[Libreoffice-commits] core.git: Branch 'libreoffice-5-0' - sw/qa sw/source

Caolán McNamara caolanm at redhat.com
Wed Sep 2 03:04:33 PDT 2015 

 sw/qa/core/data/ww8/pass/hang-7.doc |binary
 sw/source/filter/ww8/ww8toolbar.cxx |   44 +++++++++++++++++++++---------------
 2 files changed, 26 insertions(+), 18 deletions(-)

New commits:
commit 0936e36cd0ff9f0422d70726d20ea9cc7ac80b1b
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Mon Aug 31 15:11:03 2015 +0100

    check for over long record len and check reads
    
    Change-Id: Ib77ce1b95db2dc4396f4fd2fdcff4c0344b20c9e
    (cherry picked from commit 0c191e2b757555b147ebab1688e72acde28062a1)
    Reviewed-on: https://gerrit.libreoffice.org/18179
    Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
    Tested-by: Miklos Vajna <vmiklos at collabora.co.uk>

diff --git a/sw/qa/core/data/ww8/pass/hang-7.doc b/sw/qa/core/data/ww8/pass/hang-7.doc
new file mode 100644
index 0000000..a52a452f
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/hang-7.doc differ
diff --git a/sw/source/filter/ww8/ww8toolbar.cxx b/sw/source/filter/ww8/ww8toolbar.cxx
index bb0a00c..c13a813 100644
--- a/sw/source/filter/ww8/ww8toolbar.cxx
+++ b/sw/source/filter/ww8/ww8toolbar.cxx
@@ -166,7 +166,7 @@ bool SwCTBWrapper::Read( SvStream& rS )
     {
         rCustomizations[ *it ].bIsDroppedMenuTB = true;
     }
-    return true;
+    return rS.good();
 }
 
 SwTBC* SwCTBWrapper::GetTBCAtOffset( sal_uInt32 nStreamOffset )
@@ -284,7 +284,7 @@ bool Customization::Read( SvStream &rS)
         if ( !customizationDataCTB->Read( rS ) )
                 return false;
     }
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -454,7 +454,7 @@ bool TBDelta::Read(SvStream &rS)
     nOffSet = rS.Tell();
     rS.ReadUChar( doprfatendFlags ).ReadUChar( ibts ).ReadInt32( cidNext ).ReadInt32( cid ).ReadInt32( fc ) ;
     rS.ReadUInt16( CiTBDE ).ReadUInt16( cbTBC );
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -524,7 +524,7 @@ bool SwCTB::Read( SvStream &rS)
             rTBC.push_back( aTBC );
         }
     }
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -637,7 +637,7 @@ bool SwTBC::Read( SvStream &rS )
         if ( !tbcd->Read( rS ) )
             return false;
     }
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -777,7 +777,7 @@ Xst::Read( SvStream& rS )
     SAL_INFO("sw.ww8","Xst::Read() stream pos 0x" << std::hex << rS.Tell() );
     nOffSet = rS.Tell();
     sString = read_uInt16_PascalString(rS);
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -913,7 +913,7 @@ bool Tcg255::Read(SvStream &rS)
         nId = 0x40;
         rS.ReadUChar( nId );
     }
-    return true;
+    return rS.good();
     // Peek at
 }
 
@@ -945,7 +945,7 @@ bool Tcg255SubStruct::Read(SvStream &rS)
     nOffSet = rS.Tell();
     if ( mbReadId )
         rS.ReadUChar( ch );
-    return true;
+    return rS.good();
 }
 
 PlfMcd::PlfMcd(bool bReadId)
@@ -969,7 +969,7 @@ bool PlfMcd::Read(SvStream &rS)
                 return false;
         }
     }
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -1004,7 +1004,15 @@ bool PlfAcd::Read( SvStream &rS)
     nOffSet = rS.Tell();
     Tcg255SubStruct::Read( rS );
     rS.ReadInt32( iMac );
-    if ( iMac )
+    if (iMac < 0)
+        return false;
+    auto nMaxPossibleRecords = rS.remainingSize() / (sizeof(sal_uInt16)*2);
+    if (static_cast<sal_uInt32>(iMac) > nMaxPossibleRecords)
+    {
+        SAL_WARN("sw.ww8", iMac << " records claimed, but max possible is " << nMaxPossibleRecords);
+        iMac = nMaxPossibleRecords;
+    }
+    if (iMac)
     {
         rgacd = new Acd[ iMac ];
         for ( sal_Int32 index = 0; index < iMac; ++index )
@@ -1013,7 +1021,7 @@ bool PlfAcd::Read( SvStream &rS)
                 return false;
         }
     }
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -1057,7 +1065,7 @@ bool PlfKme::Read(SvStream &rS)
                 return false;
         }
     }
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -1125,7 +1133,7 @@ bool TcgSttbfCore::Read( SvStream& rS )
             rS.ReadUInt16( dataItems[ index ].extraData );
         }
     }
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -1175,7 +1183,7 @@ bool MacroNames::Read( SvStream &rS)
                 return false;
         }
     }
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -1229,7 +1237,7 @@ Xstz::Read(SvStream &rS)
     rS.ReadUInt16( chTerm );
     if ( chTerm != 0 ) // should be an assert
         return false;
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -1262,7 +1270,7 @@ Kme::Read(SvStream &rS)
     SAL_INFO("sw.ww8","Kme::Read() stream pos 0x" << std::hex << rS.Tell() );
     nOffSet = rS.Tell();
     rS.ReadInt16( reserved1 ).ReadInt16( reserved2 ).ReadUInt16( kcm1 ).ReadUInt16( kcm2 ).ReadUInt16( kt ).ReadUInt32( param );
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -1290,7 +1298,7 @@ bool Acd::Read(SvStream &rS)
     SAL_INFO("sw.ww8","Acd::Read() stream pos 0x" << std::hex << rS.Tell() );
     nOffSet = rS.Tell();
     rS.ReadInt16( ibst ).ReadUInt16( fciBasedOnABC );
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1
@@ -1353,7 +1361,7 @@ bool MCD::Read(SvStream &rS)
     nOffSet = rS.Tell();
     rS.ReadSChar( reserved1 ).ReadUChar( reserved2 ).ReadUInt16( ibst ).ReadUInt16( ibstName ).ReadUInt16( reserved3 );
     rS.ReadUInt32( reserved4 ).ReadUInt32( reserved5 ).ReadUInt32( reserved6 ).ReadUInt32( reserved7 );
-    return true;
+    return rS.good();
 }
 
 #if OSL_DEBUG_LEVEL > 1

More information about the Libreoffice-commits mailing list