[Libreoffice-commits] libmspub.git: src/lib

David Tardon dtardon at redhat.com
Tue Aug 18 03:18:51 PDT 2015 

 src/lib/MSPUBParser2k.cpp |   33 ++++++++++++++++++++++++++++++++-
 src/lib/MSPUBParser2k.h   |    2 ++
 2 files changed, 34 insertions(+), 1 deletion(-)

New commits:
commit 98de8427131ba3203f38739a86c9af6e81367644
Author: David Tardon <dtardon at redhat.com>
Date:   Tue Aug 18 12:13:54 2015 +0200

    afl: avoid stack overflow
    
    Change-Id: I920e3ef946e415aec3554fbb852d95f596e31405

diff --git a/src/lib/MSPUBParser2k.cpp b/src/lib/MSPUBParser2k.cpp
index 3f2aaf3..c0c7413 100644
--- a/src/lib/MSPUBParser2k.cpp
+++ b/src/lib/MSPUBParser2k.cpp
@@ -22,11 +22,35 @@
 namespace libmspub
 {
 
+namespace
+{
+
+class ChunkNestingGuard
+{
+public:
+  ChunkNestingGuard(std::deque<unsigned> &chunks, const unsigned seqNum)
+    : m_chunks(chunks)
+  {
+    m_chunks.push_front(seqNum);
+  }
+
+  ~ChunkNestingGuard()
+  {
+    m_chunks.pop_front();
+  }
+
+private:
+  std::deque<unsigned> &m_chunks;
+};
+
+}
+
 MSPUBParser2k::MSPUBParser2k(librevenge::RVNGInputStream *input, MSPUBCollector *collector)
   : MSPUBParser(input, collector),
     m_imageDataChunkIndices(),
     m_quillColorEntries(),
-    m_chunkChildIndicesById()
+    m_chunkChildIndicesById(),
+    m_chunksBeingRead()
 {
 }
 
@@ -479,6 +503,13 @@ void MSPUBParser2k::parseShapeRotation(librevenge::RVNGInputStream *input, bool
 bool MSPUBParser2k::parse2kShapeChunk(const ContentChunkReference &chunk, librevenge::RVNGInputStream *input,
                                       boost::optional<unsigned> pageSeqNum, bool topLevelCall)
 {
+  if (find(m_chunksBeingRead.begin(), m_chunksBeingRead.end(), chunk.seqNum) != m_chunksBeingRead.end())
+  {
+    MSPUB_DEBUG_MSG(("chunk %u is nested in itself", chunk.seqNum));
+    return false;
+  }
+  const ChunkNestingGuard guard(m_chunksBeingRead, chunk.seqNum);
+
   unsigned page = pageSeqNum.get_value_or(chunk.parentSeqNum);
   input->seek(chunk.offset, librevenge::RVNG_SEEK_SET);
   if (topLevelCall)
diff --git a/src/lib/MSPUBParser2k.h b/src/lib/MSPUBParser2k.h
index f50e365..0d0ec57 100644
--- a/src/lib/MSPUBParser2k.h
+++ b/src/lib/MSPUBParser2k.h
@@ -10,6 +10,7 @@
 #ifndef __MSPUBPARSER2K_H__
 #define __MSPUBPARSER2K_H__
 
+#include <deque>
 #include <vector>
 #include <map>
 
@@ -25,6 +26,7 @@ class MSPUBParser2k : public MSPUBParser
   std::vector<unsigned> m_imageDataChunkIndices;
   std::vector<unsigned> m_quillColorEntries;
   std::map<unsigned, std::vector<unsigned> > m_chunkChildIndicesById;
+  std::deque<unsigned> m_chunksBeingRead;
 
 protected:
   // helper functions

More information about the Libreoffice-commits mailing list