[Libreoffice-commits] core.git: 7 commits - include/svl sc/source store/source svl/source sw/source vcl/source
Caolán McNamara
caolanm at redhat.com
Wed Nov 12 12:25:58 PST 2014
include/svl/itempool.hxx | 1
sc/source/filter/excel/xistream.cxx | 1
store/source/storpage.cxx | 4
svl/source/items/poolio.cxx | 280 ------------------------------------
sw/source/core/layout/layact.cxx | 3
vcl/source/fontsubset/sft.cxx | 46 +++++
vcl/source/gdi/bitmap4.cxx | 14 +
7 files changed, 59 insertions(+), 290 deletions(-)
New commits:
commit d72b93a5a64ecc5f620a6af999a605385a0b997a
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 12 16:03:14 2014 +0000
drop pool ver 1 import support
this unloved streaming format is internal only now and used
for editengine c&p and (reportedly) autotable format storage.
So we shouldn't encounter version 1 files anymore
coverity#1242764 Untrusted loop bound
Change-Id: If8e5717e997cf915f45f6e9484bb97d472e4dc2f
diff --git a/include/svl/itempool.hxx b/include/svl/itempool.hxx
index 8f83f4f..a52a0b2 100644
--- a/include/svl/itempool.hxx
+++ b/include/svl/itempool.hxx
@@ -77,7 +77,6 @@ private:
sal_uInt16 GetIndex_Impl(sal_uInt16 nWhich) const;
sal_uInt16 GetSize_Impl() const;
- SVL_DLLPRIVATE SvStream& Load1_Impl( SvStream &rStream );
SVL_DLLPRIVATE bool IsItemFlag_Impl( sal_uInt16 nWhich, sal_uInt16 nFlag ) const;
public:
diff --git a/svl/source/items/poolio.cxx b/svl/source/items/poolio.cxx
index b86d25a..6c09ef3 100644
--- a/svl/source/items/poolio.cxx
+++ b/svl/source/items/poolio.cxx
@@ -510,13 +510,8 @@ SvStream &SfxItemPool::Load(SvStream &rStream)
pImp->mpMaster->pImp->nMajorVer = pImp->nMajorVer;
pImp->mpMaster->pImp->nMinorVer = pImp->nMinorVer;
- // Old Format?
- if ( pImp->nMajorVer < 2 )
- // pImp->bStreaming is reset by Load1_Impl()
- return Load1_Impl( rStream );
-
- // New Format?
- if ( pImp->nMajorVer > SFX_ITEMPOOL_VER_MAJOR )
+ // Unknown Format
+ if (pImp->nMajorVer < 2 || pImp->nMajorVer > SFX_ITEMPOOL_VER_MAJOR)
{
rStream.SetError(SVSTREAM_FILEFORMAT_ERROR);
pImp->bStreaming = false;
@@ -709,277 +704,6 @@ sal_uInt16 SfxItemPool::GetSize_Impl() const
return pImp->mnEnd - pImp->mnStart + 1;
}
-
-SvStream &SfxItemPool::Load1_Impl(SvStream &rStream)
-{
- // For the Master the Header has already been loaded in Load()
- if ( !pImp->bStreaming )
- {
- // Read the secondary's Header
- CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_STARTPOOL_4 );
- rStream.ReadUChar( pImp->nMajorVer ).ReadUChar( pImp->nMinorVer );
- }
- sal_uInt32 nAttribSize(0);
- OUString aExternName;
- if ( pImp->nMajorVer > 1 || pImp->nMinorVer >= 2 )
- rStream.ReadUInt16( pImp->nLoadingVersion );
- aExternName = readByteString(rStream);
- bool bOwnPool = aExternName == pImp->aName;
- pImp->bStreaming = true;
-
- //! As long as we cannot read foreign ones
- if ( !bOwnPool )
- {
- rStream.SetError(SVSTREAM_FILEFORMAT_ERROR);
- pImp->bStreaming = false;
- return rStream;
- }
-
- // Versions up to 1.3 cannot read WhichMoves
- if ( pImp->nMajorVer == 1 && pImp->nMinorVer <= 2 &&
- pImp->nVersion < pImp->nLoadingVersion )
- {
- rStream.SetError(ERRCODE_IO_WRONGVERSION);
- pImp->bStreaming = false;
- return rStream;
- }
-
- // SizeTable comes after the actual attributes
- rStream.ReadUInt32( nAttribSize );
-
- // Read SizeTable
- sal_uLong nStartPos = rStream.Tell();
- rStream.SeekRel( nAttribSize );
- CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_SIZES );
- sal_uInt32 nSizeTableLen(0);
- rStream.ReadUInt32( nSizeTableLen );
- boost::scoped_array<sal_Char> pBuf(new sal_Char[nSizeTableLen]);
- rStream.Read( pBuf.get(), nSizeTableLen );
- sal_uLong nEndOfSizes = rStream.Tell();
- SvMemoryStream aSizeTable( pBuf.get(), nSizeTableLen, STREAM_READ );
-
- // Starting with version 1.3 the SizeTable contains a versions map
- if ( pImp->nMajorVer > 1 || pImp->nMinorVer >= 3 )
- {
- // Find version map (last sal_uLong of the SizeTable determines position)
- rStream.Seek( nEndOfSizes - sizeof(sal_uInt32) );
- sal_uInt32 nVersionMapPos(0);
- rStream.ReadUInt32( nVersionMapPos );
- rStream.Seek( nVersionMapPos );
-
- // Read version maps
- CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_VERSIONMAP );
- sal_uInt16 nVerCount(0);
- rStream.ReadUInt16( nVerCount );
- for ( sal_uInt16 nVerNo = 0; nVerNo < nVerCount; ++nVerNo )
- {
- // Read Header for single versions
- sal_uInt16 nVersion(0), nHStart(0), nHEnd(0);
- rStream.ReadUInt16( nVersion ).ReadUInt16( nHStart ).ReadUInt16( nHEnd );
- sal_uInt16 nCount = nHEnd - nHStart + 1;
- sal_uInt16 nBytes = (nCount)*sizeof(sal_uInt16);
-
- // Is new version known?
- if ( nVerNo >= pImp->aVersions.size() )
- {
- // Add new version
- sal_uInt16 *pMap = new sal_uInt16[nCount];
- memset(pMap, 0, nCount * sizeof(sal_uInt16));
- for ( sal_uInt16 n = 0; n < nCount; ++n )
- rStream.ReadUInt16( pMap[n] );
- SetVersionMap( nVersion, nHStart, nHEnd, pMap );
- }
- else
- // Skip known versions
- rStream.SeekRel( nBytes );
- }
- }
-
- // Load Items
- rStream.Seek( nStartPos );
- CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_ITEMS );
- bool bSecondaryLoaded = false;
- long nSecondaryEnd = 0;
- sal_uInt16 nWhich(0), nSlot(0);
- while ( rStream.ReadUInt16( nWhich ), nWhich )
- {
- // Move WhichId from old version?
- if ( pImp->nLoadingVersion != pImp->nVersion )
- nWhich = GetNewWhich( nWhich );
-
- rStream.ReadUInt16( nSlot );
-
- sal_uInt16 nRef(0), nCount(0), nVersion(0);
- sal_uInt32 nAttrSize(0);
- rStream.ReadUInt16( nVersion ).ReadUInt16( nCount );
-
- //!SFX_ASSERTWARNING( !nSlot || !HasMap() ||
- //! ( nSlot == GetSlotId( nWhich, sal_False ) ) ||
- //! !GetSlotId( nWhich, sal_False ),
- //! nWhich, "Slot/Which mismatch" );
-
- sal_uInt16 nIndex = GetIndex_Impl(nWhich);
- std::vector<SfxPoolItemArray_Impl*>::iterator ppArr = pImp->maPoolItems.begin();
- std::advance(ppArr, nIndex);
- SfxPoolItemArray_Impl *pNewArr = new SfxPoolItemArray_Impl();
- SfxPoolItem *pDefItem = *(pImp->ppStaticDefaults + nIndex);
-
- // Remember position of first Item
- sal_uLong nLastPos = rStream.Tell();
-
- // SfxSetItems could contain Items from secondary Pool
- if ( !bSecondaryLoaded && pImp->mpSecondary && pDefItem->ISA(SfxSetItem) )
- {
- // Seek to end of own Pool
- rStream.Seek(nEndOfSizes);
- CHECK_FILEFORMAT_RELEASE( rStream, SFX_ITEMPOOL_TAG_ENDPOOL, pNewArr );
- CHECK_FILEFORMAT_RELEASE( rStream, SFX_ITEMPOOL_TAG_ENDPOOL, pNewArr );
-
- // Read secondary Pool
- pImp->mpSecondary->Load1_Impl( rStream );
- bSecondaryLoaded = true;
- nSecondaryEnd = rStream.Tell();
-
- // Back to our own Items
- rStream.Seek(nLastPos);
- }
-
- // Read Items
- for ( sal_uInt16 j = 0; j < nCount; ++j )
- {
- sal_uLong nPos = nLastPos;
- rStream.ReadUInt16( nRef );
-
- SfxPoolItem *pItem = 0;
- if ( nRef )
- {
- pItem = pDefItem->Create(rStream, nVersion);
-
- if ( !pImp->mbPersistentRefCounts )
- // Hold onto them until SfxItemPool::LoadCompleted()
- AddRef(*pItem, 1);
- else
- {
- if ( nRef > SFX_ITEMS_OLD_MAXREF )
- pItem->SetKind( convertUInt16ToSfxItemKind(nRef) );
- else
- AddRef(*pItem, nRef);
- }
- }
- //pNewArr->insert( pItem, j );
- pNewArr->push_back( (SfxPoolItem*) pItem );
-
- // Skip the rest of the saved length (newer format)
- nLastPos = rStream.Tell();
-
- aSizeTable.ReadUInt32( nAttrSize );
- SFX_ASSERT( ( nPos + nAttrSize) >= nLastPos,
- nPos,
- "too many bytes read - version mismatch?" );
-
- if (nLastPos < (nPos + nAttrSize))
- {
- nLastPos = nPos + nAttrSize;
- rStream.Seek( nLastPos );
- }
- }
-
- SfxPoolItemArray_Impl *pOldArr = *ppArr;
- *ppArr = pNewArr;
-
- // Remember Items already in the Pool
- bool bEmpty = true;
- if ( 0 != pOldArr )
- for ( size_t n = 0; bEmpty && n < pOldArr->size(); ++n )
- bEmpty = pOldArr->operator[](n) == 0;
- DBG_ASSERTWARNING( bEmpty, "loading non-empty pool" );
- if ( !bEmpty )
- {
- // Find out for all old ones, whether there's a same new one
- for ( size_t nOld = 0; nOld < pOldArr->size(); ++nOld )
- {
- SfxPoolItem *pOldItem = (*pOldArr)[nOld];
- if ( pOldItem )
- {
- bool bFound = false;
- for ( size_t nNew = 0;
- nNew < (*ppArr)->size(); ++nNew )
- {
- SfxPoolItem *&rpNewItem =
- (SfxPoolItem*&)(*ppArr)->operator[](nNew);
-
- if ( rpNewItem && *rpNewItem == *pOldItem )
- {
- AddRef( *pOldItem, rpNewItem->GetRefCount() );
- SetRefCount( *rpNewItem, 0 );
- delete rpNewItem;
- rpNewItem = pOldItem;
- bFound = true;
- SAL_INFO("svl", "reusing item" << pOldItem);
- break;
- }
- }
- SAL_INFO_IF(
- !bFound, "svl", "item not found: " << pOldItem);
- }
- }
- }
- delete pOldArr;
- }
-
- // Read Pool defaults
- if ( pImp->nMajorVer > 1 || pImp->nMinorVer > 0 )
- CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_DEFAULTS );
-
- sal_uLong nLastPos = rStream.Tell();
- while ( rStream.ReadUInt16( nWhich ), nWhich )
- {
- // Move WhichId from old version?
- if ( pImp->nLoadingVersion != pImp->nVersion )
- nWhich = GetNewWhich( nWhich );
-
- rStream.ReadUInt16( nSlot );
-
- sal_uLong nPos = nLastPos;
- sal_uInt32 nSize(0);
- sal_uInt16 nVersion(0);
- rStream.ReadUInt16( nVersion );
-
- SfxPoolItem *pItem =
- ( *( pImp->ppStaticDefaults + GetIndex_Impl(nWhich) ) )
- ->Create( rStream, nVersion );
- pItem->SetKind( SFX_ITEMS_POOLDEFAULT );
- *( pImp->ppPoolDefaults + GetIndex_Impl(nWhich) ) = pItem;
-
- nLastPos = rStream.Tell();
- aSizeTable.ReadUInt32( nSize );
- SFX_ASSERT( ( nPos + nSize) >= nLastPos, nPos,
- "too many bytes read - version mismatch?" );
- if ( nLastPos < (nPos + nSize) )
- rStream.Seek( nPos + nSize );
- }
-
- pBuf.reset();
- rStream.Seek(nEndOfSizes);
- CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_ENDPOOL );
- CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_ENDPOOL );
-
- if ( pImp->mpSecondary )
- {
- if ( !bSecondaryLoaded )
- pImp->mpSecondary->Load1_Impl( rStream );
- else
- rStream.Seek( nSecondaryEnd );
- }
-
- if ( aExternName != pImp->aName )
- pImp->aName = OUString();
-
- pImp->bStreaming = false;
- return rStream;
-}
-
-
/**
* Loads surrogate from 'rStream' and returns the corresponding SfxPoolItem
* from the rRefPool.
commit 6cec5d9725375bc2254e44324610e6f44f1f5143
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 12 15:49:04 2014 +0000
coverity#1213365 Untrusted value as argument
Change-Id: Ic03462f315296cf058600155c54d53f0d712df93
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 3966c8d..6f4957e 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -1341,6 +1341,7 @@ static void FindCmap(TrueTypeFont *ttf)
static void GetKern(TrueTypeFont *ttf)
{
const sal_uInt8* table = getTable(ttf, O_kern);
+ int nTableSize = getTableSize(ttf, O_kern);
const sal_uInt8 *ptr;
if( !table )
@@ -1348,10 +1349,23 @@ static void GetKern(TrueTypeFont *ttf)
if (GetUInt16(table, 0, 1) == 0) { /* Traditional Microsoft style table with sal_uInt16 version and nTables fields */
ttf->nkern = GetUInt16(table, 2, 1);
- ttf->kerntables = (const sal_uInt8**)calloc(ttf->nkern, sizeof(sal_uInt8 *));
- assert(ttf->kerntables != 0);
ttf->kerntype = KT_MICROSOFT;
ptr = table + 4;
+
+ const sal_uInt32 remaining_table_size = nTableSize-4;
+ const sal_uInt32 nMinRecordSize = 2;
+ const sal_uInt32 nMaxRecords = remaining_table_size / nMinRecordSize;
+ if (ttf->nkern > nMaxRecords)
+ {
+ SAL_WARN("vcl.fonts", "Parsing error in " << OUString::createFromAscii(ttf->fname) <<
+ ": " << nMaxRecords << " max possible entries, but " <<
+ ttf->nkern << " claimed, truncating");
+ ttf->nkern = nMaxRecords;
+ }
+
+ ttf->kerntables = (const sal_uInt8**)calloc(ttf->nkern, sizeof(sal_uInt8 *));
+ assert(ttf->kerntables != 0);
+
for( unsigned i = 0; i < ttf->nkern; ++i) {
ttf->kerntables[i] = ptr;
ptr += GetUInt16(ptr, 2, 1);
@@ -1367,10 +1381,23 @@ static void GetKern(TrueTypeFont *ttf)
if (GetUInt32(table, 0, 1) == 0x00010000) { /* MacOS style kern tables: fixed32 version and sal_uInt32 nTables fields */
ttf->nkern = GetUInt32(table, 4, 1);
- ttf->kerntables = (const sal_uInt8**)calloc(ttf->nkern, sizeof(sal_uInt8 *));
- assert(ttf->kerntables != 0);
ttf->kerntype = KT_APPLE_NEW;
ptr = table + 8;
+
+ const sal_uInt32 remaining_table_size = nTableSize-8;
+ const sal_uInt32 nMinRecordSize = 4;
+ const sal_uInt32 nMaxRecords = remaining_table_size / nMinRecordSize;
+ if (ttf->nkern > nMaxRecords)
+ {
+ SAL_WARN("vcl.fonts", "Parsing error in " << OUString::createFromAscii(ttf->fname) <<
+ ": " << nMaxRecords << " max possible entries, but " <<
+ ttf->nkern << " claimed, truncating");
+ ttf->nkern = nMaxRecords;
+ }
+
+ ttf->kerntables = (const sal_uInt8**)calloc(ttf->nkern, sizeof(sal_uInt8 *));
+ assert(ttf->kerntables != 0);
+
for( unsigned i = 0; i < ttf->nkern; ++i) {
ttf->kerntables[i] = ptr;
ptr += GetUInt32(ptr, 0, 1);
commit 703beb33b1a71a36e2b0381aa015c683323d8835
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 12 15:41:51 2014 +0000
coverity#1213370 Untrusted value as argument
Change-Id: I89e29dd0382c60b0aeadc9f664e8c2784e216f2f
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 9ee4988..3966c8d 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -2648,6 +2648,17 @@ int GetTTNameRecords(TrueTypeFont *ttf, NameRecord **nr)
*nr = 0;
if (n == 0) return 0;
+ const sal_uInt32 remaining_table_size = nTableSize-6;
+ const sal_uInt32 nMinRecordSize = 12;
+ const sal_uInt32 nMaxRecords = remaining_table_size / nMinRecordSize;
+ if (n > nMaxRecords)
+ {
+ SAL_WARN("vcl.fonts", "Parsing error in " << OUString::createFromAscii(ttf->fname) <<
+ ": " << nMaxRecords << " max possible entries, but " <<
+ n << " claimed, truncating");
+ n = nMaxRecords;
+ }
+
NameRecord* rec = (NameRecord*)calloc(n, sizeof(NameRecord));
for (i = 0; i < n; i++) {
commit 0a7b110d9ed617c9a8be15736709fe54ce18038d
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 12 15:09:36 2014 +0000
coverity#1242813 Unused value
and
coverity#1242867 Unused value
Change-Id: I8ad069a5a84b97e956cafcd925fd733fb5ed9b2e
diff --git a/store/source/storpage.cxx b/store/source/storpage.cxx
index b97a945..5599eef 100644
--- a/store/source/storpage.cxx
+++ b/store/source/storpage.cxx
@@ -919,13 +919,13 @@ storeError OStorePageManager::rebuild (
continue;
// Write 'Destination' data page. @@@ READONLY @@@
- eErrCode = aDstPage.write (i, aData, *this);
+ (void) aDstPage.write (i, aData, *this);
}
}
// Update 'Destination' directory page.
aDstPage.dataLength (nDataLen);
- eErrCode = base::saveObjectAt (aDstPage, aDstPage.location());
+ (void) base::saveObjectAt (aDstPage, aDstPage.location());
}
// Save directory scan results.
commit 22681a96efc8c34b623679f59899ba76b2cd580e
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 12 15:04:44 2014 +0000
coverity#1242892 Untrusted value as argument
Change-Id: I6a384b0cf8a08883a0bfab8fd62a2e6badeb09cd
diff --git a/sc/source/filter/excel/xistream.cxx b/sc/source/filter/excel/xistream.cxx
index ceaf16a..08b912b 100644
--- a/sc/source/filter/excel/xistream.cxx
+++ b/sc/source/filter/excel/xistream.cxx
@@ -986,6 +986,7 @@ void XclImpStream::IgnoreUniString( sal_uInt16 nChars )
OUString XclImpStream::ReadRawByteString( sal_uInt16 nChars )
{
+ nChars = GetMaxRawReadSize(nChars);
boost::scoped_array<sal_Char> pcBuffer(new sal_Char[ nChars + 1 ]);
sal_uInt16 nCharsRead = ReadRawData( pcBuffer.get(), nChars );
pcBuffer[ nCharsRead ] = '\0';
commit c4f821f17cb8c970d1d8abd86a1f780250d96734
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 12 14:39:40 2014 +0000
coverity#735657 Division or modulo by float zero
or maybe this is closed to the original intent
Change-Id: I0df98616de0b7612acc35e406d34ef9d56c8585c
diff --git a/sw/source/core/layout/layact.cxx b/sw/source/core/layout/layact.cxx
index f664f70..64428e1 100644
--- a/sw/source/core/layout/layact.cxx
+++ b/sw/source/core/layout/layact.cxx
@@ -474,8 +474,7 @@ void SwLayAction::InternalAction()
sal_uInt16 nPercentPageNum = 0;
while ( (pPage && !IsInterrupt()) || nCheckPageNum != USHRT_MAX )
{
- if ( !pPage && nCheckPageNum != USHRT_MAX &&
- (!pPage || pPage->GetPhyPageNum() >= nCheckPageNum) )
+ if (!pPage || (nCheckPageNum != USHRT_MAX && pPage->GetPhyPageNum() >= nCheckPageNum))
{
if ( !pPage || pPage->GetPhyPageNum() > nCheckPageNum )
{
commit c75d632c85ddf18d51b98894a424e178a77dd2d3
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 12 13:42:57 2014 +0000
coverity#735657 Division or modulo by float zero
Change-Id: I001cc2b0c8866956d9fffb67f3a30306f9b02e63
diff --git a/vcl/source/gdi/bitmap4.cxx b/vcl/source/gdi/bitmap4.cxx
index 26239bd..9236308 100644
--- a/vcl/source/gdi/bitmap4.cxx
+++ b/vcl/source/gdi/bitmap4.cxx
@@ -787,11 +787,19 @@ bool Bitmap::ImplMosaic( const BmpFilterParam* pFilterParam, const Link* /*pProg
pWriteAcc = pNewBmp->AcquireWriteAccess();
}
- if( pReadAcc && pWriteAcc )
+ bool bConditionsMet = false;
+ long nWidth;
+ long nHeight;
+ if (pReadAcc && pWriteAcc)
+ {
+ nWidth = pReadAcc->Width();
+ nHeight = pReadAcc->Height();
+ bConditionsMet = (nWidth > 0 && nHeight > 0);
+ }
+
+ if (bConditionsMet)
{
BitmapColor aCol;
- long nWidth = pReadAcc->Width();
- long nHeight = pReadAcc->Height();
long nX, nY, nX1, nX2, nY1, nY2, nSumR, nSumG, nSumB;
double fArea_1;
More information about the Libreoffice-commits
mailing list