[Libreoffice-commits] core.git: 2 commits - oox/source vcl/source

Michael Meeks michael.meeks at collabora.com
Wed Jun 4 01:45:32 PDT 2014 

 oox/source/export/vmlexport.cxx     |    8 ++++++++
 vcl/source/filter/graphicfilter.cxx |    2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

New commits:
commit a2d2c7f707838511ede017ed920205b9165a35a2
Author: Michael Meeks <michael.meeks at collabora.com>
Date:   Tue Jun 3 22:55:05 2014 +0100

    Be more sensible about checking buffers of VML points we write.
    
    Change-Id: Id3811dbe0cf2510ef6a851804b3886c14eca01b6

diff --git a/oox/source/export/vmlexport.cxx b/oox/source/export/vmlexport.cxx
index 0f3038b..f315766 100644
--- a/oox/source/export/vmlexport.cxx
+++ b/oox/source/export/vmlexport.cxx
@@ -519,6 +519,14 @@ void VMLExport::Commit( EscherPropertyContainer& rProps, const Rectangle& rRect
                                     break;
                                 default:
                                     // See EscherPropertyContainer::CreateCustomShapeProperties, by default nSeg is simply the number of points.
+                                    // FIXME: we miss out a significant amount of complexity from
+                                    // the above method here, and do some rather odd things to match.
+                                    int nElems = aVertices.nPropSize / ( nPointSize * 2);
+                                    if (nSeg > nElems)
+                                    {
+                                        SAL_WARN("oox", "Busted escher export " << nSeg << "vs . " << nElems << " truncating point stream");
+                                        nSeg = nElems;
+                                    }
                                     for (int i = 0; i < nSeg; ++i)
                                     {
                                         sal_Int32 nX = impl_GetPointComponent(pVerticesIt, nPointSize);
commit 53db456c04ca5a1684395b60fbd6f1bed4c9c114
Author: Michael Meeks <michael.meeks at collabora.com>
Date:   Tue Jun 3 21:57:54 2014 +0100

    Avoid uninitialized memory read/compare on short reads.
    
    Change-Id: I7537f6d22780bace6ab6da06e087a3d27da8de05

diff --git a/vcl/source/filter/graphicfilter.cxx b/vcl/source/filter/graphicfilter.cxx
index 1f132f3..2274e83 100644
--- a/vcl/source/filter/graphicfilter.cxx
+++ b/vcl/source/filter/graphicfilter.cxx
@@ -704,7 +704,7 @@ static bool ImpPeekGraphicFormat( SvStream& rStream, OUString& rFormatExtension,
             {
                 nCheckSize = nStreamLen < 2048 ? nStreamLen : 2048;
                 rStream.Seek(nStreamPos);
-                rStream.Read(sExtendedOrDecompressedFirstBytes, nCheckSize);
+                nCheckSize = rStream.Read(sExtendedOrDecompressedFirstBytes, nCheckSize);
             }
 
             if(ImplSearchEntry(pCheckArray, (sal_uInt8*)"<svg", nCheckSize, 4)) // '<svg'

More information about the Libreoffice-commits mailing list