[Libreoffice-commits] core.git: Branch 'libreoffice-4-4' - sw/qa sw/source

Tue Aug 25 00:57:12 PDT 2015

sw/qa/core/data/ww5/pass/hang-1.doc |binary
 sw/source/filter/ww8/ww8scan.cxx    |   19 ++++++++++++++++++-
 sw/source/filter/ww8/ww8scan.hxx    |    1 +
 3 files changed, 19 insertions(+), 1 deletion(-)

New commits:
commit 76bd64a9d09e06a38747c25f9ad93dff5376aeaf
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Mon Aug 24 12:36:41 2015 +0100

    guard against hangs with bogus unsorted plcfs
    
    This reverts commit 6d21cbd1238556535ec1bb1adf35b25bc8eb898b.
    
    (cherry picked from commit 74c0f74422671f8005f2cfc0ae94e5656bcea31e)
    
    Change-Id: I309302ab5357b8404ee4c75bd0bfcb4f816e0588
    Reviewed-on: https://gerrit.libreoffice.org/17953
    Reviewed-by: David Tardon <dtardon at redhat.com>
    Tested-by: David Tardon <dtardon at redhat.com>

diff --git a/sw/qa/core/data/ww5/pass/hang-1.doc b/sw/qa/core/data/ww5/pass/hang-1.doc
new file mode 100644
index 0000000..6033724
Binary files /dev/null and b/sw/qa/core/data/ww5/pass/hang-1.doc differ
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 7b65eb6..0339495 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -2121,7 +2121,9 @@ void WW8PLCF::ReadPLCF(SvStream& rSt, WW8_FC nFilePos, sal_uInt32 nPLCF)
         nIdx = 0;
 #endif // OSL_BIGENDIAN
         // Pointer to content array
-        pPLCF_Contents = (sal_uInt8*)&pPLCF_PosArray[nIMax + 1];
+        pPLCF_Contents = reinterpret_cast<sal_uInt8*>(&pPLCF_PosArray[nIMax + 1]);
+
+        TruncToSortedRange();
     }
 
     OSL_ENSURE(bValid, "Document has corrupt PLCF, ignoring it");
@@ -2141,6 +2143,21 @@ void WW8PLCF::MakeFailedPLCF()
     pPLCF_Contents = (sal_uInt8*)&pPLCF_PosArray[nIMax + 1];
 }
 
+void WW8PLCF::TruncToSortedRange()
+{
+    //Docs state that: ... all Plcs ... are sorted in ascending order.
+    //So ensure that here for broken documents.
+    for (auto nI = 0; nI < nIMax; ++nI)
+    {
+        if (pPLCF_PosArray[nI] > pPLCF_PosArray[nI+1])
+        {
+            SAL_WARN("sw.ww8", "Document has unsorted PLCF, truncated to sorted portion");
+            nIMax = nI;
+            break;
+        }
+    }
+}
+
 void WW8PLCF::GeneratePLCF(SvStream& rSt, sal_Int32 nPN, sal_Int32 ncpN)
 {
     OSL_ENSURE( nIMax < ncpN, "Pcl.Fkp: Why is PLCF too big?" );
diff --git a/sw/source/filter/ww8/ww8scan.hxx b/sw/source/filter/ww8/ww8scan.hxx
index 57e53e9..d931e1c 100644
--- a/sw/source/filter/ww8/ww8scan.hxx
+++ b/sw/source/filter/ww8/ww8scan.hxx
@@ -292,6 +292,7 @@ private:
 
     void MakeFailedPLCF();
 
+    void TruncToSortedRange();
 public:
     WW8PLCF(SvStream& rSt, WW8_FC nFilePos, sal_Int32 nPLCF, int nStruct,
         WW8_CP nStartPos = -1);
