[Libreoffice-commits] .: 2 commits - sw/qa sw/source

Caolán McNamara caolan at kemper.freedesktop.org
Wed Jul 6 01:37:12 PDT 2011 

 sw/qa/core/data/ww8/fail/CVE-2008-0320-1.doc |binary
 sw/source/core/doc/docnew.cxx                |   59 +++++++++++++--------------
 sw/source/filter/ww8/ww8par3.cxx             |    2 
 3 files changed, 31 insertions(+), 30 deletions(-)

New commits:
commit b991a2fb76e2859d7f04793ad7ad3a0596d8d630
Author: marc-andre at atc.tcs.com <marc-andre at atc.tcs.com>
Date:   Wed Jul 6 13:15:42 2011 +0530

    Fixed core dump and invalid memory access for some edge cases

diff --git a/sw/source/core/doc/docnew.cxx b/sw/source/core/doc/docnew.cxx
index 6cc62a1..111afa7 100644
--- a/sw/source/core/doc/docnew.cxx
+++ b/sw/source/core/doc/docnew.cxx
@@ -909,39 +909,40 @@ void SwDoc::UpdateLinks( sal_Bool bUI )
 {
     SfxObjectCreateMode eMode;
     sal_uInt16 nLinkMode = getLinkUpdateMode( true );
-    sal_uInt16 nUpdateDocMode = GetDocShell()->GetUpdateDocMode();
-    if( GetDocShell() &&
-            (nLinkMode != NEVER ||  document::UpdateDocMode::FULL_UPDATE == nUpdateDocMode) &&
-        GetLinkManager().GetLinks().Count() &&
-        SFX_CREATE_MODE_INTERNAL !=
-                    ( eMode = GetDocShell()->GetCreateMode()) &&
-        SFX_CREATE_MODE_ORGANIZER != eMode &&
-        SFX_CREATE_MODE_PREVIEW != eMode &&
-        !GetDocShell()->IsPreview() )
-    {
-        ViewShell* pVSh = 0;
-        sal_Bool bAskUpdate = nLinkMode == MANUAL;
-        sal_Bool bUpdate = sal_True;
-        switch(nUpdateDocMode)
-        {
-            case document::UpdateDocMode::NO_UPDATE:   bUpdate = sal_False;break;
-            case document::UpdateDocMode::QUIET_UPDATE:bAskUpdate = sal_False; break;
-            case document::UpdateDocMode::FULL_UPDATE: bAskUpdate = sal_True; break;
-        }
-        if( bUpdate && (bUI || !bAskUpdate) )
+    if ( GetDocShell()) {
+        sal_uInt16 nUpdateDocMode = GetDocShell()->GetUpdateDocMode();
+        if( (nLinkMode != NEVER ||  document::UpdateDocMode::FULL_UPDATE == nUpdateDocMode) &&
+            GetLinkManager().GetLinks().Count() &&
+            SFX_CREATE_MODE_INTERNAL !=
+                        ( eMode = GetDocShell()->GetCreateMode()) &&
+            SFX_CREATE_MODE_ORGANIZER != eMode &&
+            SFX_CREATE_MODE_PREVIEW != eMode &&
+            !GetDocShell()->IsPreview() )
         {
-            SfxMedium* pMedium = GetDocShell()->GetMedium();
-            SfxFrame* pFrm = pMedium ? pMedium->GetLoadTargetFrame() : 0;
-            Window* pDlgParent = pFrm ? &pFrm->GetWindow() : 0;
-            if( GetCurrentViewShell() && !GetEditShell( &pVSh ) && !pVSh )	//swmod 071108//swmod 071225
+            ViewShell* pVSh = 0;
+            sal_Bool bAskUpdate = nLinkMode == MANUAL;
+            sal_Bool bUpdate = sal_True;
+            switch(nUpdateDocMode)
             {
-                ViewShell aVSh( *this, 0, 0 );
+                case document::UpdateDocMode::NO_UPDATE:   bUpdate = sal_False;break;
+                case document::UpdateDocMode::QUIET_UPDATE:bAskUpdate = sal_False; break;
+                case document::UpdateDocMode::FULL_UPDATE: bAskUpdate = sal_True; break;
+            }
+            if( bUpdate && (bUI || !bAskUpdate) )
+            {
+                SfxMedium* pMedium = GetDocShell()->GetMedium();
+                SfxFrame* pFrm = pMedium ? pMedium->GetLoadTargetFrame() : 0;
+                Window* pDlgParent = pFrm ? &pFrm->GetWindow() : 0;
+                if( GetCurrentViewShell() && !GetEditShell( &pVSh ) && !pVSh )	//swmod 071108//swmod 071225
+                {
+                    ViewShell aVSh( *this, 0, 0 );
 
-                SET_CURR_SHELL( &aVSh );
-                GetLinkManager().UpdateAllLinks( bAskUpdate , sal_True, sal_False, pDlgParent );
+                    SET_CURR_SHELL( &aVSh );
+                    GetLinkManager().UpdateAllLinks( bAskUpdate , sal_True, sal_False, pDlgParent );
+                }
+                else
+                    GetLinkManager().UpdateAllLinks( bAskUpdate, sal_True, sal_False, pDlgParent );
             }
-            else
-                GetLinkManager().UpdateAllLinks( bAskUpdate, sal_True, sal_False, pDlgParent );
         }
     }
 
diff --git a/sw/source/filter/ww8/ww8par3.cxx b/sw/source/filter/ww8/ww8par3.cxx
index 3559ca4..fffb4e4 100644
--- a/sw/source/filter/ww8/ww8par3.cxx
+++ b/sw/source/filter/ww8/ww8par3.cxx
@@ -761,7 +761,7 @@ bool WW8ListManager::ReadLVL(SwNumFmt& rNumFmt, SfxItemSet*& rpItemSet,
     for(nLevelB = 0; nLevelB <= nLevel; ++nLevelB)
     {
         sal_uInt8 nPos = aOfsNumsXCH[nLevelB];
-        if (nPos && sNumString.GetChar(nPos-1) < nMaxLevel)
+        if (nPos && nPos < sNumString.Len()  && sNumString.GetChar(nPos-1) < nMaxLevel)
         {
             if (rNotReallyThere[nLevelB])
                 aOfsNumsXCH[nLevelB] = 0;
commit 2b1d49bc71ca9f5df469063c7b87849958ab87d8
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Wed Jul 6 00:56:20 2011 +0100

    add another regression test

diff --git a/sw/qa/core/data/ww8/fail/CVE-2008-0320-1.doc b/sw/qa/core/data/ww8/fail/CVE-2008-0320-1.doc
new file mode 100644
index 0000000..b5a0832
Binary files /dev/null and b/sw/qa/core/data/ww8/fail/CVE-2008-0320-1.doc differ

More information about the Libreoffice-commits mailing list