[Libreoffice-commits] core.git: filter/source include/vcl vcl/source

[Luboš Luňák (via logerrit)]

 filter/source/msfilter/msdffimp.cxx |    6 +++++-
 include/vcl/graphicfilter.hxx       |    3 ++-
 vcl/source/filter/graphicfilter.cxx |    4 ++--
 3 files changed, 9 insertions(+), 4 deletions(-)

New commits:
commit af84fc9d906626255aaf136eefc5e55236e0e8a6
Author:     Luboš Luňák <l.lunak at collabora.com>
AuthorDate: Tue Apr 23 15:48:41 2019 +0200
Commit:     Miklos Vajna <vmiklos at collabora.com>
CommitDate: Wed Apr 24 08:59:29 2019 +0200

    lazy image loading shouldn't read the entire .xls file (tdf#124828)
    
    b11188835d3b87cd changed msfilter to use
    GraphicFilter::ImportUnloadedGraphic() to lazy-load images
    from the document. However, that function in some cases simply
    reads the entire rest of the passed SvStream, which in this case
    is the entire .xls file. And the document from tdf#124828 is ~50MiB
    and contains ~4000 images => 100+ GiB memory required.
    
    Change-Id: I74926383204ec642eabb28b62e2cf2e1ff8054a9
    Reviewed-on: https://gerrit.libreoffice.org/71136
    Tested-by: Jenkins
    Reviewed-by: Miklos Vajna <vmiklos at collabora.com>

diff --git a/filter/source/msfilter/msdffimp.cxx b/filter/source/msfilter/msdffimp.cxx
index 971655d18b5e..f6e29de2e142 100644
--- a/filter/source/msfilter/msdffimp.cxx
+++ b/filter/source/msfilter/msdffimp.cxx
@@ -6574,7 +6574,11 @@ bool SvxMSDffManager::GetBLIPDirect( SvStream& rBLIPStream, Graphic& rData, tool
         else
         {   // and unleash our filter
             GraphicFilter& rGF = GraphicFilter::GetGraphicFilter();
-            Graphic aGraphic = rGF.ImportUnloadedGraphic(*pGrStream);
+            // ImportUnloadedGraphic() may simply read the entire rest of the stream,
+            // which may be very large if the whole document is large. Limit the read
+            // size to the size of this record.
+            sal_uInt64 maxSize = pGrStream == &rBLIPStream ? nLength : 0;
+            Graphic aGraphic = rGF.ImportUnloadedGraphic(*pGrStream, maxSize);
             if (aGraphic)
             {
                 rData = aGraphic;
diff --git a/include/vcl/graphicfilter.hxx b/include/vcl/graphicfilter.hxx
index b79cb18f9deb..9a8068d40f2f 100644
--- a/include/vcl/graphicfilter.hxx
+++ b/include/vcl/graphicfilter.hxx
@@ -294,7 +294,8 @@ public:
                                    css::uno::Sequence< css::beans::PropertyValue >* pFilterData,
                                    WmfExternal const *pExtHeader = nullptr );
 
-    Graphic ImportUnloadedGraphic(SvStream& rIStream);
+    // Setting sizeLimit limits how much will be read from the stream.
+    Graphic ImportUnloadedGraphic(SvStream& rIStream, sal_uInt64 sizeLimit = 0);
 
     const FilterErrorEx&    GetLastError() const { return *pErrorEx;}
     void                    ResetLastError();
diff --git a/vcl/source/filter/graphicfilter.cxx b/vcl/source/filter/graphicfilter.cxx
index 920c64160b55..10a4559a8db4 100644
--- a/vcl/source/filter/graphicfilter.cxx
+++ b/vcl/source/filter/graphicfilter.cxx
@@ -1427,7 +1427,7 @@ void GraphicFilter::ImportGraphics(std::vector< std::shared_ptr<Graphic> >& rGra
     }
 }
 
-Graphic GraphicFilter::ImportUnloadedGraphic(SvStream& rIStream)
+Graphic GraphicFilter::ImportUnloadedGraphic(SvStream& rIStream, sal_uInt64 sizeLimit)
 {
     Graphic aGraphic;
     sal_uInt16 nFormat = GRFILTER_FORMAT_DONTKNOW;
@@ -1442,7 +1442,7 @@ Graphic GraphicFilter::ImportUnloadedGraphic(SvStream& rIStream)
     ErrCode nStatus = ImpTestOrFindFormat("", rIStream, nFormat);
 
     rIStream.Seek(nStreamBegin);
-    const sal_uInt32 nStreamLength(rIStream.remainingSize());
+    const sal_uInt32 nStreamLength( sizeLimit ? sizeLimit : rIStream.remainingSize());
 
     OUString aFilterName = pConfig->GetImportFilterName(nFormat);
     OUString aExternalFilterName = pConfig->GetExternalFilterName(nFormat, false);