[Libreoffice-commits] core.git: sot/qa sot/source sw/qa

Caolán McNamara caolanm at redhat.com
Wed Jul 22 09:12:49 PDT 2015


 dev/null                                     |binary
 sot/qa/cppunit/data/fail/fdo41642-2.compound |binary
 sot/source/sdstor/stgdir.cxx                 |   11 ++++++++---
 sot/source/sdstor/stgdir.hxx                 |    3 ++-
 sot/source/sdstor/stgelem.cxx                |   25 ++++++++++++++++++++-----
 sot/source/sdstor/stgelem.hxx                |    2 +-
 sw/qa/core/data/ww8/fail/hang-2.doc          |binary
 sw/qa/core/data/ww8/pass/tdf57532-1.doc      |binary
 8 files changed, 31 insertions(+), 10 deletions(-)

New commits:
commit 786573068dce1f71c53057f98b5822c401c9f3ff
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Wed Jul 22 09:24:53 2015 +0100

    limit storage entry max size to size of underlying stream
    
    Change-Id: Ie3772338009c07fea40b637621b1170863830e14
    Reviewed-on: https://gerrit.libreoffice.org/17296
    Reviewed-by: Michael Meeks <michael.meeks at collabora.com>
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/sot/qa/cppunit/data/pass/fdo41642-2.compound b/sot/qa/cppunit/data/fail/fdo41642-2.compound
similarity index 100%
rename from sot/qa/cppunit/data/pass/fdo41642-2.compound
rename to sot/qa/cppunit/data/fail/fdo41642-2.compound
diff --git a/sot/source/sdstor/stgdir.cxx b/sot/source/sdstor/stgdir.cxx
index 6ee4a61..e2c8bf7 100644
--- a/sot/source/sdstor/stgdir.cxx
+++ b/sot/source/sdstor/stgdir.cxx
@@ -48,9 +48,9 @@
 // Problem der Implementation: Keine Hierarchischen commits. Daher nur
 // insgesamt transaktionsorientert oder direkt.
 
-StgDirEntry::StgDirEntry( const void* pBuffer, sal_uInt32 nBufferLen, bool * pbOk ) : StgAvlNode()
+StgDirEntry::StgDirEntry( const void* pBuffer, sal_uInt32 nBufferLen, sal_uInt64 nUnderlyingStreamSize, bool * pbOk ) : StgAvlNode()
 {
-    *pbOk = aEntry.Load( pBuffer, nBufferLen );
+    *pbOk = aEntry.Load( pBuffer, nBufferLen, nUnderlyingStreamSize );
 
     InitMembers();
 }
@@ -819,8 +819,13 @@ void StgDirStrm::SetupEntry( sal_Int32 n, StgDirEntry* pUpper )
     void* p = ( n == STG_FREE ) ? NULL : GetEntry( n );
     if( p )
     {
+        SvStream *pUnderlyingStream = rIo.GetStrm();
+        sal_uInt64 nCur = pUnderlyingStream->Tell();
+        sal_uInt64 nUnderlyingStreamSize = pUnderlyingStream->Seek(STREAM_SEEK_TO_END);
+        pUnderlyingStream->Seek(nCur);
+
         bool bOk(false);
-        StgDirEntry* pCur = new StgDirEntry( p, STGENTRY_SIZE, &bOk );
+        StgDirEntry* pCur = new StgDirEntry( p, STGENTRY_SIZE, nUnderlyingStreamSize, &bOk );
 
         if( !bOk )
         {
diff --git a/sot/source/sdstor/stgdir.hxx b/sot/source/sdstor/stgdir.hxx
index c0924f1..55be53d 100644
--- a/sot/source/sdstor/stgdir.hxx
+++ b/sot/source/sdstor/stgdir.hxx
@@ -62,7 +62,8 @@ public:
     bool         bDirect;                   // true: direct mode
     bool         bZombie;                   // true: Removed From StgIo
     bool         bInvalid;                  // true: invalid entry
-    StgDirEntry( const void* pBuffer, sal_uInt32 nBufferLen, bool * pbOk );
+    StgDirEntry(const void* pBuffer, sal_uInt32 nBufferLen,
+                sal_uInt64 nUnderlyingStreamSize, bool * pbOk);
     StgDirEntry( const StgEntry& );
     virtual ~StgDirEntry();
 
diff --git a/sot/source/sdstor/stgelem.cxx b/sot/source/sdstor/stgelem.cxx
index 8e2f9bd..bb85e9f 100644
--- a/sot/source/sdstor/stgelem.cxx
+++ b/sot/source/sdstor/stgelem.cxx
@@ -361,7 +361,7 @@ sal_Int32 StgEntry::Compare( const StgEntry& r ) const
 // These load/store operations are a bit more complicated,
 // since they have to copy their contents into a packed structure.
 
-bool StgEntry::Load( const void* pFrom, sal_uInt32 nBufSize )
+bool StgEntry::Load(const void* pFrom, sal_uInt32 nBufSize, sal_uInt64 nUnderlyingStreamSize)
 {
     if ( nBufSize < 128 )
         return false;
@@ -392,11 +392,26 @@ bool StgEntry::Load( const void* pFrom, sal_uInt32 nBufSize )
     if (n > nMaxLegalStr)
         return false;
 
-    if ((cType != STG_STORAGE) && ((nSize < 0) || (nPage1 < 0 && !isKnownSpecial(nPage1))))
+    if (cType != STG_STORAGE)
     {
-        // the size makes no sense for the substorage
-        // TODO/LATER: actually the size should be an unsigned value, but in this case it would mean a stream of more than 2Gb
-        return false;
+        if (nPage1 < 0 && !isKnownSpecial(nPage1))
+        {
+            //bad pageid
+            return false;
+        }
+        if (nSize < 0)
+        {
+            // the size makes no sense for the substorage
+            // TODO/LATER: actually the size should be an unsigned value, but
+            // in this case it would mean a stream of more than 2Gb
+            return false;
+        }
+        if (static_cast<sal_uInt64>(nSize) > nUnderlyingStreamSize)
+        {
+            // surely an entry cannot be larger than the underlying file
+            return false;
+        }
+
     }
 
     aName = OUString(nName , n);
diff --git a/sot/source/sdstor/stgelem.hxx b/sot/source/sdstor/stgelem.hxx
index afeb950..678b581 100644
--- a/sot/source/sdstor/stgelem.hxx
+++ b/sot/source/sdstor/stgelem.hxx
@@ -129,7 +129,7 @@ public:
     void        GetName( OUString& rName ) const;
                                         // fill in the name
     sal_Int32   Compare( const StgEntry& ) const;   // compare two entries
-    bool        Load( const void* pBuffer, sal_uInt32 nBufSize );
+    bool        Load( const void* pBuffer, sal_uInt32 nBufSize, sal_uInt64 nUnderlyingStreamSize );
     void        Store( void* );
     StgEntryType GetType() const            { return (StgEntryType) cType;  }
     sal_Int32   GetStartPage() const        { return nPage1; }
diff --git a/sw/qa/core/data/ww8/fail/hang-2.doc b/sw/qa/core/data/ww8/fail/hang-2.doc
new file mode 100644
index 0000000..a48b521
Binary files /dev/null and b/sw/qa/core/data/ww8/fail/hang-2.doc differ
diff --git a/sw/qa/core/data/ww8/pass/tdf57532-1.doc b/sw/qa/core/data/ww8/pass/tdf57532-1.doc
new file mode 100644
index 0000000..70068fe
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/tdf57532-1.doc differ


More information about the Libreoffice-commits mailing list