[Libreoffice-commits] libcdr.git: 5 commits - src/lib

David Tardon dtardon at redhat.com
Thu Nov 20 07:46:45 PST 2014 

 src/lib/CDRDocument.cpp        |    6 ++++++
 src/lib/CDRInternalStream.cpp  |    3 +++
 src/lib/CDRParser.cpp          |    2 ++
 src/lib/CDRStylesCollector.cpp |    4 +++-
 src/lib/CMXDocument.cpp        |    6 ++++++
 5 files changed, 20 insertions(+), 1 deletion(-)

New commits:
commit 983bc0a2e969b011760956d739260a181001a855
Author: David Tardon <dtardon at redhat.com>
Date:   Thu Nov 20 16:31:17 2014 +0100

    deinit z_stream properly if reading from input fails
    
    Change-Id: I5a2ce38daf8f251029ccf8c1458025f950fe2af2

diff --git a/src/lib/CDRInternalStream.cpp b/src/lib/CDRInternalStream.cpp
index cdef100..11ecb0f 100644
--- a/src/lib/CDRInternalStream.cpp
+++ b/src/lib/CDRInternalStream.cpp
@@ -61,7 +61,10 @@ libcdr::CDRInternalStream::CDRInternalStream(librevenge::RVNGInputStream *input,
     const unsigned char *tmpBuffer = input->read(size, tmpNumBytesRead);
 
     if (size != tmpNumBytesRead)
+    {
+      (void)inflateEnd(&strm);
       return;
+    }
 
     strm.avail_in = (uInt)tmpNumBytesRead;
     strm.next_in = (Bytef *)tmpBuffer;
commit 1d605d21e7b5f87c1ad18ff2e7dc03a092a6e557
Author: David Tardon <dtardon at redhat.com>
Date:   Thu Nov 20 16:15:49 2014 +0100

    avoid out-of-bounds read
    
    Change-Id: I6b43ce6e7160789bdd99aabf8632bfc3431d4b7d

diff --git a/src/lib/CDRStylesCollector.cpp b/src/lib/CDRStylesCollector.cpp
index f6aa912..7ead9b1 100644
--- a/src/lib/CDRStylesCollector.cpp
+++ b/src/lib/CDRStylesCollector.cpp
@@ -113,6 +113,8 @@ void libcdr::CDRStylesCollector::collectBmp(unsigned imageId, unsigned colorMode
       while (i < lineWidth && i < width)
       {
         unsigned char c = bitmap[j*lineWidth+i];
+        if (c >= palette.size())
+          c = palette.size() - 1;
         i++;
         writeU32(image, m_ps.getBMPColor(libcdr::CDRColor(colorModel, palette[c])));
       }
commit 629dadcd8002d077fdd4f30d4e7f156b03e644f8
Author: David Tardon <dtardon at redhat.com>
Date:   Thu Nov 20 15:36:46 2014 +0100

    nothing to do here if there's no bitmap data to read
    
    Change-Id: I07d1540d44dc97d7fbb88db363123cb28b7d812d

diff --git a/src/lib/CDRParser.cpp b/src/lib/CDRParser.cpp
index 70fa511..d9d66c9 100644
--- a/src/lib/CDRParser.cpp
+++ b/src/lib/CDRParser.cpp
@@ -2277,6 +2277,8 @@ void libcdr::CDRParser::readBmp(librevenge::RVNGInputStream *input, unsigned len
       palette.push_back(b | (g << 8) | (r << 16));
     }
   }
+  if (bmpsize == 0)
+    return;
   std::vector<unsigned char> bitmap(bmpsize);
   unsigned long tmpNumBytesRead = 0;
   const unsigned char *tmpBuffer = input->read(bmpsize, tmpNumBytesRead);
commit 4a1be786ced3083a9a609e4aa2af9bc5b89ec21e
Author: David Tardon <dtardon at redhat.com>
Date:   Thu Nov 20 15:32:41 2014 +0100

    avoid out-of-bounds read
    
    Change-Id: I5510b80b9c6d1512f2e6e8bb25f48fb0bcded515

diff --git a/src/lib/CDRStylesCollector.cpp b/src/lib/CDRStylesCollector.cpp
index bce3d7f..f6aa912 100644
--- a/src/lib/CDRStylesCollector.cpp
+++ b/src/lib/CDRStylesCollector.cpp
@@ -244,7 +244,7 @@ void libcdr::CDRStylesCollector::collectText(unsigned textId, unsigned styleId,
 
     }
     tmpTextData.push_back(data[j++]);
-    if (tmpCharDescription & 0x01)
+    if ((tmpCharDescription & 0x01) && (j < data.size()))
       tmpTextData.push_back(data[j++]);
   }
   if (!tmpTextData.empty())
commit 88b4e8b39c3c187e2262786d469b0a9d9e2eae9d
Author: David Tardon <dtardon at redhat.com>
Date:   Tue Jul 29 18:22:41 2014 +0200

    check arguments
    
    Change-Id: I62f5abfe8f954f9825befcad589ded09ae8f7700

diff --git a/src/lib/CDRDocument.cpp b/src/lib/CDRDocument.cpp
index 5509716..de6ec95 100644
--- a/src/lib/CDRDocument.cpp
+++ b/src/lib/CDRDocument.cpp
@@ -61,6 +61,9 @@ stream is a Corel Draw Document that libcdr is able to parse
 */
 CDRAPI bool libcdr::CDRDocument::isSupported(librevenge::RVNGInputStream *input)
 {
+  if (!input)
+    return false;
+
   librevenge::RVNGInputStream *tmpInput = input;
   try
   {
@@ -104,6 +107,9 @@ CDRPaintInterface class implementation when needed. This is often commonly calle
 */
 CDRAPI bool libcdr::CDRDocument::parse(librevenge::RVNGInputStream *input, librevenge::RVNGDrawingInterface *painter)
 {
+  if (!input || !painter)
+    return false;
+
   input->seek(0, librevenge::RVNG_SEEK_SET);
   bool retVal = false;
   unsigned version = 0;
diff --git a/src/lib/CMXDocument.cpp b/src/lib/CMXDocument.cpp
index 74f8619..ff8df44 100644
--- a/src/lib/CMXDocument.cpp
+++ b/src/lib/CMXDocument.cpp
@@ -25,6 +25,9 @@ stream is a Corel Draw Document that libcdr is able to parse
 CDRAPI bool libcdr::CMXDocument::isSupported(librevenge::RVNGInputStream *input)
 try
 {
+  if (!input)
+    return false;
+
   input->seek(0, librevenge::RVNG_SEEK_SET);
   unsigned riff = readU32(input);
   if (riff != CDR_FOURCC_RIFF && riff != CDR_FOURCC_RIFX)
@@ -56,6 +59,9 @@ CDRPaintInterface class implementation when needed. This is often commonly calle
 */
 CDRAPI bool libcdr::CMXDocument::parse(librevenge::RVNGInputStream *input, librevenge::RVNGDrawingInterface *painter)
 {
+  if (!input || !painter)
+    return false;
+
   input->seek(0, librevenge::RVNG_SEEK_SET);
   CDRParserState ps;
   CDRStylesCollector stylesCollector(ps);

More information about the Libreoffice-commits mailing list