[Libreoffice-commits] core.git: sw/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Mon Oct 12 07:47:25 UTC 2020
sw/source/filter/ww8/ww8scan.cxx | 35 +++++++++++++++++++++++++++++++++--
sw/source/filter/ww8/ww8scan.hxx | 4 ++++
2 files changed, 37 insertions(+), 2 deletions(-)
New commits:
commit 4e56a0a4b60f293cfddda67af68352de36ccc1ef
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Sat Oct 10 21:17:44 2020 +0100
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Mon Oct 12 09:46:47 2020 +0200
ofz#23523 Timeout processing huge SEPX full of non-SEP properties
ignore properties in SEPX which aren't section properties
Change-Id: I191acbd8d602d0c59ce541cecb847d7d57c1bc3a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104178
Tested-by: Caolán McNamara <caolanm at redhat.com>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 1b3c738823bd..65a5818abb48 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -5182,6 +5182,34 @@ namespace
}
}
+bool WW8PLCFMan::IsSprmLegalForCategory(sal_uInt16 nSprmId, short nIdx) const
+{
+ const WW8PLCFxDesc* p = &m_aD[nIdx];
+ if (p != m_pSep) // just check sep for now
+ return true;
+
+ bool bRet;
+ ww::WordVersion eVersion = maSprmParser.GetFIBVersion();
+ if (eVersion <= ww::eWW2)
+ {
+ bRet = nSprmId >= 112 && nSprmId <= 145;
+ SAL_WARN_IF(!bRet, "sw.ww8", "sprm, id " << nSprmId << " wrong category for section properties");
+ assert(bRet && "once off crashtesting scan for real world cases");
+ }
+ else if (eVersion < ww::eWW8) // just check ww6/7 for now
+ {
+ bRet = nSprmId >= NS_sprm::v6::sprmSScnsPgn && nSprmId <= NS_sprm::v6::sprmSDMPaperReq;
+ SAL_WARN_IF(!bRet, "sw.ww8", "sprm, id " << nSprmId << " wrong category for section properties");
+ }
+ else
+ {
+ // we could pull the sgc from the SprmId in this case
+ bRet = true;
+ }
+
+ return bRet;
+}
+
void WW8PLCFMan::GetSprmStart( short nIdx, WW8PLCFManResult* pRes ) const
{
memset( pRes, 0, sizeof( WW8PLCFManResult ) );
@@ -5209,7 +5237,7 @@ void WW8PLCFMan::GetSprmStart( short nIdx, WW8PLCFManResult* pRes ) const
{
// Length of actual sprm
pRes->nMemLen = maSprmParser.GetSprmSize(pRes->nSprmId, pRes->pMemPos, p->nSprmsLen);
- if (!IsSizeLegalCheckSize(pRes->nMemLen, p->nSprmsLen))
+ if (!IsSizeLegalCheckSize(pRes->nMemLen, p->nSprmsLen) || !IsSprmLegalForCategory(pRes->nSprmId, nIdx))
{
pRes->nSprmId = 0;
}
@@ -5306,7 +5334,10 @@ void WW8PLCFMan::AdvSprm(short nIdx, bool bStart)
if( bStart )
{
const sal_uInt16 nLastId = GetId(p);
- p->pIdStack->push(nLastId); // remember Id for attribute end
+
+ const sal_uInt16 nLastAttribStarted = IsSprmLegalForCategory(nLastId, nIdx) ? nLastId : 0;
+
+ p->pIdStack->push(nLastAttribStarted); // remember Id for attribute end
if( p->nSprmsLen )
{ /*
diff --git a/sw/source/filter/ww8/ww8scan.hxx b/sw/source/filter/ww8/ww8scan.hxx
index 0b606d316e95..edf22104f65b 100644
--- a/sw/source/filter/ww8/ww8scan.hxx
+++ b/sw/source/filter/ww8/ww8scan.hxx
@@ -147,6 +147,8 @@ public:
/// Returns the offset to data of the first sprm of id nId, 0
// if not found. nLen must be the <= length of pSprms
SprmResult findSprmData(sal_uInt16 nId, sal_uInt8* pSprms, sal_Int32 nLen) const;
+
+ ww::WordVersion GetFIBVersion() const { return meVersion; }
};
//Read a Pascal-style, i.e. single byte string length followed
@@ -962,6 +964,8 @@ private:
void AdvNoSprm(short nIdx, bool bStart);
sal_uInt16 GetId(const WW8PLCFxDesc* p ) const;
+ bool IsSprmLegalForCategory(sal_uInt16 nSprmId, short nIdx) const;
+
public:
WW8PLCFMan(const WW8ScannerBase* pBase, ManTypes nType, long nStartCp,
bool bDoingDrawTextBox = false);
More information about the Libreoffice-commits
mailing list