[Libreoffice-commits] core.git: Branch 'libreoffice-4-3' - svx/source

Michael Stahl mstahl at redhat.com
Tue Nov 25 08:49:58 PST 2014 

 svx/source/items/customshapeitem.cxx |   42 ++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

New commits:
commit aa601f94cf39dcdc1aea619d526c894e2697da23
Author: Michael Stahl <mstahl at redhat.com>
Date:   Sat Nov 22 00:21:19 2014 +0100

    svx: punish evil-doers who put duplicate properties into custom shapes
    
    LO 4.3.2.2 is evidently able to export an ODF document that violates
    XML Well-formedness constraint: Unique Att Spec.
    
    <draw:enhanced-geometry
     draw:mirror-horizontal="false"
     draw:mirror-vertical="false"
     svg:viewBox="0 0 21679 2134682997"
     draw:text-areas="0 0 ?f3 ?f2"
     draw:mirror-vertical="true"
     draw:type="ooxml-rect"
     draw:enhanced-path="M 0 0 L ?f3 0 ?f3 ?f2 0 ?f2 Z N">
    
    Not sure how to reproduce this, but the attributes there are apparently a
    serialization of SdrCustomShapeGeometryItem's aPropSeq,
    retrieved from a "CustomShapeGeometry" property, so add some input
    validation and assertions there.
    
    (cherry picked from commit 7fcbb29db802acd8c0f32e8ff578ef4b2f82c46b)
    
    Backport adapted to remove C++11 lambdas.
    
    Change-Id: I91151365b507779a4bdc9cce2057d34f2376f005
    Reviewed-on: https://gerrit.libreoffice.org/13111
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/svx/source/items/customshapeitem.cxx b/svx/source/items/customshapeitem.cxx
index 25bea99..fe7942e 100644
--- a/svx/source/items/customshapeitem.cxx
+++ b/svx/source/items/customshapeitem.cxx
@@ -46,7 +46,14 @@ SdrCustomShapeGeometryItem::SdrCustomShapeGeometryItem( const uno::Sequence< bea
     for ( i = 0; i < aPropSeq.getLength(); i++ )
     {
         beans::PropertyValue& rPropVal = aPropSeq[ i ];
-        aPropHashMap[ rPropVal.Name ] = i;
+        std::pair<PropertyHashMap::iterator, bool> const ret(
+                aPropHashMap.insert(std::make_pair(rPropVal.Name, i)));
+        assert(ret.second); // serious bug: duplicate xml attribute exported
+        if (!ret.second)
+        {
+            throw uno::RuntimeException(
+                "CustomShapeGeometry has duplicate property " + rPropVal.Name, 0);
+        }
         if ( rPropVal.Value.getValueType() == ::getCppuType((const ::com::sun::star::uno::Sequence < beans::PropertyValue >*)0) )
         {
             uno::Sequence< beans::PropertyValue >& rPropSeq = *( uno::Sequence< beans::PropertyValue >*)rPropVal.Value.getValue();
@@ -88,6 +95,19 @@ com::sun::star::uno::Any* SdrCustomShapeGeometryItem::GetPropertyValueByName( co
     return pRet;
 }
 
+struct FindByName
+{
+    beans::PropertyValue const& m_rPropertyValue;
+    FindByName(beans::PropertyValue const& rPropertyValue)
+        : m_rPropertyValue(rPropertyValue)
+    {
+    }
+    bool operator()(beans::PropertyValue const& rVal)
+    {
+        return rVal.Name == m_rPropertyValue.Name;
+    }
+};
+
 void SdrCustomShapeGeometryItem::SetPropertyValue( const com::sun::star::beans::PropertyValue& rPropVal )
 {
     com::sun::star::uno::Any* pAny = GetPropertyValueByName( rPropVal.Name );
@@ -119,6 +139,8 @@ void SdrCustomShapeGeometryItem::SetPropertyValue( const com::sun::star::beans::
     }
     else
     {   // it's a new property
+        assert(aPropSeq.end() == std::find_if(aPropSeq.begin(), aPropSeq.end(),
+             FindByName(rPropVal)));
         sal_uInt32 nIndex = aPropSeq.getLength();
         aPropSeq.realloc( nIndex + 1 );
         aPropSeq[ nIndex ] = rPropVal ;
@@ -142,6 +164,8 @@ void SdrCustomShapeGeometryItem::SetPropertyValue( const OUString& rSequenceName
             aValue.Name = rSequenceName;
             aValue.Value = ::com::sun::star::uno::makeAny( aSeq );
 
+            assert(aPropSeq.end() == std::find_if(aPropSeq.begin(), aPropSeq.end(),
+                FindByName(aValue)));
             sal_uInt32 nIndex = aPropSeq.getLength();
             aPropSeq.realloc( nIndex + 1 );
             aPropSeq[ nIndex ] = aValue;
@@ -284,7 +308,23 @@ bool SdrCustomShapeGeometryItem::PutValue( const uno::Any& rVal, sal_uInt8 /*nMe
     if ( ! ( rVal >>= aPropSeq ) )
         return false;
     else
+    {
+        for (sal_Int32 i = 0; i < aPropSeq.getLength(); ++i)
+        {
+            for (sal_Int32 j = i+1; j < aPropSeq.getLength(); ++j)
+            {
+                if (aPropSeq[i].Name == aPropSeq[j].Name)
+                {
+                    assert(0); // serious bug: duplicate xml attribute exported
+                    OUString const name(aPropSeq[i].Name);
+                    aPropSeq.realloc(0);
+                    throw uno::RuntimeException(
+                        "CustomShapeGeometry has duplicate property " + name, 0);
+                }
+            }
+        }
         return true;
+    }
 }
 const uno::Sequence< beans::PropertyValue >& SdrCustomShapeGeometryItem::GetGeometry() const
 {

More information about the Libreoffice-commits mailing list