[Libreoffice-commits] .: 3 commits - starmath/source sw/qa sw/source
Caolán McNamara
caolan at kemper.freedesktop.org
Mon Jul 4 02:49:39 PDT 2011
starmath/source/mathtype.hxx | 6 ++++--
sw/qa/core/data/ww8/pass/CVE-2006-3493-1.doc |binary
sw/qa/core/data/ww8/pass/CVE-2006-6628-1.doc |binary
sw/qa/core/data/ww8/pass/CVE-2007-1347-1.doc |binary
sw/qa/core/data/ww8/pass/CVE-2008-2752-1.doc |binary
sw/qa/core/data/ww8/pass/CVE-2008-2752-2.doc |binary
sw/qa/core/data/ww8/pass/CVE-2008-2752-3.doc |binary
sw/qa/core/data/ww8/pass/CVE-2008-2752-4.doc |binary
sw/qa/core/data/ww8/pass/CVE-2008-4841-1.doc | 1 +
sw/qa/core/data/ww8/pass/CVE-2009-0259-1.doc |binary
sw/qa/core/data/ww8/pass/CVE-2010-3200-1.doc |binary
sw/source/filter/ww8/ww8par.cxx | 2 ++
sw/source/filter/ww8/ww8par.hxx | 20 ++++++++++----------
sw/source/filter/ww8/ww8par2.cxx | 8 ++++++--
sw/source/filter/ww8/ww8par6.cxx | 22 ++++++++--------------
15 files changed, 31 insertions(+), 28 deletions(-)
New commits:
commit 42f126bae08cbcc1367559fdda20a469521110d7
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jul 4 10:37:54 2011 +0100
Related: #i86988# make abo levels safer
diff --git a/sw/qa/core/data/ww8/pass/CVE-2006-3493-1.doc b/sw/qa/core/data/ww8/pass/CVE-2006-3493-1.doc
new file mode 100644
index 0000000..af452dd
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/CVE-2006-3493-1.doc differ
diff --git a/sw/qa/core/data/ww8/pass/CVE-2006-6628-1.doc b/sw/qa/core/data/ww8/pass/CVE-2006-6628-1.doc
new file mode 100644
index 0000000..240ea77
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/CVE-2006-6628-1.doc differ
diff --git a/sw/qa/core/data/ww8/pass/CVE-2007-1347-1.doc b/sw/qa/core/data/ww8/pass/CVE-2007-1347-1.doc
new file mode 100644
index 0000000..d25e62a
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/CVE-2007-1347-1.doc differ
diff --git a/sw/qa/core/data/ww8/pass/CVE-2008-2752-1.doc b/sw/qa/core/data/ww8/pass/CVE-2008-2752-1.doc
new file mode 100644
index 0000000..f51fa8f
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/CVE-2008-2752-1.doc differ
diff --git a/sw/qa/core/data/ww8/pass/CVE-2008-2752-2.doc b/sw/qa/core/data/ww8/pass/CVE-2008-2752-2.doc
new file mode 100644
index 0000000..7ce7a07
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/CVE-2008-2752-2.doc differ
diff --git a/sw/qa/core/data/ww8/pass/CVE-2008-2752-3.doc b/sw/qa/core/data/ww8/pass/CVE-2008-2752-3.doc
new file mode 100644
index 0000000..8b04872
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/CVE-2008-2752-3.doc differ
diff --git a/sw/qa/core/data/ww8/pass/CVE-2008-2752-4.doc b/sw/qa/core/data/ww8/pass/CVE-2008-2752-4.doc
new file mode 100644
index 0000000..148a30d
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/CVE-2008-2752-4.doc differ
diff --git a/sw/qa/core/data/ww8/pass/CVE-2008-4841-1.doc b/sw/qa/core/data/ww8/pass/CVE-2008-4841-1.doc
new file mode 120000
index 0000000..f099938
--- /dev/null
+++ b/sw/qa/core/data/ww8/pass/CVE-2008-4841-1.doc
@@ -0,0 +1 @@
+CVE-2009-0259-1.doc
\ No newline at end of file
diff --git a/sw/qa/core/data/ww8/pass/CVE-2009-0259-1.doc b/sw/qa/core/data/ww8/pass/CVE-2009-0259-1.doc
new file mode 100644
index 0000000..0942b6d
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/CVE-2009-0259-1.doc differ
diff --git a/sw/qa/core/data/ww8/pass/CVE-2010-3200-1.doc b/sw/qa/core/data/ww8/pass/CVE-2010-3200-1.doc
new file mode 100644
index 0000000..596aec9
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/CVE-2010-3200-1.doc differ
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 0073f23..5254ef5 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -5662,6 +5662,8 @@ bool SwWW8ImplReader::InEqualApo(int nLvl) const
//the table.
if (nLvl)
--nLvl;
+ if (nLvl < 0 || static_cast<size_t>(nLvl) >= maApos.size())
+ return false;
return maApos[nLvl];
}
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index fb97465..2397852 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -612,6 +612,8 @@ ApoTestResults SwWW8ImplReader::TestApo(int nCellLevel, bool bTableRowEnd,
//unit no matter what else happens. So if we are not in a table at
//all, or if we are in the first cell then test that the last frame
//data is the same as the current one
+ fprintf(stderr, "apo is %d\n", bNowApo);
+ fprintf(stderr, "equal-apo is %d\n", InEqualApo(nCellLevel));
if (bNowApo && InEqualApo(nCellLevel))
{
// two bordering eachother
commit 3aaefe843fd0c82550418ee99ba1ffad4d3e0e91
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jul 4 10:13:32 2011 +0100
Related: #i115768# use cached data values instead of pointer to sprm cache
use cached data value in case underlying sprm cache goes away
diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx
index 42a2cf6..fd8d7dd 100644
--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -245,13 +245,12 @@ struct WW8FlyPara
// enthaltene Grafik anders als zeichengebunden
// zu positionieren
bool mbVertSet; // true if vertical positioning has been set
- sal_uInt8 nOrigSp29;
WW8FlyPara(bool bIsVer67, const WW8FlyPara* pSrc = 0);
bool operator==(const WW8FlyPara& rSrc) const;
- void Read(const sal_uInt8* pSprm29, WW8PLCFx_Cp_FKP* pPap);
- void ReadFull(const sal_uInt8* pSprm29, SwWW8ImplReader* pIo);
- void Read(const sal_uInt8* pSprm29, WW8RStyle* pStyle);
+ void Read(sal_uInt8 nSprm29, WW8PLCFx_Cp_FKP* pPap);
+ void ReadFull(sal_uInt8 nSprm29, SwWW8ImplReader* pIo);
+ void Read(sal_uInt8 nSprm29, WW8RStyle* pStyle);
void ApplyTabPos(const WW8_TablePos *pTabPos);
bool IsEmpty() const;
};
@@ -879,14 +878,15 @@ struct ApoTestResults
{
bool mbStartApo;
bool mbStopApo;
- const sal_uInt8* mpSprm37;
- const sal_uInt8* mpSprm29;
+ bool m_bHasSprm37;
+ bool m_bHasSprm29;
+ sal_uInt8 m_nSprm29;
WW8FlyPara* mpStyleApo;
- ApoTestResults() :
- mbStartApo(false), mbStopApo(false), mpSprm37(0), mpSprm29(0),
- mpStyleApo(0) {}
+ ApoTestResults()
+ : mbStartApo(false), mbStopApo(false), m_bHasSprm37(false)
+ , m_bHasSprm29(false), m_nSprm29(0), mpStyleApo(0) {}
bool HasStartStop() const { return (mbStartApo || mbStopApo); }
- bool HasFrame() const { return (mpSprm29 || mpSprm37 || mpStyleApo); }
+ bool HasFrame() const { return (m_bHasSprm29 || m_bHasSprm37 || mpStyleApo); }
};
struct ANLDRuleMap
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index 92cf106..fb97465 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -549,8 +549,10 @@ ApoTestResults SwWW8ImplReader::TestApo(int nCellLevel, bool bTableRowEnd,
to see if we are still in that frame.
*/
- aRet.mpSprm37 = pPlcxMan->HasParaSprm( bVer67 ? 37 : 0x2423 );
- aRet.mpSprm29 = pPlcxMan->HasParaSprm( bVer67 ? 29 : 0x261B );
+ aRet.m_bHasSprm37 = pPlcxMan->HasParaSprm( bVer67 ? 37 : 0x2423 );
+ const sal_uInt8 *pSrpm29 = pPlcxMan->HasParaSprm( bVer67 ? 29 : 0x261B );
+ aRet.m_bHasSprm29 = pSrpm29 != NULL;
+ aRet.m_nSprm29 = pSrpm29 ? *pSrpm29 : 0;
// Is there some frame data here
bool bNowApo = aRet.HasFrame() || pTopLevelTable;
diff --git a/sw/source/filter/ww8/ww8par6.cxx b/sw/source/filter/ww8/ww8par6.cxx
index 4272710..cd41644 100644
--- a/sw/source/filter/ww8/ww8par6.cxx
+++ b/sw/source/filter/ww8/ww8par6.cxx
@@ -1614,11 +1614,8 @@ bool WW8FlyPara::operator==(const WW8FlyPara& rSrc) const
}
// Read fuer normalen Text
-void WW8FlyPara::Read(const sal_uInt8* pSprm29, WW8PLCFx_Cp_FKP* pPap)
+void WW8FlyPara::Read(sal_uInt8 nOrigSp29, WW8PLCFx_Cp_FKP* pPap)
{
- if (pSprm29)
- nOrigSp29 = *pSprm29; // PPC ( Bindung )
-
const sal_uInt8* pS = 0;
if( bVer67 )
{
@@ -1669,12 +1666,12 @@ void WW8FlyPara::Read(const sal_uInt8* pSprm29, WW8PLCFx_Cp_FKP* pPap)
nSp29 = nOrigSp29;
}
-void WW8FlyPara::ReadFull(const sal_uInt8* pSprm29, SwWW8ImplReader* pIo)
+void WW8FlyPara::ReadFull(sal_uInt8 nOrigSp29, SwWW8ImplReader* pIo)
{
WW8PLCFMan* pPlcxMan = pIo->pPlcxMan;
WW8PLCFx_Cp_FKP* pPap = pPlcxMan->GetPapPLCF();
- Read(pSprm29, pPap); // Lies Apo-Parameter
+ Read(nOrigSp29, pPap); // Lies Apo-Parameter
do{ // Block zum rausspringen
if( nSp45 != 0 /* || nSp28 != 0 */ )
@@ -1720,7 +1717,7 @@ void WW8FlyPara::ReadFull(const sal_uInt8* pSprm29, SwWW8ImplReader* pIo)
WW8FlyPara aF(bVer67, pNowStyleApo);
// Neuer FlaPara zum Vergleich
- aF.Read( pS, pPap ); // WWPara fuer neuen Para
+ aF.Read( *pS, pPap ); // WWPara fuer neuen Para
if( !( aF == *this ) ) // selber APO ? ( oder neuer ? )
bGrafApo = true; // nein -> 1-zeiliger APO
// -> Grafik-APO
@@ -1734,11 +1731,8 @@ void WW8FlyPara::ReadFull(const sal_uInt8* pSprm29, SwWW8ImplReader* pIo)
// Read fuer Apo-Defs in Styledefs
-void WW8FlyPara::Read(const sal_uInt8* pSprm29, WW8RStyle* pStyle)
+void WW8FlyPara::Read(sal_uInt8 nOrigSp29, WW8RStyle* pStyle)
{
- if (pSprm29)
- nOrigSp29 = *pSprm29; // PPC ( Bindung )
-
const sal_uInt8* pS = 0;
if (bVer67)
{
@@ -2312,7 +2306,7 @@ WW8FlyPara *SwWW8ImplReader::ConstructApo(const ApoTestResults &rApo,
// APO-Parameter ermitteln und Test auf bGrafApo
if (rApo.HasFrame())
- pRet->ReadFull(rApo.mpSprm29, this);
+ pRet->ReadFull(rApo.m_nSprm29, this);
pRet->ApplyTabPos(pTabPos);
@@ -2589,7 +2583,7 @@ bool SwWW8ImplReader::TestSameApo(const ApoTestResults &rApo,
WW8FlyPara aF(bVer67, rApo.mpStyleApo);
// WWPara fuer akt. Para
if (rApo.HasFrame())
- aF.Read(rApo.mpSprm29, pPlcxMan->GetPapPLCF());
+ aF.Read(rApo.m_nSprm29, pPlcxMan->GetPapPLCF());
aF.ApplyTabPos(pTabPos);
return aF == *pWFlyPara;
@@ -4862,7 +4856,7 @@ void SwWW8ImplReader::Read_ApoPPC( sal_uInt16, const sal_uInt8* pData, short )
SwWW8StyInf& rSI = vColl[nAktColl];
WW8FlyPara* pFly = rSI.pWWFly ? rSI.pWWFly : new WW8FlyPara(bVer67);
vColl[nAktColl].pWWFly = pFly;
- pFly->Read(pData, pStyles);
+ pFly->Read(*pData, pStyles);
if (pFly->IsEmpty())
delete vColl[nAktColl].pWWFly, vColl[nAktColl].pWWFly = 0;
}
commit 8723fc54d518f341132c4296ad32480807b37191
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jul 4 01:26:18 2011 +0100
valgrind: init nTypeFace
diff --git a/starmath/source/mathtype.hxx b/starmath/source/mathtype.hxx
index c29c665..6660b77 100644
--- a/starmath/source/mathtype.hxx
+++ b/starmath/source/mathtype.hxx
@@ -64,14 +64,16 @@ class MathType
public:
MathType(String &rIn) :
rRet(rIn), nHAlign(0), nVAlign(0), nDefaultSize(12),
- nLSize(0), nDSize(0), nCurSize(0), nLastSize(0), bIsSilent(sal_False)
+ nLSize(0), nDSize(0), nCurSize(0), nLastSize(0), bIsSilent(sal_False),
+ nTypeFace(0)
{
Init();
}
MathType(String &rIn,SmNode *pIn) :
rRet(rIn), pTree(pIn), nHAlign(2), nVAlign(0), nInsertion(0), nDefaultSize(12),
- nLSize(0), nDSize(0), nCurSize(0), nLastSize(0), nSpec(0), bIsSilent(sal_False)
+ nLSize(0), nDSize(0), nCurSize(0), nLastSize(0), nSpec(0), bIsSilent(sal_False),
+ nTypeFace(0)
{
Init();
}
More information about the Libreoffice-commits
mailing list