[Libreoffice-commits] .: 2 commits - sw/inc sw/source
Caolán McNamara
caolan at kemper.freedesktop.org
Mon Jul 11 08:41:50 PDT 2011
sw/inc/shellio.hxx | 1
sw/source/filter/writer/writer.cxx | 8 -----
sw/source/filter/ww8/ww8scan.cxx | 59 ++++++++++++++++++++++++-------------
3 files changed, 39 insertions(+), 29 deletions(-)
New commits:
commit f9f8ef0b7c64ed2d0f6725c241fcc618f0373f62
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jul 11 16:25:50 2011 +0100
protect against short reads and silly offset values
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index f2a21d7..88af979 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -2546,10 +2546,28 @@ WW8PLCFx_Fc_FKP::WW8Fkp::WW8Fkp(ww::WordVersion eVersion, SvStream* pSt,
{
if (aEntry.mnLen >= 2)
{
- aEntry.mnIStd = SVBT16ToShort(maRawData+nOfs+1+nDelta);
+ //len byte + optional extra len byte
+ sal_Size nDataOffset = nOfs + 1 + nDelta;
+ aEntry.mnIStd = nDataOffset <= sizeof(maRawData)-sizeof(aEntry.mnIStd) ?
+ SVBT16ToShort(maRawData+nDataOffset) : 0;
aEntry.mnLen-=2; //istd
- //skip istd, len byte + optional extra len byte
- aEntry.mpData = maRawData + nOfs + 3 + nDelta;
+ if (aEntry.mnLen)
+ {
+ //additional istd
+ nDataOffset += sizeof(aEntry.mnIStd);
+ OSL_ENSURE(nDataOffset < sizeof(maRawData),
+ "sprm offset is out of range, ignoring");
+ if (nDataOffset < sizeof(maRawData))
+ {
+ aEntry.mpData = maRawData + nDataOffset;
+ sal_uInt16 nAvailableData = sizeof(maRawData)-nDataOffset;
+ OSL_ENSURE(aEntry.mnLen <= nAvailableData,
+ "srpm len is out of range, clipping");
+ aEntry.mnLen = std::min(aEntry.mnLen, nAvailableData);
+ }
+ else
+ aEntry.mnLen = 0;
+ }
}
else
aEntry.mnLen=0; //Too short, ignore
@@ -2565,27 +2583,28 @@ WW8PLCFx_Fc_FKP::WW8Fkp::WW8Fkp(ww::WordVersion eVersion, SvStream* pSt,
bool bExpand = IsExpandableSprm(nSpId);
if (IsReplaceAllSprm(nSpId) || bExpand)
{
- sal_uInt16 nOrigLen = bExpand ? aEntry.mnLen : 0;
- sal_uInt8 *pOrigData = bExpand ? aEntry.mpData : 0;
-
sal_uInt32 nCurr = pDataSt->Tell();
-
sal_uInt32 nPos = SVBT32ToUInt32(aEntry.mpData + 2);
- pDataSt->Seek(nPos);
- *pDataSt >> aEntry.mnLen;
- aEntry.mpData =
- new sal_uInt8[aEntry.mnLen + nOrigLen];
- aEntry.mbMustDelete = true;
- aEntry.mnLen =
- pDataSt->Read(aEntry.mpData, aEntry.mnLen);
+ if (checkSeek(*pDataSt, nPos))
+ {
+ sal_uInt16 nOrigLen = bExpand ? aEntry.mnLen : 0;
+ sal_uInt8 *pOrigData = bExpand ? aEntry.mpData : 0;
- pDataSt->Seek( nCurr );
+ *pDataSt >> aEntry.mnLen;
+ aEntry.mpData =
+ new sal_uInt8[aEntry.mnLen + nOrigLen];
+ aEntry.mbMustDelete = true;
+ aEntry.mnLen =
+ pDataSt->Read(aEntry.mpData, aEntry.mnLen);
- if (pOrigData)
- {
- memcpy(aEntry.mpData + aEntry.mnLen,
- pOrigData, nOrigLen);
- aEntry.mnLen = aEntry.mnLen + nOrigLen;
+ pDataSt->Seek( nCurr );
+
+ if (pOrigData)
+ {
+ memcpy(aEntry.mpData + aEntry.mnLen,
+ pOrigData, nOrigLen);
+ aEntry.mnLen = aEntry.mnLen + nOrigLen;
+ }
}
}
}
commit 0d4671270ae6111c386951e00423c2aa418a8241
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jul 11 14:38:29 2011 +0100
callcatcher: remove unused PutCJKandCTLFontsInAttrPool
diff --git a/sw/inc/shellio.hxx b/sw/inc/shellio.hxx
index 49c530f..4c5c78c 100644
--- a/sw/inc/shellio.hxx
+++ b/sw/inc/shellio.hxx
@@ -412,7 +412,6 @@ protected:
void PutNumFmtFontsInAttrPool();
void PutEditEngFontsInAttrPool( sal_Bool bIncl_CJK_CTL = sal_True );
- void PutCJKandCTLFontsInAttrPool();
virtual sal_uLong WriteStream() = 0;
void SetBaseURL( const String& rURL ) { sBaseURL = rURL; }
diff --git a/sw/source/filter/writer/writer.cxx b/sw/source/filter/writer/writer.cxx
index 4c83ddd..8e55505 100644
--- a/sw/source/filter/writer/writer.cxx
+++ b/sw/source/filter/writer/writer.cxx
@@ -466,14 +466,6 @@ void Writer::PutEditEngFontsInAttrPool( sal_Bool bIncl_CJK_CTL )
}
}
-void Writer::PutCJKandCTLFontsInAttrPool()
-{
- SfxItemPool& rPool = pDoc->GetAttrPool();
- _AddFontItems( rPool, RES_CHRATR_CJK_FONT );
- _AddFontItems( rPool, RES_CHRATR_CTL_FONT );
-}
-
-
void Writer::_AddFontItems( SfxItemPool& rPool, sal_uInt16 nW )
{
const SvxFontItem* pFont = (const SvxFontItem*)&rPool.GetDefaultItem( nW );
More information about the Libreoffice-commits
mailing list