[Libreoffice-commits] core.git: hwpfilter/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Tue Aug 31 10:30:49 UTC 2021
hwpfilter/source/hwpread.cxx | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
New commits:
commit 0ec44b738b92bbf6965bf0dbe41199476673dcaf
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Aug 30 15:27:04 2021 +0100
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Aug 31 12:30:14 2021 +0200
ofz: MemorySanitizer: use-of-uninitialized-value
check for short reads
Change-Id: I1fb142e08f5664ca73dc62f6c5a5ecfd2ee1e875
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121352
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/hwpfilter/source/hwpread.cxx b/hwpfilter/source/hwpread.cxx
index d739e033f65b..62989bcf022d 100644
--- a/hwpfilter/source/hwpread.cxx
+++ b/hwpfilter/source/hwpread.cxx
@@ -70,16 +70,19 @@ bool FieldCode::Read(HWPFile & hwpf)
uint len3; /* Length of hchar type string DATA #3 */
uint binlen; /* Length of any binary data format */
- hwpf.Read4b(&size, 1);
- hwpf.Read2b(&dummy, 1);
+ hwpf.Read4b(size);
+ hwpf.Read2b(dummy);
hwpf.ReadBlock(&type, 2);
hwpf.Read4b(reserved1.data(), 1);
- hwpf.Read2b(&location_info, 1);
+ hwpf.Read2b(location_info);
hwpf.ReadBlock(reserved2.data(), 22);
- hwpf.Read4b(&len1, 1);
- hwpf.Read4b(&len2, 1);
- hwpf.Read4b(&len3, 1);
- hwpf.Read4b(&binlen, 1);
+ hwpf.Read4b(len1);
+ hwpf.Read4b(len2);
+ hwpf.Read4b(len3);
+ bool bSuccess = hwpf.Read4b(binlen);
+
+ if (!bSuccess)
+ return false;
uint const len1_ = std::min<uint>(len1, 1024) / sizeof(hchar);
uint const len2_ = std::min<uint>(len2, 1024) / sizeof(hchar);
@@ -95,7 +98,8 @@ bool FieldCode::Read(HWPFile & hwpf)
hwpf.Read2b(str2.get(), len2_);
hwpf.SkipBlock(len2 - (len2_ * sizeof(hchar)));
str2[len2_ ? (len2_ - 1) : 0] = 0;
- hwpf.Read2b(str3.get(), len3_);
+ if (hwpf.Read2b(str3.get(), len3_) != len3_)
+ return false;
hwpf.SkipBlock(len3 - (len3_ * sizeof(hchar)));
str3[len3_ ? (len3_ - 1) : 0] = 0;
More information about the Libreoffice-commits
mailing list