[Libreoffice-commits] libvisio.git: 3 commits - src/lib

David Tardon dtardon at redhat.com
Wed Apr 19 13:23:13 UTC 2017 

 src/lib/VDXParser.cpp |    2 +-
 src/lib/VSDParser.cpp |    2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

New commits:
commit eb22461a45c1b134b1e5c7f88b745b682d8d294e
Author: David Tardon <dtardon at redhat.com>
Date:   Wed Apr 19 15:22:32 2017 +0200

    avoid unchecked allocation
    
    Change-Id: Iea7abc4a13fb93e5aad92c32cc7def5ccc6e4ceb

diff --git a/src/lib/VSDParser.cpp b/src/lib/VSDParser.cpp
index ac94beb..07733b5 100644
--- a/src/lib/VSDParser.cpp
+++ b/src/lib/VSDParser.cpp
@@ -1700,6 +1700,7 @@ void libvisio::VSDParser::readFieldList(librevenge::RVNGInputStream *input)
     uint32_t subHeaderLength = readU32(input);
     uint32_t childrenListLength = readU32(input);
     input->seek(subHeaderLength, librevenge::RVNG_SEEK_CUR);
+    sanitizeListLength(childrenListLength, sizeof(uint32_t), input);
     std::vector<unsigned> fieldOrder;
     fieldOrder.reserve(childrenListLength / sizeof(uint32_t));
     for (unsigned i = 0; i < (childrenListLength / sizeof(uint32_t)); i++)
commit 29c53340aed49696fe621cb9880934d64a0a26dd
Author: David Tardon <dtardon at redhat.com>
Date:   Wed Apr 19 15:21:22 2017 +0200

    ofz#1032 avoid unchecked allocation
    
    Change-Id: Ia6600a3592a05e2a5b875b8cbf30e75f7804fb5e

diff --git a/src/lib/VSDParser.cpp b/src/lib/VSDParser.cpp
index 9f87e51..ac94beb 100644
--- a/src/lib/VSDParser.cpp
+++ b/src/lib/VSDParser.cpp
@@ -1190,6 +1190,7 @@ void libvisio::VSDParser::readShapeList(librevenge::RVNGInputStream *input)
     uint32_t subHeaderLength = readU32(input);
     uint32_t childrenListLength = readU32(input);
     input->seek(subHeaderLength, librevenge::RVNG_SEEK_CUR);
+    sanitizeListLength(childrenListLength, sizeof(uint32_t), input);
     std::vector<unsigned> shapeOrder;
     shapeOrder.reserve(childrenListLength / sizeof(uint32_t));
     for (unsigned i = 0; i < (childrenListLength / sizeof(uint32_t)); i++)
commit 00228a945bbe026fcfa9af039ee81d4667f7b7b4
Author: David Tardon <dtardon at redhat.com>
Date:   Wed Apr 19 15:12:50 2017 +0200

    ofz#1169 avoid null ptr deref.
    
    Change-Id: I5b4d1390048519c907f0caed4a9341757bb866b2

diff --git a/src/lib/VDXParser.cpp b/src/lib/VDXParser.cpp
index 276b36f..ac8b44d 100644
--- a/src/lib/VDXParser.cpp
+++ b/src/lib/VDXParser.cpp
@@ -152,7 +152,7 @@ void libvisio::VDXParser::processXmlNode(xmlTextReaderPtr reader)
       readShape(reader);
     else if (XML_READER_TYPE_END_ELEMENT == tokenType)
     {
-      if (m_isStencilStarted)
+      if (m_isStencilStarted && m_currentStencil)
         m_currentStencil->addStencilShape(m_shape.m_shapeId, m_shape);
       else
         _flushShape();

More information about the Libreoffice-commits mailing list