[Libreoffice-commits] core.git: 2 commits - filter/source include/sal sw/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Tue Dec 22 14:08:18 UTC 2020
filter/source/graphicfilter/ipsd/ipsd.cxx | 15 ++++++++++++---
include/sal/log-areas.dox | 1 +
sw/source/filter/ww8/ww8scan.cxx | 2 +-
3 files changed, 14 insertions(+), 4 deletions(-)
New commits:
commit b82fc702bae9d6190bda1b4818a47cfa197df6d8
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Dec 22 10:31:35 2020 +0000
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Dec 22 15:07:24 2020 +0100
oss-fuzz: psdfuzzer doesn't pass sanity check
Step #5: #6 0x63cce7f in __cxa_throw (/tmp/not-out/psdfuzzer+0x63cce7f)
Step #5: #7 0x4f1af9 in SvStream::ReadUInt32(unsigned int&) (/tmp/not-out/psdfuzzer+0x4f1af9)
Step #5: #8 0x1d9dfd6 in (anonymous namespace)::PSDReader::ImplReadHeader() (/tmp/not-out/psdfuzzer+0x1d9dfd6)
Step #5: #9 0x1d9d1a6 in (anonymous namespace)::PSDReader::ReadPSD(Graphic&) (/tmp/not-out/psdfuzzer+0x1d9d1a6)
Step #5: #10 0x1d9cd38 in ipdGraphicImport (/tmp/not-out/psdfuzzer+0x1d9cd38)
Change-Id: I407e7a32dd8e2fffb508edf896b9ca4783b94c97
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108157
Tested-by: Caolán McNamara <caolanm at redhat.com>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/filter/source/graphicfilter/ipsd/ipsd.cxx b/filter/source/graphicfilter/ipsd/ipsd.cxx
index 3c219870f1d2..528914a5cba1 100644
--- a/filter/source/graphicfilter/ipsd/ipsd.cxx
+++ b/filter/source/graphicfilter/ipsd/ipsd.cxx
@@ -325,7 +325,7 @@ namespace
if (nIndex >= rvPalette.size())
{
auto nSanitizedIndex = nIndex % rvPalette.size();
- SAL_WARN_IF(nIndex != nSanitizedIndex, "filter.tga", "invalid colormap index: "
+ SAL_WARN_IF(nIndex != nSanitizedIndex, "filter.psd", "invalid colormap index: "
<< static_cast<unsigned int>(nIndex) << ", colormap len is: "
<< rvPalette.size());
nIndex = nSanitizedIndex;
@@ -764,8 +764,17 @@ extern "C" SAL_DLLPUBLIC_EXPORT bool
ipdGraphicImport( SvStream & rStream, Graphic & rGraphic, FilterConfigItem* )
{
PSDReader aPSDReader(rStream);
-
- return aPSDReader.ReadPSD(rGraphic);
+ bool bRet;
+ try
+ {
+ bRet = aPSDReader.ReadPSD(rGraphic);
+ }
+ catch (const SvStreamEOFException&)
+ {
+ SAL_WARN("filter.psd", "EOF");
+ bRet = false;
+ }
+ return bRet;
}
diff --git a/include/sal/log-areas.dox b/include/sal/log-areas.dox
index 871e57319f6d..e6463117d1b8 100644
--- a/include/sal/log-areas.dox
+++ b/include/sal/log-areas.dox
@@ -231,6 +231,7 @@ certain functionality.
@li @c filter.pcx
@li @c filter.pdf
@li @c filter.pict
+ at li @c filter.psd
@li @c filter.ras
@li @c filter.svg
@li @c filter.tga
commit 4a03f6acf4a584e8212dce84ef08ca8d55f5a87f
Author: Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Tue Dec 22 11:11:54 2020 +0100
Commit: Miklos Vajna <vmiklos at collabora.com>
CommitDate: Tue Dec 22 14:04:41 2020 +0100
sw: check for remaining stream size in the WW8Fib ctor
Commit 8c9a4ff511a3b1d84a7a6d08a1b153c07f164abb (throw exception in
SvStream when reading past end of file, 2020-11-16) changed the "read
past the end of the stream" behavior to throw, and this broke
online.git's unit-password-protected test.
Fix the problem by not attempting to read if we know the remaining size
is too small, even if the stream is good.
Change-Id: I62f1532fc87a14c9f1f5e681e3ad67e4d575e8a5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108152
Reviewed-by: Miklos Vajna <vmiklos at collabora.com>
Tested-by: Jenkins
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 01041ef4a02c..bee3a698c326 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -6005,7 +6005,7 @@ WW8Fib::WW8Fib(SvStream& rSt, sal_uInt8 nWantedVersion, sal_uInt32 nOffset):
// Read cswNew to find out if nFib should be ignored.
sal_uInt32 nPos = rSt.Tell();
rSt.SeekRel(m_cfclcb * 8);
- if (rSt.good())
+ if (rSt.good() && rSt.remainingSize() >= 2)
{
rSt.ReadUInt16(m_cswNew);
}
More information about the Libreoffice-commits
mailing list