[Libreoffice-commits] core.git: Branch 'libreoffice-5-3' - filter/source include/sal

Caolán McNamara caolanm at redhat.com
Wed Feb 1 13:31:40 UTC 2017


 filter/source/graphicfilter/ieps/ieps.cxx |   78 +++++++++++++++++-------------
 include/sal/log-areas.dox                 |    1 
 2 files changed, 47 insertions(+), 32 deletions(-)

New commits:
commit 2606607d6df99b2b3068a781d4abded7c5492917
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Thu Jan 26 16:01:57 2017 +0000

    ofz: tidy up eps preview import
    
    a) check that the remaining stream length is >= the 14 bytes that are
    unconditionally skipped
    b) make the initial security count the min of the arbitrary 100 and the
    remaining stream len less that 14 bytes
    c) tweak ImplGetNumber not to reduce nSecurityCount if its already 0
    
    Change-Id: Ifffa6d02d492affd578fb48007704457ad635b39
    (cherry picked from commit 94ffb720b889c51665ebb789d84aee3b3bacb456)
    
    ofz: check eps seeks are sane and succeeded
    
    Change-Id: I0eb45e1c1ffd91682ed0ce6a6a74eab54666d715
    (cherry picked from commit f85fb724d52a0fff9c64365cd202ae8975492c05)
    
    ofz: check if the stream is able to meet the eps len claim before reading
    
    Change-Id: I65407bffb67449e203b8ead23554a4e88387d214
    (cherry picked from commit e17a34e957c21a8cd2977b1b0e1c9a427c244aed)
    
    ofz: check if the stream is able to meet the eps len claim before reading
    
    Change-Id: I440c7f38d6588c570a411f2a97c0164e5d7d646f
    (cherry picked from commit d1f31681623696e99b0bd9e98570cb1ebac518cc)
    
    make this a little more readable
    
    Change-Id: I83b6b0bd636b639ce0892f22f216410ce79dee03
    (cherry picked from commit cf06348d9d4be8b8460d202cebf0d995fd4f6abf)
    
    move deref inside (laughable) nSecurityCount check
    
    Change-Id: Idf9a83ffa80137967d8c77d7a9b5133529fc2858
    (cherry picked from commit 521723b1180a32c02a88ed47137d4242c06eaca7)
    Reviewed-on: https://gerrit.libreoffice.org/33634
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>

diff --git a/filter/source/graphicfilter/ieps/ieps.cxx b/filter/source/graphicfilter/ieps/ieps.cxx
index f50f996..33a4ac9 100644
--- a/filter/source/graphicfilter/ieps/ieps.cxx
+++ b/filter/source/graphicfilter/ieps/ieps.cxx
@@ -69,17 +69,19 @@ static sal_uInt8* ImplSearchEntry( sal_uInt8* pSource, sal_uInt8 const * pDest,
 
 
 // SecurityCount is the buffersize of the buffer in which we will parse for a number
-static long ImplGetNumber( sal_uInt8 **pBuf, sal_uInt32& nSecurityCount )
+static long ImplGetNumber(sal_uInt8* &rBuf, sal_uInt32& nSecurityCount)
 {
     bool    bValid = true;
     bool    bNegative = false;
     long    nRetValue = 0;
-    while ( ( --nSecurityCount ) && ( ( **pBuf == ' ' ) || ( **pBuf == 0x9 ) ) )
-        (*pBuf)++;
-    sal_uInt8 nByte = **pBuf;
-    while ( nSecurityCount && ( nByte != ' ' ) && ( nByte != 0x9 ) && ( nByte != 0xd ) && ( nByte != 0xa ) )
+    while (nSecurityCount && (*rBuf == ' ' || *rBuf == 0x9))
     {
-        switch ( nByte )
+        ++rBuf;
+        --nSecurityCount;
+    }
+    while ( nSecurityCount && ( *rBuf != ' ' ) && ( *rBuf != 0x9 ) && ( *rBuf != 0xd ) && ( *rBuf != 0xa ) )
+    {
+        switch ( *rBuf )
         {
             case '.' :
                 // we'll only use the integer format
@@ -89,17 +91,17 @@ static long ImplGetNumber( sal_uInt8 **pBuf, sal_uInt32& nSecurityCount )
                 bNegative = true;
                 break;
             default :
-                if ( ( nByte < '0' ) || ( nByte > '9' ) )
+                if ( ( *rBuf < '0' ) || ( *rBuf > '9' ) )
                     nSecurityCount = 1;         // error parsing the bounding box values
                 else if ( bValid )
                 {
                     nRetValue *= 10;
-                    nRetValue += nByte - '0';
+                    nRetValue += *rBuf - '0';
                 }
                 break;
         }
         nSecurityCount--;
-        nByte = *(++(*pBuf));
+        ++rBuf;
     }
     if ( bNegative )
         nRetValue = -nRetValue;
@@ -399,6 +401,15 @@ static bool RenderAsBMP(const sal_uInt8* pBuf, sal_uInt32 nBytesRead, Graphic &r
         return RenderAsBMPThroughConvert(pBuf, nBytesRead, rGraphic);
 }
 
+namespace
+{
+    bool checkSeek(SvStream &rSt, sal_uInt32 nOffset)
+    {
+        const sal_uInt64 nMaxSeek(rSt.Tell() + rSt.remainingSize());
+        return (nOffset <= nMaxSeek && rSt.Seek(nOffset) == nOffset);
+    }
+}
+
 // this method adds a replacement action containing the original wmf or tiff replacement,
 // so the original eps can be written when storing to ODF.
 void CreateMtfReplacementAction( GDIMetaFile& rMtf, SvStream& rStrm, sal_uInt32 nOrigPos, sal_uInt32 nPSSize,
@@ -416,17 +427,15 @@ void CreateMtfReplacementAction( GDIMetaFile& rMtf, SvStream& rStrm, sal_uInt32
         aReplacement.WriteUInt32( nMagic ).WriteUInt32( nPPos ).WriteUInt32( nPSSize )
                     .WriteUInt32( nWPos ).WriteUInt32( nSizeWMF )
                     .WriteUInt32( nTPos ).WriteUInt32( nSizeTIFF );
-        if ( nSizeWMF )
+        if (nSizeWMF && checkSeek(rStrm, nOrigPos + nPosWMF) && rStrm.remainingSize() >= nSizeWMF)
         {
             std::unique_ptr<sal_uInt8[]> pBuf(new sal_uInt8[ nSizeWMF ]);
-            rStrm.Seek( nOrigPos + nPosWMF );
             rStrm.ReadBytes(pBuf.get(), nSizeWMF);
             aReplacement.WriteBytes(pBuf.get(), nSizeWMF);
         }
-        if ( nSizeTIFF )
+        if (nSizeTIFF && checkSeek(rStrm, nOrigPos + nPosTIFF) && rStrm.remainingSize() >= nSizeTIFF)
         {
             std::unique_ptr<sal_uInt8[]> pBuf(new sal_uInt8[ nSizeTIFF ]);
-            rStrm.Seek( nOrigPos + nPosTIFF );
             rStrm.ReadBytes(pBuf.get(), nSizeTIFF);
             aReplacement.WriteBytes(pBuf.get(), nSizeTIFF);
         }
@@ -504,7 +513,7 @@ void MakePreview(sal_uInt8* pBuf, sal_uInt32 nBytesRead,
     {
         pDest += 16;
         sal_uInt32 nCount = 4;
-        long nNumber = ImplGetNumber( &pDest, nCount );
+        long nNumber = ImplGetNumber(pDest, nCount);
         if ( nCount && ( (sal_uInt32)nNumber < 10 ) )
         {
             aString += " LanguageLevel:" + OUString::number( nNumber );
@@ -519,7 +528,6 @@ void MakePreview(sal_uInt8* pBuf, sal_uInt32 nBytesRead,
     rGraphic = aMtf;
 }
 
-
 //================== GraphicImport - the exported function ================
 
 
@@ -532,7 +540,7 @@ ipsGraphicImport( SvStream & rStream, Graphic & rGraphic, FilterConfigItem* )
     Graphic     aGraphic;
     bool    bRetValue = false;
     bool    bHasPreview = false;
-    sal_uInt32  nSignature, nPSStreamPos, nPSSize;
+    sal_uInt32  nSignature = 0, nPSStreamPos, nPSSize = 0;
     sal_uInt32  nSizeWMF = 0;
     sal_uInt32  nPosWMF = 0;
     sal_uInt32  nSizeTIFF = 0;
@@ -549,10 +557,9 @@ ipsGraphicImport( SvStream & rStream, Graphic & rGraphic, FilterConfigItem* )
 
         if ( nSizeWMF )
         {
-            if ( nPosWMF != 0 )
+            if (nPosWMF && checkSeek(rStream, nOrigPos + nPosWMF))
             {
-                rStream.Seek( nOrigPos + nPosWMF );
-                if ( GraphicConverter::Import( rStream, aGraphic, ConvertDataFormat::WMF ) == ERRCODE_NONE )
+                if (GraphicConverter::Import(rStream, aGraphic, ConvertDataFormat::WMF) == ERRCODE_NONE)
                     bHasPreview = bRetValue = true;
             }
         }
@@ -562,9 +569,8 @@ ipsGraphicImport( SvStream & rStream, Graphic & rGraphic, FilterConfigItem* )
 
             // else we have to get the tiff grafix
 
-            if ( nPosTIFF && nSizeTIFF )
+            if (nPosTIFF && nSizeTIFF && checkSeek(rStream, nOrigPos + nPosTIFF))
             {
-                rStream.Seek( nOrigPos + nPosTIFF );
                 if ( GraphicConverter::Import( rStream, aGraphic, ConvertDataFormat::TIF ) == ERRCODE_NONE )
                 {
                     MakeAsMeta(aGraphic);
@@ -579,13 +585,20 @@ ipsGraphicImport( SvStream & rStream, Graphic & rGraphic, FilterConfigItem* )
         nPSStreamPos = nOrigPos;            // no preview available _>so we must get the size manually
         nPSSize = rStream.Seek( STREAM_SEEK_TO_END ) - nOrigPos;
     }
+
     std::unique_ptr<sal_uInt8[]> pHeader( new sal_uInt8[ 22 ] );
     rStream.Seek( nPSStreamPos );
     rStream.ReadBytes(pHeader.get(), 22); // check PostScript header
-    if ( ImplSearchEntry( pHeader.get(), reinterpret_cast<sal_uInt8 const *>("%!PS-Adobe"), 10, 10 ) &&
-        ImplSearchEntry( &pHeader[ 15 ], reinterpret_cast<sal_uInt8 const *>("EPS"), 3, 3 ) )
+    bool bOk = ImplSearchEntry(pHeader.get(), reinterpret_cast<sal_uInt8 const *>("%!PS-Adobe"), 10, 10) &&
+               ImplSearchEntry(&pHeader[ 15 ], reinterpret_cast<sal_uInt8 const *>("EPS"), 3, 3);
+    if (bOk)
+    {
+        rStream.Seek(nPSStreamPos);
+        bOk = rStream.remainingSize() >= nPSSize;
+        SAL_WARN_IF(!bOk, "filter.eps", "eps claims to be: " << nPSSize << " in size, but only " << rStream.remainingSize() << " remains");
+    }
+    if (bOk)
     {
-        rStream.Seek( nPSStreamPos );
         std::unique_ptr<sal_uInt8[]> pBuf( new sal_uInt8[ nPSSize ] );
 
         sal_uInt32 nBufStartPos = rStream.Tell();
@@ -601,10 +614,10 @@ ipsGraphicImport( SvStream & rStream, Graphic & rGraphic, FilterConfigItem* )
                 if ( pDest  )
                 {
                     pDest += 15;
-                    long nWidth = ImplGetNumber( &pDest, nSecurityCount );
-                    long nHeight = ImplGetNumber( &pDest, nSecurityCount );
-                    long nBitDepth = ImplGetNumber( &pDest, nSecurityCount );
-                    long nScanLines = ImplGetNumber( &pDest, nSecurityCount );
+                    long nWidth = ImplGetNumber(pDest, nSecurityCount);
+                    long nHeight = ImplGetNumber(pDest, nSecurityCount);
+                    long nBitDepth = ImplGetNumber(pDest, nSecurityCount);
+                    long nScanLines = ImplGetNumber(pDest, nSecurityCount);
                     pDest = ImplSearchEntry( pDest, reinterpret_cast<sal_uInt8 const *>("%"), 16, 1 );       // go to the first Scanline
                     if ( nSecurityCount && pDest && nWidth && nHeight && ( ( nBitDepth == 1 ) || ( nBitDepth == 8 ) ) && nScanLines )
                     {
@@ -698,15 +711,16 @@ ipsGraphicImport( SvStream & rStream, Graphic & rGraphic, FilterConfigItem* )
             }
 
             sal_uInt8* pDest = ImplSearchEntry( pBuf.get(), reinterpret_cast<sal_uInt8 const *>("%%BoundingBox:"), nBytesRead, 14 );
-            if ( pDest )
+            sal_uInt32 nRemainingBytes = pDest ? (nBytesRead - (pDest - pBuf.get())) : 0;
+            if (nRemainingBytes >= 14)
             {
-                nSecurityCount = 100;
+                pDest += 14;
+                nSecurityCount = std::min<sal_uInt32>(nRemainingBytes - 14, 100);
                 long nNumb[4];
                 nNumb[0] = nNumb[1] = nNumb[2] = nNumb[3] = 0;
-                pDest += 14;
                 for ( int i = 0; ( i < 4 ) && nSecurityCount; i++ )
                 {
-                    nNumb[ i ] = ImplGetNumber( &pDest, nSecurityCount );
+                    nNumb[ i ] = ImplGetNumber(pDest, nSecurityCount);
                 }
                 if ( nSecurityCount)
                 {
diff --git a/include/sal/log-areas.dox b/include/sal/log-areas.dox
index a27e77e..c5cdc3c 100644
--- a/include/sal/log-areas.dox
+++ b/include/sal/log-areas.dox
@@ -199,6 +199,7 @@ certain functionality.
 @section Filter
 
 @li @c filter.config
+ at li @c filter.eps
 @li @c filter.flash
 @li @c filter.ms - escher import/export
 @li @c filter.odfflatxml


More information about the Libreoffice-commits mailing list