[Libreoffice-commits] .: 6 commits - sw/CppunitTest_sw_swdoc_test.mk sw/qa sw/source
Caolán McNamara
caolan at kemper.freedesktop.org
Mon Jul 11 01:29:44 PDT 2011
sw/CppunitTest_sw_swdoc_test.mk | 6 +
sw/qa/core/data/ww8/fail/CVE-2006-2389-1.doc |binary
sw/qa/core/data/ww8/pass/CVE-2006-6561-1.doc |binary
sw/source/core/layout/paintfrm.cxx | 20 -----
sw/source/core/sw3io/sw3convert.cxx | 108 ---------------------------
sw/source/filter/ww8/ww8par2.cxx | 57 ++------------
sw/source/filter/ww8/ww8scan.cxx | 53 +++++++++----
sw/source/filter/ww8/ww8scan.hxx | 4 -
8 files changed, 53 insertions(+), 195 deletions(-)
New commits:
commit 0458c669c05c43a27a7f9b750ec1dc242cce7d29
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jul 11 09:02:15 2011 +0100
check that seeks succeed, sanity check count of styles against recorded length
diff --git a/sw/qa/core/data/ww8/fail/CVE-2006-2389-1.doc b/sw/qa/core/data/ww8/fail/CVE-2006-2389-1.doc
new file mode 100644
index 0000000..a1bf07a
Binary files /dev/null and b/sw/qa/core/data/ww8/fail/CVE-2006-2389-1.doc differ
diff --git a/sw/qa/core/data/ww8/pass/CVE-2006-6561-1.doc b/sw/qa/core/data/ww8/pass/CVE-2006-6561-1.doc
new file mode 100644
index 0000000..240ea77
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/CVE-2006-6561-1.doc differ
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index 11ebee3..ad0ec3c 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -3680,14 +3680,13 @@ void WW8RStyle::ImportSprms(sal_Size nPosFc, short nLen, bool bPap)
if (!nLen)
return;
- sal_uInt8 *pSprms = new sal_uInt8[nLen];
-
- pStStrm->Seek(nPosFc);
- pStStrm->Read(pSprms, nLen);
-
- ImportSprms(pSprms, nLen, bPap);
-
- delete[] pSprms;
+ if (checkSeek(*pStStrm, nPosFc))
+ {
+ sal_uInt8 *pSprms = new sal_uInt8[nLen];
+ nLen = pStStrm->Read(pSprms, nLen);
+ ImportSprms(pSprms, nLen, bPap);
+ delete[] pSprms;
+ }
}
static inline short WW8SkipOdd(SvStream* pSt )
@@ -3714,8 +3713,6 @@ static inline short WW8SkipEven(SvStream* pSt )
short WW8RStyle::ImportUPX(short nLen, bool bPAP, bool bOdd)
{
- sal_Int16 cbUPX;
-
if( 0 < nLen ) // Empty ?
{
if (bOdd)
@@ -3723,6 +3720,7 @@ short WW8RStyle::ImportUPX(short nLen, bool bPAP, bool bOdd)
else
nLen = nLen - WW8SkipOdd( pStStrm );
+ sal_Int16 cbUPX(0);
*pStStrm >> cbUPX;
nLen-=2;
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 186de07..f2a21d7 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -5940,23 +5940,35 @@ WW8Style::WW8Style(SvStream& rStream, WW8Fib& rFibPara)
stiMaxWhenSaved(0), istdMaxFixedWhenSaved(0), nVerBuiltInNamesWhenSaved(0),
ftcAsci(0), ftcFE(0), ftcOther(0), ftcBi(0)
{
- nStyleStart = rFib.fcStshf;
- nStyleLen = rFib.lcbStshf;
-
- rSt.Seek(nStyleStart);
+ if (!checkSeek(rSt, rFib.fcStshf))
+ return;
sal_uInt16 cbStshi = 0; // 2 bytes size of the following STSHI structure
+ sal_uInt32 nRemaining = rFib.lcbStshf;
+ const sal_uInt32 nMinValidStshi = 4;
if (rFib.GetFIBVersion() <= ww::eWW2)
{
cbStshi = 0;
cstd = 256;
}
- else if (rFib.nFib < 67) // old Version ? (need to find this again to fix)
- cbStshi = 4; // -> Laengenfeld fehlt
- else // neue Version:
- // lies die Laenge der in der Datei gespeicherten Struktur
- rSt >> cbStshi;
+ else
+ {
+ if (rFib.nFib < 67) // old Version ? (need to find this again to fix)
+ cbStshi = nMinValidStshi;
+ else // new version
+ {
+ if (nRemaining < sizeof(cbStshi))
+ return;
+ // lies die Laenge der in der Datei gespeicherten Struktur
+ rSt >> cbStshi;
+ nRemaining-=2;
+ }
+ }
+
+ cbStshi = std::min(static_cast<sal_uInt32>(cbStshi), nRemaining);
+ if (cbStshi < nMinValidStshi)
+ return;
sal_uInt16 nRead = cbStshi;
do
@@ -6003,10 +6015,16 @@ WW8Style::WW8Style(SvStream& rStream, WW8Fib& rFibPara)
while( !this ); // Trick: obiger Block wird genau einmal durchlaufen
// und kann vorzeitig per "break" verlassen werden.
- if( 0 != rSt.GetError() )
- {
- // wie denn nun den Error melden?
- }
+ nRemaining -= cbStshi;
+
+ //There will be stshi.cstd (cbSTD, STD) pairs in the file following the
+ //STSHI. Note that styles can be empty, i.e. cbSTD == 0
+ const sal_uInt32 nMinRecordSize = sizeof(sal_uInt16);
+ sal_uInt16 nMaxPossibleRecords = nRemaining/nMinRecordSize;
+
+ OSL_ENSURE(cstd <= nMaxPossibleRecords,
+ "allegedly more styles that available data\n");
+ cstd = std::min(cstd, nMaxPossibleRecords);
}
// Read1STDFixed() liest ein Style ein. Wenn der Style vollstaendig vorhanden
@@ -6017,7 +6035,7 @@ WW8_STD* WW8Style::Read1STDFixed( short& rSkip, short* pcbStd )
{
WW8_STD* pStd = 0;
- sal_uInt16 cbStd;
+ sal_uInt16 cbStd(0);
rSt >> cbStd; // lies Laenge
sal_uInt16 nRead = cbSTDBaseInFile;
@@ -6034,6 +6052,7 @@ WW8_STD* WW8Style::Read1STDFixed( short& rSkip, short* pcbStd )
sal_uInt16 a16Bit;
if( 2 > nRead ) break;
+ a16Bit = 0;
rSt >> a16Bit;
pStd->sti = a16Bit & 0x0fff ;
pStd->fScratch = 0 != ( a16Bit & 0x1000 );
@@ -6042,20 +6061,24 @@ WW8_STD* WW8Style::Read1STDFixed( short& rSkip, short* pcbStd )
pStd->fMassCopy = 0 != ( a16Bit & 0x8000 );
if( 4 > nRead ) break;
+ a16Bit = 0;
rSt >> a16Bit;
pStd->sgc = a16Bit & 0x000f ;
pStd->istdBase = ( a16Bit & 0xfff0 ) >> 4;
if( 6 > nRead ) break;
+ a16Bit = 0;
rSt >> a16Bit;
pStd->cupx = a16Bit & 0x000f ;
pStd->istdNext = ( a16Bit & 0xfff0 ) >> 4;
if( 8 > nRead ) break;
+ a16Bit = 0;
rSt >> pStd->bchUpe;
// ab Ver8 sollten diese beiden Felder dazukommen:
if(10 > nRead ) break;
+ a16Bit = 0;
rSt >> a16Bit;
pStd->fAutoRedef = a16Bit & 0x0001 ;
pStd->fHidden = ( a16Bit & 0x0002 ) >> 2;
diff --git a/sw/source/filter/ww8/ww8scan.hxx b/sw/source/filter/ww8/ww8scan.hxx
index 4b48045..135355e 100644
--- a/sw/source/filter/ww8/ww8scan.hxx
+++ b/sw/source/filter/ww8/ww8scan.hxx
@@ -1457,8 +1457,6 @@ class WW8Style
protected:
WW8Fib& rFib;
SvStream& rSt;
- long nStyleStart;
- long nStyleLen;
sal_uInt16 cstd; // Count of styles in stylesheet
sal_uInt16 cbSTDBaseInFile; // Length of STD Base as stored in a file
commit 66ead313ef52d85dd498b8ea8eb24fffc913b673
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sun Jul 10 23:10:14 2011 +0100
make the test depend on the resources, rather than the .cxx
diff --git a/sw/CppunitTest_sw_swdoc_test.mk b/sw/CppunitTest_sw_swdoc_test.mk
index ff5feca..f1c2336 100644
--- a/sw/CppunitTest_sw_swdoc_test.mk
+++ b/sw/CppunitTest_sw_swdoc_test.mk
@@ -34,8 +34,6 @@ $(eval $(call gb_CppunitTest_add_exception_objects,sw_swdoc_test, \
sw/qa/core/Test-BigPtrArray \
))
-$(call gb_CxxObject_get_target,sw/qa/core/swdoc-test): $(WORKDIR)/AllLangRes/sw
-
$(eval $(call gb_CppunitTest_add_library_objects,sw_swdoc_test,sw))
$(eval $(call gb_CppunitTest_add_linked_libs,sw_swdoc_test, \
@@ -119,4 +117,8 @@ $(eval $(call gb_RdbTarget_add_old_components,sw_swdoc_test,\
ucpfile1 \
))
+# we need to explicitly depend on the sw resource files needed at unit-test
+# runtime
+$(call gb_CppunitTest_get_target,sw_swdoc_test) : $(WORKDIR)/AllLangRes/sw
+
# vim: set noet sw=4:
commit 22d8f3cb95d591c13fcaeb1270cb36e20c6e8dd8
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sun Jul 10 00:37:06 2011 +0100
callcatcher: unused lcl_PamContainsFly
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index fb97465..11ebee3 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -3516,45 +3516,6 @@ bool SwWW8ImplReader::StartTable(WW8_CP nStartCp)
return bSuccess;
}
-bool lcl_PamContainsFly(SwPaM & rPam)
-{
- bool bResult = false;
- SwNodeRange aRg( rPam.Start()->nNode, rPam.End()->nNode );
- SwDoc * pDoc = rPam.GetDoc();
-
- sal_uInt16 n = 0;
- SwSpzFrmFmts * pSpzFmts = pDoc->GetSpzFrmFmts();
- sal_uInt16 nCount = pSpzFmts->Count();
- while (!bResult && n < nCount)
- {
- SwFrmFmt* pFly = (*pSpzFmts)[n];
- const SwFmtAnchor* pAnchor = &pFly->GetAnchor();
-
- switch (pAnchor->GetAnchorId())
- {
- case FLY_AT_PARA:
- case FLY_AT_CHAR:
- {
- const SwPosition* pAPos = pAnchor->GetCntntAnchor();
-
- if (pAPos != NULL &&
- aRg.aStart <= pAPos->nNode &&
- pAPos->nNode <= aRg.aEnd)
- {
- bResult = true;
- }
- }
- break;
- default:
- break;
- }
-
- ++n;
- }
-
- return bResult;
-}
-
void SwWW8ImplReader::TabCellEnd()
{
if (nInTable && pTableDesc)
commit 02d0b7b41396416f2cd92c2a95b79e18ee85f7de
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sun Jul 10 00:36:38 2011 +0100
callcatcher: unused lcl_SubLeftRight
diff --git a/sw/source/core/layout/paintfrm.cxx b/sw/source/core/layout/paintfrm.cxx
index c62190a..c7b2975 100755
--- a/sw/source/core/layout/paintfrm.cxx
+++ b/sw/source/core/layout/paintfrm.cxx
@@ -4289,26 +4289,6 @@ void MA_FASTCALL lcl_SubTopBottom( SwRect& _iorRect,
}
}
-// method called for top and bottom border rectangles.
-void MA_FASTCALL lcl_SubLeftRight( SwRect& rRect,
- const SvxBoxItem& rBox,
- const SwRectFn& rRectFn )
-{
- if ( rBox.GetLeft() && rBox.GetLeft()->GetInWidth() )
- {
- const long nDist = ::lcl_MinWidthDist( rBox.GetLeft()->GetDistance() )
- + ::lcl_AlignWidth( rBox.GetLeft()->GetOutWidth() );
- (rRect.*rRectFn->fnSubLeft)( -nDist );
- }
-
- if ( rBox.GetRight() && rBox.GetRight()->GetInWidth() )
- {
- const long nDist = ::lcl_MinWidthDist( rBox.GetRight()->GetDistance() )
- + ::lcl_AlignWidth( rBox.GetRight()->GetOutWidth() );
- (rRect.*rRectFn->fnAddRight)( -nDist );
- }
-}
-
sal_uInt16 lcl_GetLineWidth( const SvxBorderLine* pLine )
{
sal_uInt16 result = 0;
commit ef3304e767b75f6c325564f572e2675e039fbe57
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sun Jul 10 00:29:19 2011 +0100
callcatcher: remove unused sw3io_ConvertToOldField
diff --git a/sw/source/core/sw3io/sw3convert.cxx b/sw/source/core/sw3io/sw3convert.cxx
index 8d17a01..14d87a6 100644
--- a/sw/source/core/sw3io/sw3convert.cxx
+++ b/sw/source/core/sw3io/sw3convert.cxx
@@ -301,113 +301,5 @@ SW_DLLPUBLIC void sw3io_ConvertFromOldField( SwDoc& rDoc, sal_uInt16& rWhich,
}
}
}
-SW_DLLPUBLIC void sw3io_ConvertToOldField( const SwField* pFld, sal_uInt16& rWhich,
- sal_uLong& rFmt, sal_uLong nFFVersion )
-{
- const OldFormats *pOldFmt = 0L;
- sal_uLong nOldFmt = rFmt;
-
- switch( rWhich )
- {
- case RES_DOCINFOFLD:
- if( SOFFICE_FILEFORMAT_40 >= nFFVersion )
- {
- switch (pFld->GetSubType() & 0xff00)
- {
- case DI_SUB_AUTHOR: rFmt = RF_AUTHOR; break;
- case DI_SUB_TIME: rFmt = RF_TIME; break;
- case DI_SUB_DATE: rFmt = RF_DATE; break;
- }
- }
- break;
-
- case RES_DATETIMEFLD:
- if( SOFFICE_FILEFORMAT_40 >= nFFVersion )
- {
- sal_uInt16 nSubType = ((SwDateTimeField*) pFld)->GetSubType();
- switch( nSubType )
- {
- case DATEFLD: rWhich = RES_DATEFLD; break;
- case TIMEFLD: rWhich = RES_TIMEFLD; break;
- case DATEFLD|FIXEDFLD: rWhich = RES_FIXDATEFLD; break;
- case TIMEFLD|FIXEDFLD: rWhich = RES_FIXTIMEFLD; break;
- }
-
- if( nSubType & DATEFLD )
- {
- rFmt = DFF_DMY;
- pOldFmt = aOldDateFmt40;
- }
- else
- {
- rFmt = TF_SYSTEM;
- pOldFmt = aOldTimeFmt;
- }
- }
- break;
-
- case RES_DBFLD:
- case RES_TABLEFLD:
- case RES_GETEXPFLD:
- case RES_SETEXPFLD:
- case RES_USERFLD:
- if( SOFFICE_FILEFORMAT_40 >= nFFVersion )
- {
- sal_uInt16 nSubType = pFld->GetSubType();
-
- if (nSubType & nsSwExtendedSubType::SUB_INVISIBLE)
- rFmt = VVF_INVISIBLE;
- else if (nSubType & nsSwExtendedSubType::SUB_CMD)
- rFmt = VVF_CMD;
- else if( !(nsSwGetSetExpType::GSE_SEQ & nSubType) )
- {
- pOldFmt = aOldGetSetExpFmt40;
- rFmt = VVF_SYS;
- }
- }
- break;
-
- case RES_GETREFFLD:
- if( SOFFICE_FILEFORMAT_31 == nFFVersion )
- {
- switch( rFmt )
- {
- case REF_PAGE:
- case REF_CHAPTER:
- case REF_CONTENT:
- break;
-
- default:
- rFmt = REF_PAGE;
- break;
- }
- }
- break;
- }
-
- if( pOldFmt && nOldFmt )
- {
- SvNumberFormatter *pFormatter = ((SwValueField*)pFld)->GetDoc()->GetNumberFormatter();
- const SvNumberformat* pEntry = pFormatter->GetEntry( nOldFmt );
-
- if( pEntry )
- {
- sal_uInt16 i = 0;
- while( pOldFmt[i].eFormatIdx != NF_NUMERIC_START ||
- pOldFmt[i].nOldFormat )
- {
- sal_uLong nKey = pFormatter->GetFormatIndex(
- pOldFmt[i].eFormatIdx, pEntry->GetLanguage() );
-
- if( nOldFmt == nKey )
- {
- rFmt = pOldFmt[i].nOldFormat;
- break;
- }
- i++;
- }
- }
- }
-}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
commit 7e7603a68032bd2da223893508534306ba164d24
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sun Jul 10 00:28:25 2011 +0100
only need this on bigendian
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index f47b640..186de07 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -7403,10 +7403,12 @@ bool checkRead(SvStream &rSt, void *pDest, sal_uInt32 nLength)
return (rSt.Read(pDest, nLength) == static_cast<sal_Size>(nLength));
}
+#ifdef OSL_BIGENDIAN
void swapEndian(sal_Unicode *pString)
{
for (sal_Unicode *pWork = pString; *pWork; ++pWork)
*pWork = SWAPSHORT(*pWork);
}
+#endif
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/sw/source/filter/ww8/ww8scan.hxx b/sw/source/filter/ww8/ww8scan.hxx
index c110b5a..4b48045 100644
--- a/sw/source/filter/ww8/ww8scan.hxx
+++ b/sw/source/filter/ww8/ww8scan.hxx
@@ -1789,7 +1789,9 @@ bool checkRead(SvStream &rSt, void *pDest, sal_uInt32 nLength);
const sal_uInt16 lLetterWidth = 12242;
const sal_uInt16 lLetterHeight = 15842;
+#ifdef OSL_BIGENDIAN
void swapEndian(sal_Unicode *pString);
+#endif
#endif
More information about the Libreoffice-commits
mailing list