[Libreoffice-commits] mso-dumper.git: src/docrecord.py test/doc

Miklos Vajna vmiklos at kemper.freedesktop.org
Fri Oct 4 06:31:06 PDT 2013 

 src/docrecord.py              |   46 ++++++++++++++++++++++++++++--------------
 test/doc/pass/kde140633-1.doc |binary
 2 files changed, 31 insertions(+), 15 deletions(-)

New commits:
commit d818585de1b1e069a2f4184e983cf91aa947383e
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Fri Oct 4 15:29:04 2013 +0200

    kde#140633 fix crash on truncated Dop97 structure
    
    The length is just enough for DopBase, don't try to read the rest of
    Dop95 and Dop97.

diff --git a/src/docrecord.py b/src/docrecord.py
index 3e23071..58625e6 100644
--- a/src/docrecord.py
+++ b/src/docrecord.py
@@ -1990,15 +1990,21 @@ class Copts(DOCDirStream):
 class Dop95(DOCDirStream):
     """The Dop95 structure contains document and compatibility settings."""
     size = 88
-    def __init__(self, dop):
+    def __init__(self, dop, dopSize):
         DOCDirStream.__init__(self, dop.bytes)
         self.pos = dop.pos
         self.dop = dop
+        self.dopSize = dopSize
 
     def dump(self):
         print '<dop95 type="Dop95" offset="%d" size="88 bytes">' % self.pos
+        pos = self.pos
         dopBase = DopBase(self)
         dopBase.dump()
+        if self.pos >= pos + self.dopSize:
+            print '</dop95>'
+            self.dop.pos = self.pos
+            return
         Copts80(self).dump()
         self.pos += 4
         print '</dop95>'
@@ -2087,15 +2093,21 @@ class Asumyi(DOCDirStream):
 class Dop97(DOCDirStream):
     """The Dop97 structure contains document and compatibility settings."""
     size = 500
-    def __init__(self, dop):
+    def __init__(self, dop, dopSize):
         DOCDirStream.__init__(self, dop.bytes)
         self.pos = dop.pos
         self.dop = dop
+        self.dopSize = dopSize
 
     def dump(self):
         print '<dop97 type="Dop97" offset="%d" size="%d bytes">' % (self.pos, Dop97.size)
-        dop95 = Dop95(self)
+        pos = self.pos
+        dop95 = Dop95(self, self.dopSize)
         dop95.dump()
+        if self.pos >= pos + self.dopSize:
+            print '</dop97>'
+            self.dop.pos = self.pos
+            return
 
         self.printAndSet("adt", self.readuInt16())
         dopTypography = DopTypography(self)
@@ -2158,14 +2170,15 @@ class Dop97(DOCDirStream):
 class Dop2000(DOCDirStream):
     """The Dop2000 structure contains document and compatibility settings."""
     size = 544
-    def __init__(self, dop):
+    def __init__(self, dop, dopSize):
         DOCDirStream.__init__(self, dop.bytes)
         self.pos = dop.pos
         self.dop = dop
+        self.dopSize = dopSize
 
     def dump(self):
         print '<dop2000 type="Dop2000" offset="%d" size="544 bytes">' % self.pos
-        dop97 = Dop97(self)
+        dop97 = Dop97(self, self.dopSize)
         dop97.dump()
 
         if self.pos == self.size:
@@ -2231,14 +2244,15 @@ class Dop2000(DOCDirStream):
 class Dop2002(DOCDirStream):
     """The Dop2002 structure contains document and compatibility settings."""
     size = 594
-    def __init__(self, dop):
+    def __init__(self, dop, dopSize):
         DOCDirStream.__init__(self, dop.bytes)
         self.pos = dop.pos
         self.dop = dop
+        self.dopSize = dopSize
 
     def dump(self):
         print '<dop2002 type="Dop2002" offset="%d" size="%d bytes">' % (self.pos, Dop2002.size)
-        dop2000 = Dop2000(self)
+        dop2000 = Dop2000(self, self.dopSize)
         dop2000.dump()
 
         self.printAndSet("unused", self.readuInt32())
@@ -2281,14 +2295,15 @@ class Dop2002(DOCDirStream):
 class Dop2003(DOCDirStream):
     """The Dop2003 structure contains document and compatibility settings."""
     size = 616
-    def __init__(self, dop):
+    def __init__(self, dop, dopSize):
         DOCDirStream.__init__(self, dop.bytes)
         self.pos = dop.pos
         self.dop = dop
+        self.dopSize = dopSize
 
     def dump(self):
         print '<dop2003 type="Dop2003" offset="%d" size="616 bytes">' % self.pos
-        dop2002 = Dop2002(self)
+        dop2002 = Dop2002(self, self.dopSize)
         dop2002.dump()
 
         buf = self.readuInt8()
@@ -2361,14 +2376,15 @@ class DopMth(DOCDirStream):
 
 class Dop2007(DOCDirStream):
     """The Dop2007 structure contains document and compatibility settings."""
-    def __init__(self, dop):
+    def __init__(self, dop, dopSize):
         DOCDirStream.__init__(self, dop.bytes)
         self.pos = dop.pos
         self.dop = dop
+        self.dopSize = dopSize
 
     def dump(self):
         print '<dop2007 type="Dop2007" offset="%d">' % self.pos
-        dop2003 = Dop2003(self)
+        dop2003 = Dop2003(self, self.dopSize)
         dop2003.dump()
 
         self.printAndSet("reserved1", self.readuInt32())
@@ -2423,13 +2439,13 @@ class Dop(DOCDirStream):
     def dump(self):
         print '<dop type="Dop" offset="%s" size="%d bytes">' % (self.pos, self.size)
         if self.fib.nFibNew == 0:
-            Dop97(self).dump()
+            Dop97(self, self.size).dump()
         elif self.fib.nFibNew == 0x00d9:
-            Dop2000(self).dump()
+            Dop2000(self, self.size).dump()
         elif self.fib.nFibNew == 0x0101:
-            Dop2002(self).dump()
+            Dop2002(self, self.size).dump()
         elif self.fib.nFibNew == 0x0112:
-            Dop2007(self).dump()
+            Dop2007(self, self.size).dump()
         else:
             print """<todo what="Dop.dump() doesn't know how to handle nFibNew = %s"/>""" % hex(self.fib.nFibNew)
         print '</dop>'
diff --git a/test/doc/pass/kde140633-1.doc b/test/doc/pass/kde140633-1.doc
new file mode 100644
index 0000000..d00bd40
Binary files /dev/null and b/test/doc/pass/kde140633-1.doc differ

More information about the Libreoffice-commits mailing list