[Libreoffice-commits] core.git: starmath/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Tue Dec 22 12:56:55 UTC 2020
starmath/source/mathtype.cxx | 50 ++++++++++++++++++++++++-------------------
1 file changed, 29 insertions(+), 21 deletions(-)
New commits:
commit 77387ae00ae27e3f8bcdf7bccf97fb2db8f196b7
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Dec 22 10:13:33 2020 +0000
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Dec 22 13:56:02 2020 +0100
oss-fuzz: mtpfuzzer doesn't pass sanity check
Step #5: #6 0x6b5998f in __cxa_throw (/tmp/not-out/mtpfuzzer+0x6b5998f)
Step #5: #7 0x21a5bfa in SvStream::ReadUInt16(unsigned short&) (/tmp/not-out/mtpfuzzer+0x21a5bfa)
Step #5: #8 0x51f2ef in EQNOLEFILEHDR::Read(SvStream*) (/tmp/not-out/mtpfuzzer+0x51f2ef)
Step #5: #9 0x51ef53 in MathType::Parse(SvStream*) (/tmp/not-out/mtpfuzzer+0x51ef53)
Change-Id: I6ae5905930376f9424f5d2eb3660ae177c7dc6f9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108153
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/starmath/source/mathtype.cxx b/starmath/source/mathtype.cxx
index 43602a491d03..72c3bed94edb 100644
--- a/starmath/source/mathtype.cxx
+++ b/starmath/source/mathtype.cxx
@@ -558,28 +558,36 @@ bool MathType::Parse(SvStream* pStream)
pS = pStream;
pS->SetEndian( SvStreamEndian::LITTLE );
- EQNOLEFILEHDR aHdr;
- aHdr.Read(pS);
- sal_uInt8 nProdVersion;
- sal_uInt8 nProdSubVersion;
- sal_uInt8 nPlatform;
- sal_uInt8 nProduct;
- pS->ReadUChar( nVersion );
- pS->ReadUChar( nPlatform );
- pS->ReadUChar( nProduct );
- pS->ReadUChar( nProdVersion );
- pS->ReadUChar( nProdSubVersion );
-
- if (nVersion > 3) // allow only supported versions of MathType to be parsed
- return false;
-
- bool bRet = HandleRecords(0);
- //little crude hack to close occasionally open expressions
- //a sophisticated system to determine what expressions are
- //opened is required, but this is as much work as rewriting
- //starmaths internals.
- rRet.append("{}");
+ bool bRet;
+ try
+ {
+ EQNOLEFILEHDR aHdr;
+ aHdr.Read(pS);
+ sal_uInt8 nProdVersion;
+ sal_uInt8 nProdSubVersion;
+ sal_uInt8 nPlatform;
+ sal_uInt8 nProduct;
+ pS->ReadUChar( nVersion );
+ pS->ReadUChar( nPlatform );
+ pS->ReadUChar( nProduct );
+ pS->ReadUChar( nProdVersion );
+ pS->ReadUChar( nProdSubVersion );
+
+ if (nVersion > 3) // allow only supported versions of MathType to be parsed
+ return false;
+ bRet = HandleRecords(0);
+ //little crude hack to close occasionally open expressions
+ //a sophisticated system to determine what expressions are
+ //opened is required, but this is as much work as rewriting
+ //starmaths internals.
+ rRet.append("{}");
+ }
+ catch (const SvStreamEOFException&)
+ {
+ SAL_WARN("starmath", "EOF");
+ bRet = false;
+ }
return bRet;
}
More information about the Libreoffice-commits
mailing list