[Libreoffice-commits] libmspub.git: src/lib
David Tardon
dtardon at redhat.com
Tue Dec 23 01:12:35 PST 2014
src/lib/MSPUBParser.cpp | 8 ++++++++
1 file changed, 8 insertions(+)
New commits:
commit 567788c7a99abeb116dd202dbbe1a04eb7a05c2a
Author: David Tardon <dtardon at redhat.com>
Date: Tue Dec 23 10:09:48 2014 +0100
afl: avoid infinite loop
Change-Id: I13ca72e1328c38f9c6b8da5c5e11b6944d5863a6
diff --git a/src/lib/MSPUBParser.cpp b/src/lib/MSPUBParser.cpp
index ee30d91..e7b297c 100644
--- a/src/lib/MSPUBParser.cpp
+++ b/src/lib/MSPUBParser.cpp
@@ -7,6 +7,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
+#include <set>
#include <sstream>
#include <string>
#include <algorithm>
@@ -862,11 +863,18 @@ bool MSPUBParser::parseQuill(librevenge::RVNGInputStream *input)
MSPUB_DEBUG_MSG(("MSPUBParser::parseQuill\n"));
unsigned chunkReferenceListOffset = 0x18;
std::list<QuillChunkReference> chunkReferences;
+ std::set<unsigned> readChunks; // guard against cycle in the chunk list
while (chunkReferenceListOffset != 0xffffffff)
{
input->seek(chunkReferenceListOffset + 2, librevenge::RVNG_SEEK_SET);
unsigned short numChunks = readU16(input);
chunkReferenceListOffset = readU32(input);
+ if (readChunks.find(chunkReferenceListOffset) != readChunks.end())
+ {
+ MSPUB_DEBUG_MSG(("Found a cycle in chunk reference list: a broken file!\n"));
+ break;
+ }
+ readChunks.insert(chunkReferenceListOffset);
for (unsigned i = 0; i < numChunks; ++i)
{
QuillChunkReference quillChunkReference = parseQuillChunkReference(input);
More information about the Libreoffice-commits
mailing list