[Libreoffice-commits] core.git: 2 commits - include/oox oox/source sw/source
Caolán McNamara
caolanm at redhat.com
Wed Apr 5 11:08:53 UTC 2017
include/oox/core/fastparser.hxx | 2 ++
oox/source/core/fastparser.cxx | 7 +++++++
oox/source/core/xmlfilterbase.cxx | 2 +-
sw/source/filter/ww8/ww8graf.cxx | 3 ++-
4 files changed, 12 insertions(+), 2 deletions(-)
New commits:
commit a32ef811014a9ae10e8d996e61cff39b3c99028d
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Apr 5 10:36:06 2017 +0100
ofz: infinite loop and oom
Change-Id: Ibb23b5808ae465294adf2342d5535784476f5395
diff --git a/sw/source/filter/ww8/ww8graf.cxx b/sw/source/filter/ww8/ww8graf.cxx
index 8967f5b0d04e..a6b659775660 100644
--- a/sw/source/filter/ww8/ww8graf.cxx
+++ b/sw/source/filter/ww8/ww8graf.cxx
@@ -1336,7 +1336,8 @@ SdrObject* SwWW8ImplReader::ReadGrafPrimitive(short& rLeft, SfxAllItemSet &rSet)
// into an object hierarchy with a little effort.
SdrObject *pRet=nullptr;
WW8_DPHEAD aHd; // Lese Draw-Primitive-Header
- bool bCouldRead = checkRead(*m_pStrm, &aHd, sizeof(WW8_DPHEAD));
+ bool bCouldRead = checkRead(*m_pStrm, &aHd, sizeof(WW8_DPHEAD)) &&
+ SVBT16ToShort(aHd.cb) >= sizeof(WW8_DPHEAD);
OSL_ENSURE(bCouldRead, "Graphic Primitive header short read" );
if (!bCouldRead)
{
commit 58b56f8c78eef15c70e1afd6b52c79a800a185ab
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Apr 5 10:00:13 2017 +0100
add a clearDocumentHandler for null document handler case
Change-Id: I661a2fd5381013056c69b379792560aed7121214
diff --git a/include/oox/core/fastparser.hxx b/include/oox/core/fastparser.hxx
index 6af112d18d93..b2a9bab30ab6 100644
--- a/include/oox/core/fastparser.hxx
+++ b/include/oox/core/fastparser.hxx
@@ -78,6 +78,8 @@ public:
void setDocumentHandler(
const css::uno::Reference< css::xml::sax::XFastDocumentHandler >& rxDocHandler );
+ void clearDocumentHandler();
+
/** Parses the passed SAX input source.
@param bCloseStream True = closes the stream in the input source after parsing.
@throws css::xml::sax::SAXException
diff --git a/oox/source/core/fastparser.cxx b/oox/source/core/fastparser.cxx
index 4ce9d9f37cf7..d31ee7067f1c 100644
--- a/oox/source/core/fastparser.cxx
+++ b/oox/source/core/fastparser.cxx
@@ -107,6 +107,13 @@ void FastParser::setDocumentHandler( const Reference< XFastDocumentHandler >& rx
mxParser->setFastDocumentHandler( rxDocHandler );
}
+void FastParser::clearDocumentHandler()
+{
+ if (!mxParser.is())
+ return;
+ mxParser->setFastDocumentHandler(nullptr);
+}
+
void FastParser::parseStream( const InputSource& rInputSource, bool bCloseStream )
{
// guard closing the input stream also when exceptions are thrown
diff --git a/oox/source/core/xmlfilterbase.cxx b/oox/source/core/xmlfilterbase.cxx
index 393911c97699..8401dd7ce59d 100644
--- a/oox/source/core/xmlfilterbase.cxx
+++ b/oox/source/core/xmlfilterbase.cxx
@@ -211,7 +211,7 @@ XmlFilterBase::~XmlFilterBase()
// the following implicit destruction chain of ~XmlFilterBaseImpl, but in that
// case it's member RelationsMap maRelationsMap will be destroyed, but maybe
// still be used by ~FragmentHandler -> crash.
- mxImpl->maFastParser.setDocumentHandler( nullptr );
+ mxImpl->maFastParser.clearDocumentHandler();
}
void XmlFilterBase::checkDocumentProperties(const Reference<XDocumentProperties>& xDocProps)
More information about the Libreoffice-commits
mailing list