[Libreoffice-commits] core.git: 2 commits - sw/source
Caolán McNamara
caolanm at redhat.com
Tue Apr 4 14:30:14 UTC 2017
sw/source/filter/ww8/ww8scan.cxx | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
New commits:
commit 0144600bf5b5d8093f6a720ad21df221f08bce9e
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue Apr 4 15:28:54 2017 +0100
std::unique_ptr<[]> -> std::vector
Change-Id: I7fd4275664fab42c61941a4ea21750a653b437d3
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 613041b5b730..ec04420f38b6 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -6825,8 +6825,8 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
}
// allocate Font Array
- std::unique_ptr<sal_uInt8[]> pA( new sal_uInt8[nFFn] );
- memset(pA.get(), 0, nFFn);
+ std::vector<sal_uInt8> aA(nFFn);
+ memset(aA.data(), 0, nFFn);
ww::WordVersion eVersion = rFib.GetFIBVersion();
@@ -6842,9 +6842,9 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
rSt.SeekRel( 2 );
// read all font information
- nFFn = rSt.ReadBytes(pA.get(), nFFn);
- sal_uInt8 * const pEnd = pA.get() + nFFn;
- const sal_uInt16 nCalcMax = calcMaxFonts(pA.get(), nFFn);
+ nFFn = rSt.ReadBytes(aA.data(), nFFn);
+ sal_uInt8 * const pEnd = aA.data() + nFFn;
+ const sal_uInt16 nCalcMax = calcMaxFonts(aA.data(), nFFn);
if (eVersion < ww::eWW8)
nMax = nCalcMax;
@@ -6863,7 +6863,7 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
if( eVersion <= ww::eWW2 )
{
- sal_uInt8 const * pVer2 = pA.get();
+ sal_uInt8 const * pVer2 = aA.data();
sal_uInt16 i = 0;
for(; i<nMax; ++i, ++p)
{
@@ -6904,7 +6904,7 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
}
else if( eVersion < ww::eWW8 )
{
- sal_uInt8 const * pVer6 = pA.get();
+ sal_uInt8 const * pVer6 = aA.data();
sal_uInt16 i = 0;
for(; i<nMax; ++i, ++p)
{
@@ -6986,7 +6986,7 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
const sal_uInt8 cbMinFFNPayload = 41;
sal_uInt16 nValidFonts = 0;
sal_Int32 nRemainingFFn = nFFn;
- sal_uInt8* pRaw = pA.get();
+ sal_uInt8* pRaw = aA.data();
for (sal_uInt16 i=0; i < nMax && nRemainingFFn; ++i, ++p)
{
//pRaw[0] is cbFfnM1, the alleged total length of FFN - 1
commit be752d9f4ee29a2fad0051ff1c2ce39add2985ea
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue Apr 4 15:25:46 2017 +0100
ofz: avoid oom
Change-Id: Ie700676c8470b6764a38f4e2989dc14819244872
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index d8d05940eae4..613041b5b730 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -6817,6 +6817,13 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
sal_Int32 nFFn = rFib.m_lcbSttbfffn - 2;
+ const sal_uInt64 nMaxPossible = rSt.remainingSize();
+ if (static_cast<sal_uInt64>(nFFn) > nMaxPossible)
+ {
+ SAL_WARN("sw.ww8", "FFN structure longer than available data");
+ nFFn = nMaxPossible;
+ }
+
// allocate Font Array
std::unique_ptr<sal_uInt8[]> pA( new sal_uInt8[nFFn] );
memset(pA.get(), 0, nFFn);
More information about the Libreoffice-commits
mailing list