[Libreoffice-commits] core.git: vcl/source

Tomaž Vajngerl (via logerrit) logerrit at kemper.freedesktop.org
Wed Dec 30 07:26:18 UTC 2020


 vcl/source/gdi/TypeSerializer.cxx |   11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

New commits:
commit 04c97b2a4482e99e14061abb694e241dae5153e1
Author:     Tomaž Vajngerl <tomaz.vajngerl at collabora.co.uk>
AuthorDate: Thu Dec 24 11:18:47 2020 +0900
Commit:     Tomaž Vajngerl <quikee at gmail.com>
CommitDate: Wed Dec 30 08:25:26 2020 +0100

    Same SvStream reading fix as in commit [1] but for TypeSerializer
    
    [1] 8c9a4ff511a3b1d84a7a6d08a1b153c07f164abb
    
    Explanation from the commit:
    "to avoid chasing weird problems where we read past the end
    of file, which leads to random data in the variable we read into.
    
    I expect a couple of possible regressions from this change
    
    (1) memory leaks caused by non-exception-safe memory handling.
    Of which there should not be much because we're pretty good
    about using smart pointer classes these days.
    
    (2) Broken files which used to load, will no longer do so.
    These will have to be debugged by putting a breakpoint
    on the SvStreamEOFException constructor, and examining
    the backtrace to see where we should be catching and ignoring
    the exception to make the code continue to handle such broken
    files."
    
    Change-Id: I6f9ba7599c208b4340e86014e326e9a0693cd528
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108257
    Tested-by: Jenkins
    Reviewed-by: Tomaž Vajngerl <quikee at gmail.com>

diff --git a/vcl/source/gdi/TypeSerializer.cxx b/vcl/source/gdi/TypeSerializer.cxx
index 6e1e504ee670..e501c58c6be7 100644
--- a/vcl/source/gdi/TypeSerializer.cxx
+++ b/vcl/source/gdi/TypeSerializer.cxx
@@ -170,16 +170,15 @@ void TypeSerializer::readGraphic(Graphic& rGraphic)
     const sal_uLong nInitialStreamPosition = mrStream.Tell();
     sal_uInt32 nType;
 
-    // read Id
-    mrStream.ReadUInt32(nType);
-
     // if there is no more data, avoid further expensive
     // reading which will create VDevs and other stuff, just to
-    // read nothing. CAUTION: Eof is only true AFTER reading another
-    // byte, a speciality of SvMemoryStream (!)
-    if (!mrStream.good())
+    // read nothing.
+    if (mrStream.remainingSize() < 4)
         return;
 
+    // read Id
+    mrStream.ReadUInt32(nType);
+
     if (NATIVE_FORMAT_50 == nType)
     {
         Graphic aGraphic;


More information about the Libreoffice-commits mailing list