 47236 - crash / load malicious data ...
Summary: crash / load malicious data ...
Status: CLOSED DUPLICATE of issue 46388
Alias: None
Product: utilities
Classification: Unclassified
Component: code (show other issues)
Version: 680m90
Hardware: All All
: P2 Trivial (vote)
Target Milestone: ---
Assignee: hennes.rohling
QA Contact: Unknown
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-04-12 11:08 UTC by mmeeks
Modified: 2005-04-12 16:04 UTC (History)
2 users (show)

See Also:
Issue Type: PATCH
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description mmeeks 2005-04-12 11:08:48 UTC 
So - this appeared on bugtraq recently:

Index: sot/source/sdstor/stgole.cxx
===================================================================
RCS file: /cvs/util/sot/source/sdstor/stgole.cxx,v
retrieving revision 1.4
diff -u -p -u -r1.4 stgole.cxx
--- sot/source/sdstor/stgole.cxx	22 Jul 2002 12:28:43 -0000	1.4
+++ sot/source/sdstor/stgole.cxx	12 Apr 2005 10:14:48 -0000
@@ -157,7 +157,7 @@ BOOL StgCompObjStream::Load()
 		INT32 nLen1 = 0;
 		*this >> nLen1;
 		sal_Char* p = new sal_Char[ (USHORT) nLen1 ];
-		if( Read( p, nLen1 ) == (ULONG) nLen1 )
+		if( Read( p, (USHORT) nLen1 ) == (ULONG) nLen1 )
 		{
 			aUserName = String( p, gsl_getSystemTextEncoding() );
 /*			// Now we can read the CB format
Comment 1 caolanm 2005-04-12 16:03:33 UTC 
duplicate, fixed in fwkfinal8 apparently as well as backports to 1.1.4

*** This issue has been marked as a duplicate of 46388 ***
Comment 2 caolanm 2005-04-12 16:04:03 UTC 
close as dup