[Libreoffice-commits] libvisio.git: src/lib
David Tardon
dtardon at redhat.com
Thu May 4 10:29:59 UTC 2017
src/lib/VSDContentCollector.cpp | 12 ++++++++++++
1 file changed, 12 insertions(+)
New commits:
commit 8bcfc95cb59c60c4035d8752c2341137f0c6c3af
Author: David Tardon <dtardon at redhat.com>
Date: Thu May 4 12:25:07 2017 +0200
ofz#1291 band-aid for out-of-bounds access
Change-Id: I9958903a5e68c2397c9e6948034a6e43114e4694
diff --git a/src/lib/VSDContentCollector.cpp b/src/lib/VSDContentCollector.cpp
index 516ff3f..92898a5 100644
--- a/src/lib/VSDContentCollector.cpp
+++ b/src/lib/VSDContentCollector.cpp
@@ -2022,6 +2022,18 @@ void libvisio::VSDContentCollector::_generateBezierSegmentsFromNURBS(unsigned de
{
for (i=degree-mult; i <= degree; i++)
{
+ // TODO: this seems to be an inherent problem... Possibly our
+ // impl. doesn't match the algorithm's prerequisities correctly?
+ // Def. of NURBS curve is (using symbolic from The NURBS Book):
+ // # of control points... n+1
+ // # of knots... m+1
+ // degree... p
+ // relation between these values... m == n + p + 1
+ // The max. possible value of b-degree+i is (m-1)-p+p == m-1 == n+p.
+ // But n+p >= n+1, which means that there would be at least one
+ // access past the controlPoints array...
+ if (b-degree+i >= controlPoints.size())
+ break;
points[i].first = controlPoints[b-degree+i].first;
points[i].second = controlPoints[b-degree+i].second;
}
More information about the Libreoffice-commits
mailing list