[Libreoffice-commits] libvisio.git: 2 commits - src/lib src/test

[David Tardon]

 src/lib/VSD5Parser.cpp  |   16 ++++++++++++----
 src/test/importtest.cpp |    2 +-
 2 files changed, 13 insertions(+), 5 deletions(-)

New commits:
commit 77a88f128700e434c093eb53590be63022edbdea
Author: David Tardon <dtardon at redhat.com>
Date:   Tue Jul 21 17:35:13 2015 +0200

    avoid overflows when reading chunk records
    
    Change-Id: Iea13e63e977348a449b68eca329146ae6f097197

diff --git a/src/lib/VSD5Parser.cpp b/src/lib/VSD5Parser.cpp
index 00cbf06..79b638b 100644
--- a/src/lib/VSD5Parser.cpp
+++ b/src/lib/VSD5Parser.cpp
@@ -102,7 +102,12 @@ void libvisio::VSD5Parser::handleChunkRecords(librevenge::RVNGInputStream *input
   long endPosition = input->tell() + m_header.dataLength;
   input->seek(endPosition - 4, librevenge::RVNG_SEEK_SET);
   unsigned numRecords = readU16(input);
+  const long headerPosition = endPosition - 4 * (numRecords + 1);
+  if (headerPosition <= startPosition) // no records to read
+    return;
   unsigned endOffset = readU16(input);
+  if (long(endOffset) > (headerPosition - startPosition))
+    endOffset = unsigned(headerPosition - startPosition); // try to read something anyway
   std::map<unsigned, ChunkHeader> records;
   input->seek(endPosition-4*(numRecords+1), librevenge::RVNG_SEEK_SET);
   unsigned i = 0;
@@ -114,10 +119,13 @@ void libvisio::VSD5Parser::handleChunkRecords(librevenge::RVNGInputStream *input
     unsigned tmpStart = offset;
     while (tmpStart % 4)
       tmpStart++;
-    header.dataLength = endOffset - tmpStart;
-    header.level = m_header.level + 1;
-    records[tmpStart] = header;
-    endOffset = offset;
+    if (tmpStart < endOffset)
+    {
+      header.dataLength = endOffset - tmpStart;
+      header.level = m_header.level + 1;
+      records[tmpStart] = header;
+      endOffset = offset;
+    }
   }
   i = 0;
   for (std::map<unsigned, ChunkHeader>::iterator iter = records.begin(); iter != records.end(); ++iter)
commit 2bdd7a9bfd1ed1606b7348602196f0a2baf0c099
Author: David Tardon <dtardon at redhat.com>
Date:   Tue Jul 21 17:35:19 2015 +0200

    astyle
    
    Change-Id: I51eebdceb176ae9ded9860010a6b691d0af4cf95

diff --git a/src/test/importtest.cpp b/src/test/importtest.cpp
index 705a8c7..c09bfd8 100644
--- a/src/test/importtest.cpp
+++ b/src/test/importtest.cpp
@@ -85,7 +85,7 @@ void assertXPathNoAttribute(xmlDocPtr doc, const librevenge::RVNGString &xpath,
   message2.append("' unexpected '");
   message2.append(attribute);
   message2.append("' attribute");
-  CPPUNIT_ASSERT_EQUAL_MESSAGE(message2.cstr(), static_cast<xmlChar*>(0), xmlGetProp(node, BAD_CAST(attribute.cstr())));
+  CPPUNIT_ASSERT_EQUAL_MESSAGE(message2.cstr(), static_cast<xmlChar *>(0), xmlGetProp(node, BAD_CAST(attribute.cstr())));
   xmlXPathFreeObject(xpathobject);
 }