[Libreoffice-commits] core.git: emfio/source
Caolán McNamara
caolanm at redhat.com
Mon Feb 12 16:26:47 UTC 2018
emfio/source/reader/wmfreader.cxx | 50 +++++++++++++++++++++++++-------------
1 file changed, 33 insertions(+), 17 deletions(-)
New commits:
commit e5ace62c32191a2ae4183102c21e37575add39d8
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Feb 12 12:50:29 2018 +0000
ofz: timeout
Change-Id: I7f6ea74c51012eb0fb64a3633241d67d10cae12b
Reviewed-on: https://gerrit.libreoffice.org/49595
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/emfio/source/reader/wmfreader.cxx b/emfio/source/reader/wmfreader.cxx
index 983fe70a1a4e..eed575ef2bed 100644
--- a/emfio/source/reader/wmfreader.cxx
+++ b/emfio/source/reader/wmfreader.cxx
@@ -514,9 +514,6 @@ namespace emfio
//record is Recordsize, RecordFunction, StringLength, <String>, YStart, XStart
const sal_uInt32 nNonStringLen = sizeof(sal_uInt32) + 4 * sizeof(sal_uInt16);
const sal_uInt32 nRecSize = mnRecSize * 2;
- sal_uInt16 nLength = 0;
- mpInputStream->ReadUInt16(nLength);
- sal_uInt16 nStoredLength = (nLength + 1) &~ 1;
if (nRecSize < nNonStringLen)
{
@@ -524,6 +521,10 @@ namespace emfio
break;
}
+ sal_uInt16 nLength = 0;
+ mpInputStream->ReadUInt16(nLength);
+ sal_uInt16 nStoredLength = (nLength + 1) &~ 1;
+
if (nRecSize - nNonStringLen < nStoredLength)
{
SAL_WARN("vcl.wmf", "W_META_TEXTOUT too short, truncating string");
@@ -543,15 +544,37 @@ namespace emfio
case W_META_EXTTEXTOUT:
{
- mpInputStream->SeekRel(-6);
- auto nRecordPos = mpInputStream->Tell();
- sal_Int32 nRecordSize = 0;
- mpInputStream->ReadInt32( nRecordSize );
- mpInputStream->SeekRel(2);
+ //record is Recordsize, RecordFunction, Y, X, StringLength, options, maybe rectangle, <String>
+ sal_uInt32 nNonStringLen = sizeof(sal_uInt32) + 5 * sizeof(sal_uInt16);
+ const sal_uInt32 nRecSize = mnRecSize * 2;
+
+ if (nRecSize < nNonStringLen)
+ {
+ SAL_WARN("vcl.wmf", "W_META_EXTTEXTOUT too short");
+ break;
+ }
+
+ auto nRecordPos = mpInputStream->Tell() - 6;
Point aPosition = ReadYX();
sal_uInt16 nLen = 0, nOptions = 0;
mpInputStream->ReadUInt16( nLen ).ReadUInt16( nOptions );
+ tools::Rectangle aRect;
+ if (nOptions & ETO_CLIPPED)
+ {
+ nNonStringLen += 2 * sizeof(sal_uInt16);
+
+ if (nRecSize < nNonStringLen)
+ {
+ SAL_WARN("vcl.wmf", "W_META_TEXTOUT too short");
+ break;
+ }
+
+ const Point aPt1( ReadPoint() );
+ const Point aPt2( ReadPoint() );
+ aRect = tools::Rectangle( aPt1, aPt2 );
+ }
+
ComplexTextLayoutFlags nTextLayoutMode = ComplexTextLayoutFlags::Default;
if ( nOptions & ETO_RTLREADING )
nTextLayoutMode = ComplexTextLayoutFlags::BiDiRtl | ComplexTextLayoutFlags::TextOriginLeft;
@@ -559,19 +582,12 @@ namespace emfio
SAL_WARN_IF( ( nOptions & ( ETO_PDY | ETO_GLYPH_INDEX ) ) != 0, "vcl.wmf", "SJ: ETO_PDY || ETO_GLYPH_INDEX in WMF" );
// output only makes sense if the text contains characters
- if (nLen && nRecordSize >= 0)
+ if (nLen)
{
sal_Int32 nOriginalTextLen = nLen;
sal_Int32 nOriginalBlockLen = ( nOriginalTextLen + 1 ) &~ 1;
- tools::Rectangle aRect;
- if( nOptions & ETO_CLIPPED )
- {
- const Point aPt1( ReadPoint() );
- const Point aPt2( ReadPoint() );
- aRect = tools::Rectangle( aPt1, aPt2 );
- }
- auto nMaxStreamPos = nRecordPos + (nRecordSize << 1);
+ auto nMaxStreamPos = nRecordPos + nRecSize;
auto nRemainingSize = std::min(mpInputStream->remainingSize(), nMaxStreamPos - mpInputStream->Tell());
if (nRemainingSize < static_cast<sal_uInt32>(nOriginalBlockLen))
{
More information about the Libreoffice-commits
mailing list