[Libreoffice-commits] core.git: 3 commits - canvas/source filter/CppunitTest_filter_pcx_test.mk filter/Module_filter.mk filter/qa filter/source vcl/unx
Caolán McNamara
caolanm at redhat.com
Thu Apr 17 04:01:22 PDT 2014
canvas/source/cairo/cairo_canvasbitmap.cxx | 2
canvas/source/cairo/cairo_xlib_cairo.cxx | 7 +
dev/null |binary
filter/CppunitTest_filter_pcx_test.mk | 41 +++++++++++
filter/Module_filter.mk | 3
filter/qa/cppunit/data/pcx/fail/CVE-2008-1097-1.pcx |binary
filter/qa/cppunit/data/pcx/indeterminate/.gitignore | 1
filter/qa/cppunit/data/pcx/pass/rhbz469075-1.pcx |binary
filter/qa/cppunit/data/ras/fail/CVE-2007-2356-1.ras |binary
filter/qa/cppunit/filters-pcx-test.cxx | 71 ++++++++++++++++++++
filter/source/graphicfilter/ipcx/ipcx.cxx | 9 +-
filter/source/graphicfilter/itiff/itiff.cxx | 20 ++---
vcl/unx/x11/xlimits.cxx | 11 +--
13 files changed, 138 insertions(+), 27 deletions(-)
New commits:
commit 9de20d1eb046f7bb92d893408206b91a9c054e2e
Author: Caolán McNamara <caolanm at redhat.com>
Date: Thu Apr 17 11:58:38 2014 +0100
add tests for CVE-2008-1097, etc.
Change-Id: Iad6948fdf6eb60f86d764783b72a4fe7f5642e40
diff --git a/filter/CppunitTest_filter_pcx_test.mk b/filter/CppunitTest_filter_pcx_test.mk
new file mode 100644
index 0000000..5a5f6d6
--- /dev/null
+++ b/filter/CppunitTest_filter_pcx_test.mk
@@ -0,0 +1,41 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_CppunitTest_CppunitTest,filter_pcx_test))
+
+$(eval $(call gb_CppunitTest_use_external,filter_pcx_test,boost_headers))
+
+$(eval $(call gb_CppunitTest_add_exception_objects,filter_pcx_test, \
+ filter/qa/cppunit/filters-pcx-test \
+))
+
+$(eval $(call gb_CppunitTest_use_libraries,filter_pcx_test, \
+ ipx \
+ sal \
+ test \
+ tl \
+ unotest \
+ vcl \
+ $(gb_UWINAPI) \
+))
+
+$(eval $(call gb_CppunitTest_use_api,filter_pcx_test,\
+ udkapi \
+ offapi \
+))
+
+$(eval $(call gb_CppunitTest_use_ure,filter_pcx_test))
+
+$(eval $(call gb_CppunitTest_use_components,filter_pcx_test,\
+ configmgr/source/configmgr \
+))
+
+$(eval $(call gb_CppunitTest_use_configuration,filter_pcx_test))
+
+# vim: set noet sw=4 ts=4:
diff --git a/filter/Module_filter.mk b/filter/Module_filter.mk
index 6571242..d37d91b 100644
--- a/filter/Module_filter.mk
+++ b/filter/Module_filter.mk
@@ -83,10 +83,11 @@ $(eval $(call gb_Module_add_check_targets,filter,\
ifneq ($(DISABLE_CVE_TESTS),TRUE)
$(eval $(call gb_Module_add_check_targets,filter,\
+ CppunitTest_filter_pcx_test \
CppunitTest_filter_pict_test \
CppunitTest_filter_ras_test \
- CppunitTest_filter_tga_test \
CppunitTest_filter_tiff_test \
+ CppunitTest_filter_tga_test \
))
endif
diff --git a/filter/qa/cppunit/data/pcx/fail/.gitignore b/filter/qa/cppunit/data/pcx/fail/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/filter/qa/cppunit/data/pcx/fail/CVE-2008-1097-1.pcx b/filter/qa/cppunit/data/pcx/fail/CVE-2008-1097-1.pcx
new file mode 100644
index 0000000..c55c64e
Binary files /dev/null and b/filter/qa/cppunit/data/pcx/fail/CVE-2008-1097-1.pcx differ
diff --git a/filter/qa/cppunit/data/pcx/indeterminate/.gitignore b/filter/qa/cppunit/data/pcx/indeterminate/.gitignore
new file mode 100644
index 0000000..583b009c
--- /dev/null
+++ b/filter/qa/cppunit/data/pcx/indeterminate/.gitignore
@@ -0,0 +1 @@
+*.wmf-*
diff --git a/filter/qa/cppunit/data/pcx/pass/.gitignore b/filter/qa/cppunit/data/pcx/pass/.gitignore
new file mode 100644
index 0000000..e69de29
diff --git a/filter/qa/cppunit/data/pcx/pass/rhbz469075-1.pcx b/filter/qa/cppunit/data/pcx/pass/rhbz469075-1.pcx
new file mode 100644
index 0000000..d928c08
Binary files /dev/null and b/filter/qa/cppunit/data/pcx/pass/rhbz469075-1.pcx differ
diff --git a/filter/qa/cppunit/filters-pcx-test.cxx b/filter/qa/cppunit/filters-pcx-test.cxx
new file mode 100644
index 0000000..678b267
--- /dev/null
+++ b/filter/qa/cppunit/filters-pcx-test.cxx
@@ -0,0 +1,71 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <unotest/filters-test.hxx>
+#include <test/bootstrapfixture.hxx>
+#include <vcl/FilterConfigItem.hxx>
+#include <tools/stream.hxx>
+#include <vcl/graph.hxx>
+
+#include <osl/file.hxx>
+#include <osl/process.h>
+
+extern "C"
+{
+ SAL_DLLPUBLIC_EXPORT bool SAL_CALL
+ GraphicImport(SvStream & rStream, Graphic & rGraphic,
+ FilterConfigItem*);
+}
+
+using namespace ::com::sun::star;
+
+/* Implementation of Filters test */
+
+class RasFilterTest
+ : public test::FiltersTest
+ , public test::BootstrapFixture
+{
+public:
+ RasFilterTest() : BootstrapFixture(true, false) {}
+
+ virtual bool load(const OUString &,
+ const OUString &rURL, const OUString &,
+ unsigned int, unsigned int, unsigned int) SAL_OVERRIDE;
+
+ /**
+ * Ensure CVEs remain unbroken
+ */
+ void testCVEs();
+
+ CPPUNIT_TEST_SUITE(RasFilterTest);
+ CPPUNIT_TEST(testCVEs);
+ CPPUNIT_TEST_SUITE_END();
+};
+
+bool RasFilterTest::load(const OUString &,
+ const OUString &rURL, const OUString &,
+ unsigned int, unsigned int, unsigned int)
+{
+ SvFileStream aFileStream(rURL, STREAM_READ);
+ Graphic aGraphic;
+ return GraphicImport(aFileStream, aGraphic, NULL);
+}
+
+void RasFilterTest::testCVEs()
+{
+ testDir(OUString(),
+ getURLFromSrc("/filter/qa/cppunit/data/pcx/"),
+ OUString());
+}
+
+CPPUNIT_TEST_SUITE_REGISTRATION(RasFilterTest);
+
+CPPUNIT_PLUGIN_IMPLEMENT();
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/filter/source/graphicfilter/ipcx/ipcx.cxx b/filter/source/graphicfilter/ipcx/ipcx.cxx
index 23f5ee2..abad65f 100644
--- a/filter/source/graphicfilter/ipcx/ipcx.cxx
+++ b/filter/source/graphicfilter/ipcx/ipcx.cxx
@@ -160,10 +160,7 @@ sal_Bool PCXReader::ReadPCX(Graphic & rGraphic)
void PCXReader::ImplReadHeader()
{
- sal_uInt8 nbyte;
- sal_uInt16 nushort;
- sal_uInt16 nMinX,nMinY,nMaxX,nMaxY;
-
+ sal_uInt8 nbyte(0);
m_rPCX.ReadUChar( nbyte ).ReadUChar( nVersion ).ReadUChar( nEncoding );
if ( nbyte!=0x0a || (nVersion != 0 && nVersion != 2 && nVersion != 3 && nVersion != 5) || nEncoding > 1 )
{
@@ -171,7 +168,9 @@ void PCXReader::ImplReadHeader()
return;
}
+ nbyte = 0;
m_rPCX.ReadUChar( nbyte ); nBitsPerPlanePix = (sal_uLong)nbyte;
+ sal_uInt16 nMinX(0),nMinY(0),nMaxX(0),nMaxY(0);
m_rPCX.ReadUInt16( nMinX ).ReadUInt16( nMinY ).ReadUInt16( nMaxX ).ReadUInt16( nMaxY );
if ((nMinX > nMaxX) || (nMinY > nMaxY))
@@ -191,7 +190,9 @@ void PCXReader::ImplReadHeader()
ImplReadPalette( 16 );
m_rPCX.SeekRel( 1 );
+ nbyte = 0;
m_rPCX.ReadUChar( nbyte ); nPlanes = (sal_uLong)nbyte;
+ sal_uInt16 nushort(0);
m_rPCX.ReadUInt16( nushort ); nBytesPerPlaneLin = (sal_uLong)nushort;
m_rPCX.ReadUInt16( nPaletteInfo );
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx b/filter/source/graphicfilter/itiff/itiff.cxx
index 3444418..0949e23 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -219,18 +219,16 @@ sal_uLong TIFFReader::DataTypeSize()
return nSize;
}
-
-
sal_uLong TIFFReader::ReadIntData()
{
- double nDOUBLE;
- float nFLOAT;
- sal_uInt32 nUINT32a, nUINT32b;
- sal_Int32 nINT32;
- sal_uInt16 nUINT16;
- sal_Int16 nINT16;
- sal_uInt8 nBYTE;
- char nCHAR;
+ double nDOUBLE(0.0);
+ float nFLOAT(0);
+ sal_uInt32 nUINT32a(0), nUINT32b(0);
+ sal_Int32 nINT32(0);
+ sal_uInt16 nUINT16(0);
+ sal_Int16 nINT16(0);
+ sal_uInt8 nBYTE(0);
+ char nCHAR(0);
switch( nDataType )
{
@@ -282,8 +280,6 @@ sal_uLong TIFFReader::ReadIntData()
return nUINT32a;
}
-
-
double TIFFReader::ReadDoubleData()
{
sal_uInt32 nulong;
commit f31ac2405bbd0755fb14daa6cb84d7bb7d84c492
Author: Caolán McNamara <caolanm at redhat.com>
Date: Thu Apr 17 11:56:17 2014 +0100
Resolves: rhbz#1086714 overlarge pixmap
Change-Id: I015308406a43e6b039059a5e35316d59745d0a48
diff --git a/canvas/source/cairo/cairo_canvasbitmap.cxx b/canvas/source/cairo/cairo_canvasbitmap.cxx
index 32c9167..eae1319 100644
--- a/canvas/source/cairo/cairo_canvasbitmap.cxx
+++ b/canvas/source/cairo/cairo_canvasbitmap.cxx
@@ -159,7 +159,7 @@ namespace cairocanvas
pPixels = cairo_image_surface_create( CAIRO_FORMAT_ARGB32,
aSize.Width(), aSize.Height() );
cairo_t *pCairo = cairo_create( pPixels );
- if( !pPixels || !pCairo )
+ if( !pPixels || !pCairo || cairo_status(pCairo) != CAIRO_STATUS_SUCCESS )
break;
// suck ourselves from the X server to this buffer so then we can fiddle with
diff --git a/canvas/source/cairo/cairo_xlib_cairo.cxx b/canvas/source/cairo/cairo_xlib_cairo.cxx
index f52a8e7..e5bb189 100644
--- a/canvas/source/cairo/cairo_xlib_cairo.cxx
+++ b/canvas/source/cairo/cairo_xlib_cairo.cxx
@@ -36,11 +36,12 @@ namespace
Pixmap limitXCreatePixmap(Display *display, Drawable d, unsigned int width, unsigned int height, unsigned int depth)
{
// The X protocol request CreatePixmap puts an upper bound
- // of 16 bit to the size.
+ // of 16 bit to the size. And in practice some drivers
+ // fall over with values close to the max.
- // see, e.g. moz#424333, fdo#48961
+ // see, e.g. moz#424333, fdo#48961, rhbz#1086714
// we've a duplicate of this in vcl :-(
- if (width > SAL_MAX_INT16 || height > SAL_MAX_INT16)
+ if (width > SAL_MAX_INT16-10 || height > SAL_MAX_INT16-10)
{
SAL_WARN("canvas", "overlarge pixmap: " << width << " x " << height);
return None;
diff --git a/vcl/unx/x11/xlimits.cxx b/vcl/unx/x11/xlimits.cxx
index 2d3606d..b8509cb 100644
--- a/vcl/unx/x11/xlimits.cxx
+++ b/vcl/unx/x11/xlimits.cxx
@@ -13,13 +13,12 @@
Pixmap limitXCreatePixmap(Display *display, Drawable d, unsigned int width, unsigned int height, unsigned int depth)
{
// The X protocol request CreatePixmap puts an upper bound
- // of 16 bit to the size. Beyond that there may be implementation
- // limits of the Xserver; which we should catch by a failed XCreatePixmap
- // call. However extra large values should be caught here since we'd run into
- // 16 bit truncation here without noticing.
+ // of 16 bit to the size. And in practice some drivers
+ // fall over with values close to the max.
- // see, e.g. moz#424333
- if (width > SAL_MAX_INT16 || height > SAL_MAX_INT16)
+ // see, e.g. moz#424333, fdo#48961, rhbz#1086714
+ // we've a duplicate of this in canvas :-(
+ if (width > SAL_MAX_INT16-10 || height > SAL_MAX_INT16-10)
{
SAL_WARN("vcl", "overlarge pixmap: " << width << " x " << height);
return None;
commit cd11e8df3d1b15d0488993b7cec9e3de7da06c8c
Author: Caolán McNamara <caolanm at redhat.com>
Date: Thu Apr 17 09:52:23 2014 +0100
forget to add test ras file
Change-Id: Icfebbe04b7842925c5afe7837cad8479e8b8ea61
diff --git a/filter/qa/cppunit/data/ras/indeterminate/CVE-2007-2356-1.ras b/filter/qa/cppunit/data/ras/fail/CVE-2007-2356-1.ras
similarity index 100%
rename from filter/qa/cppunit/data/ras/indeterminate/CVE-2007-2356-1.ras
rename to filter/qa/cppunit/data/ras/fail/CVE-2007-2356-1.ras
More information about the Libreoffice-commits
mailing list