[Libreoffice-commits] core.git: Branch 'libreoffice-5-0' - filter/source sd/qa sd/source

[Caolán McNamara]

 filter/source/msfilter/svdfppt.cxx  |   14 ++++++++++++--
 sd/qa/unit/data/ppt/pass/hang-1.ppt |binary
 sd/source/filter/ppt/pptin.cxx      |    7 ++++++-
 3 files changed, 18 insertions(+), 3 deletions(-)

New commits:
commit aa9a5f6c7f4fb2edce07ad42c3937ea66893b611
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Wed Aug 26 12:35:01 2015 +0100

    don't hang on unreachable record ends
    
    Change-Id: I288f7ff0327831603eda6e827c8acbae678dfaff
    (cherry picked from commit cadac8400a018c8c566379f7767ea5edff78523d)
    Reviewed-on: https://gerrit.libreoffice.org/18017
    Reviewed-by: David Tardon <dtardon at redhat.com>
    Tested-by: David Tardon <dtardon at redhat.com>

diff --git a/filter/source/msfilter/svdfppt.cxx b/filter/source/msfilter/svdfppt.cxx
index 2d77718..c9033c9 100644
--- a/filter/source/msfilter/svdfppt.cxx
+++ b/filter/source/msfilter/svdfppt.cxx
@@ -4071,8 +4071,18 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader& rSlideHd, SvStream& rIn, Sd
     }
 
     rSlideHd.SeekToContent( rIn );
+
+    auto nEndRecPos = rSlideHd.GetRecEndFilePos();
+    auto nStreamLen = rIn.Tell() + rIn.remainingSize();
+    if (nEndRecPos > nStreamLen)
+    {
+        SAL_WARN("filter.ms", "Parsing error: " << nStreamLen <<
+                 " max end pos, but " << nEndRecPos << " claimed, truncating");
+        nEndRecPos = nStreamLen;
+    }
+
     DffRecordHeader aTxMasterStyleHd;
-    while ( rIn.Tell() < rSlideHd.GetRecEndFilePos() )
+    while (rIn.Tell() < nEndRecPos)
     {
         ReadDffRecordHeader( rIn, aTxMasterStyleHd );
         if ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom )
@@ -4080,7 +4090,7 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader& rSlideHd, SvStream& rIn, Sd
         else
             aTxMasterStyleHd.SeekToEndOfRecord( rIn );
     }
-    while ( ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom ) && ( rIn.Tell() < rSlideHd.GetRecEndFilePos() ) ) //TODO: aTxMasterStyleHd may be used without having been properly initialized
+    while ( ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom ) && ( rIn.Tell() < nEndRecPos ) ) //TODO: aTxMasterStyleHd may be used without having been properly initialized
     {
         sal_uInt32 nInstance = aTxMasterStyleHd.nRecInstance;
         if ( ( nInstance < PPT_STYLESHEETENTRYS ) &&
diff --git a/sd/qa/unit/data/ppt/pass/hang-1.ppt b/sd/qa/unit/data/ppt/pass/hang-1.ppt
new file mode 100644
index 0000000..d30cb84
Binary files /dev/null and b/sd/qa/unit/data/ppt/pass/hang-1.ppt differ
diff --git a/sd/source/filter/ppt/pptin.cxx b/sd/source/filter/ppt/pptin.cxx
index 8b1eee6..d475eb2 100644
--- a/sd/source/filter/ppt/pptin.cxx
+++ b/sd/source/filter/ppt/pptin.cxx
@@ -814,7 +814,12 @@ bool ImplSdPPTImport::Import()
                             }
                             break;
                         }
-                        aHd.SeekToEndOfRecord( rStCtrl );
+                        bool bSuccess = aHd.SeekToEndOfRecord(rStCtrl);
+                        if (!bSuccess)
+                        {
+                            SAL_WARN("filter.ms", "Count not seek to end of record");
+                            break;
+                        }
                     }
                 }
                 rStCtrl.Seek( nFPosMerk );