[Libreoffice-commits] core.git: Branch 'feature/cib_contract57d' - 19 commits - filter/source include/vcl lotuswordpro/qa lotuswordpro/source sw/qa sw/source vcl/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Thu Feb 25 13:14:38 UTC 2021
filter/source/graphicfilter/icgm/bitmap.cxx | 10 ++
include/vcl/BitmapTools.hxx | 3
lotuswordpro/qa/cppunit/data/pass/ofz20517-1.lwp |binary
lotuswordpro/source/filter/lwprowlayout.cxx | 12 ++-
lotuswordpro/source/filter/lwptablelayout.cxx | 23 +++---
lotuswordpro/source/filter/lwptablelayout.hxx | 2
sw/qa/core/data/ww5/pass/ofz18526-1.doc |binary
sw/qa/core/data/ww8/pass/ofz18414-1.doc |binary
sw/source/core/unocore/unocrsrhelper.cxx | 12 +++
sw/source/filter/basflt/fltshell.cxx | 5 -
sw/source/filter/ww8/ww8par.cxx | 56 +++++++++++---
sw/source/filter/ww8/ww8par.hxx | 2
sw/source/filter/ww8/ww8par5.cxx | 6 +
sw/source/filter/ww8/ww8par6.cxx | 11 ++
sw/source/filter/ww8/ww8scan.cxx | 37 ++++++---
sw/source/filter/ww8/ww8scan.hxx | 6 +
vcl/source/font/fontcharmap.cxx | 88 ++++++++++++++++-------
17 files changed, 203 insertions(+), 70 deletions(-)
New commits:
commit 29cb5957ed2031177906707ab064c1950755f6b7
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Oct 27 10:12:37 2020 +0000
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 16:06:27 2021 +0300
ofz#26676 null deref
Change-Id: Ic2bd8b49762266ad48263bd68a143b46fb5fd66f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104863
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 9bf58fd45814f10ecf6131aeeec86123a383723f)
diff --git a/lotuswordpro/source/filter/lwptablelayout.cxx b/lotuswordpro/source/filter/lwptablelayout.cxx
index 0f3b0d21b30e..403127d166ea 100644
--- a/lotuswordpro/source/filter/lwptablelayout.cxx
+++ b/lotuswordpro/source/filter/lwptablelayout.cxx
@@ -879,7 +879,14 @@ sal_uInt16 LwpTableLayout::ConvertHeadingRow(
XFRow* pXFRow = pTmpTable->GetRow(1);
pXFTable->AddHeaderRow(pXFRow);
pTmpTable->RemoveRow(1);
- nContentRow = m_RowsMap[0]->GetCurMaxSpannedRows(0,nCol);
+ auto iter = m_RowsMap.find(0);
+ if (iter == m_RowsMap.end())
+ {
+ SAL_WARN("lwp", "row 0 is unknown");
+ nContentRow = 0;
+ }
+ else
+ nContentRow = iter->second->GetCurMaxSpannedRows(0,nCol);
}
}
return nContentRow;
commit a55c348944c12d132c0ea6ff7d628922609f6693
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Nov 24 13:06:13 2020 +0000
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 16:05:01 2021 +0300
ofz#27817 null deref
Change-Id: I16da6f6f78dfd0a4bc17017275a6644d6e4340c8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106533
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 48d052a9f1bdbd34e1819b45ab83f51b84911702)
diff --git a/sw/source/filter/basflt/fltshell.cxx b/sw/source/filter/basflt/fltshell.cxx
index a28cf6732597..f7489b425da9 100644
--- a/sw/source/filter/basflt/fltshell.cxx
+++ b/sw/source/filter/basflt/fltshell.cxx
@@ -652,9 +652,8 @@ void SwFltControlStack::SetAttrInDoc(const SwPosition& rTmpPos,
{
SwTextNode const*const pTextNode(
aRegion.End()->nNode.GetNode().GetTextNode());
- assert(pTextNode);
- SwTextField const*const pField(pTextNode->GetFieldTextAttrAt(
- aRegion.End()->nContent.GetIndex() - 1, true));
+ SwTextField const*const pField = pTextNode ? pTextNode->GetFieldTextAttrAt(
+ aRegion.End()->nContent.GetIndex() - 1, true) : nullptr;
if (pField)
{
SwPostItField const*const pPostIt(
commit 2e7d6de7f8e24de0fe4e4f1924c9f715eebfbedd
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Sat Mar 7 19:24:42 2020 +0000
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:53:05 2021 +0300
ofz#20622 oom
Change-Id: Id77d90197e98d29787a40966f248dd769c9dac28
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90175
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 1e95c2c17a49349caba1e62b4de3752c5f767f01)
diff --git a/include/vcl/BitmapTools.hxx b/include/vcl/BitmapTools.hxx
index c15fdf9e16b8..d30f16058755 100644
--- a/include/vcl/BitmapTools.hxx
+++ b/include/vcl/BitmapTools.hxx
@@ -53,7 +53,8 @@ public:
assert(nBitCount == 24 || nBitCount == 32);
sal_Int32 nRowSize, nDataSize;
if (o3tl::checked_multiply<sal_Int32>(rSize.getWidth(), nBitCount/8, nRowSize) ||
- o3tl::checked_multiply<sal_Int32>(nRowSize, rSize.getHeight(), nDataSize))
+ o3tl::checked_multiply<sal_Int32>(nRowSize, rSize.getHeight(), nDataSize) ||
+ nDataSize < 0)
{
throw std::bad_alloc();
}
commit 0af281df35e44d89902b2db2eb3a54c92b0be409
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Fri Feb 7 14:09:57 2020 +0000
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:52:41 2021 +0300
ofz#20517 null-dereference
Change-Id: I443869f848925911ed46e2f547f0dc652b1ff290
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88214
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 08695569fd4fccc1722e7e3c7e0a234699199196)
diff --git a/lotuswordpro/qa/cppunit/data/pass/ofz20517-1.lwp b/lotuswordpro/qa/cppunit/data/pass/ofz20517-1.lwp
new file mode 100644
index 000000000000..de6dcbf1c5d5
Binary files /dev/null and b/lotuswordpro/qa/cppunit/data/pass/ofz20517-1.lwp differ
diff --git a/lotuswordpro/source/filter/lwprowlayout.cxx b/lotuswordpro/source/filter/lwprowlayout.cxx
index d05c3a346e4b..4ae721df8f77 100644
--- a/lotuswordpro/source/filter/lwprowlayout.cxx
+++ b/lotuswordpro/source/filter/lwprowlayout.cxx
@@ -379,11 +379,13 @@ void LwpRowLayout::ConvertCommonRow(rtl::Reference<XFTable> const & pXFTable, sa
LwpTableLayout* pTableLayout = GetParentTableLayout();
if (!pTableLayout)
return;
+ LwpTable* pTable = pTableLayout->GetTable();
+ if (!pTable)
+ return;
rtl::Reference<XFRow> xRow(new XFRow);
xRow->SetStyleName(m_StyleName);
- LwpTable* pTable = pTableLayout->GetTable();
sal_uInt8 nCellStartCol,nCellEndCol;
for (sal_uInt8 i = nStartCol; i < nEndCol ; i++)
commit 5a27f28868c1ac12176e27638af497c0808ed358
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Sat Feb 1 11:21:10 2020 +0000
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:52:06 2021 +0300
ofz#20447 Null-dereference READ
Change-Id: I76c1c815ab5aaf4548c886a69989fcabe3de5248
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87802
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit fec7e3422f4d1c5b9382518a11d0bb99b12e41c9)
diff --git a/lotuswordpro/source/filter/lwprowlayout.cxx b/lotuswordpro/source/filter/lwprowlayout.cxx
index 1db191350c3d..d05c3a346e4b 100644
--- a/lotuswordpro/source/filter/lwprowlayout.cxx
+++ b/lotuswordpro/source/filter/lwprowlayout.cxx
@@ -191,7 +191,8 @@ void LwpRowLayout::Read()
void LwpRowLayout::ConvertRow(rtl::Reference<XFTable> const & pXFTable,sal_uInt8 nStartCol,sal_uInt8 nEndCol)
{
LwpTableLayout* pTableLayout = GetParentTableLayout();
- assert(pTableLayout);
+ if (!pTableLayout)
+ throw std::runtime_error("missing TableLayout");
LwpTable* pTable = pTableLayout->GetTable();
//calculate the connected cell position
commit 17d7ace9e3c694aeb0c02956e7aa66c14a3ec06d
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Jan 28 16:43:28 2020 +0000
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:51:46 2021 +0300
ofz#20366 OOM
Change-Id: If658720502739e6ad88c3cf73ac6674e0313a48b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87648
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 090cf1e3bbe0ffaf56f22b152b73578483be2f42)
diff --git a/filter/source/graphicfilter/icgm/bitmap.cxx b/filter/source/graphicfilter/icgm/bitmap.cxx
index 825c90243e0a..025ab1fc588a 100644
--- a/filter/source/graphicfilter/icgm/bitmap.cxx
+++ b/filter/source/graphicfilter/icgm/bitmap.cxx
@@ -316,7 +316,15 @@ bool CGMBitmap::ImplGetDimensions( CGMBitmapDescriptor& rDesc )
rDesc.mbStatus = false;
sal_uInt32 nHeaderSize = 2 + 3 * nPrecision + 3 * mpCGM->ImplGetPointSize();
- rDesc.mnScanSize = ( ( rDesc.mnX * rDesc.mnDstBitsPerPixel + 7 ) >> 3 );
+
+ sal_uInt32 nWidthBits;
+ if (o3tl::checked_multiply(rDesc.mnX, rDesc.mnDstBitsPerPixel, nWidthBits))
+ {
+ rDesc.mbStatus = false;
+ return false;
+ }
+
+ rDesc.mnScanSize = (nWidthBits + 7) >> 3;
sal_uInt32 nScanSize;
nScanSize = rDesc.mnScanSize;
commit 102a539571fb311eafb1b541525a71aa5adcb791
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Sat Feb 1 12:04:26 2020 +0000
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:51:05 2021 +0300
ofz#20456 Null-dereference READ
this is the first honggfuzz (honggfuzz_asan_libreoffice) report I've seen to date
Change-Id: Iac733aa63c7c94d9454b9c8596340dc2286393c0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87803
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 0754e581b0d8569dd08cf26f88678754f249face)
diff --git a/lotuswordpro/source/filter/lwprowlayout.cxx b/lotuswordpro/source/filter/lwprowlayout.cxx
index e339ecdf0df6..1db191350c3d 100644
--- a/lotuswordpro/source/filter/lwprowlayout.cxx
+++ b/lotuswordpro/source/filter/lwprowlayout.cxx
@@ -282,14 +282,15 @@ void LwpRowLayout::RegisterCurRowStyle(XFRow* pXFRow,sal_uInt16 nRowMark)
{
pRowStyle = static_cast<XFRowStyle*>(
pXFStyleManager->FindStyle(pTableLayout->GetDefaultRowStyleName()));
- fHeight += pRowStyle->GetRowHeight();
}
else
{
pRowStyle = static_cast<XFRowStyle*>(
pXFStyleManager->FindStyle(iter->second->GetStyleName()));
- fHeight+=pRowStyle->GetRowHeight();
}
+ if (!pRowStyle)
+ throw std::runtime_error("missing RowStyle");
+ fHeight += pRowStyle->GetRowHeight();
}
if (m_nDirection & 0x0030)
commit fe8db2814e04245c154762666a261c20bf7138c2
Author: Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Tue Nov 12 18:57:58 2019 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:48:47 2021 +0300
ofz#18526 sw: WW8 import: don't insert control characters
Sanitize string before calling InsertString().
This segfaults since:
commit b522fc0646915d4da94df38dd249c88b28f25be7
Date: Tue Sep 24 18:11:45 2019 +0200
sw: maintain fieldmarks in DeleteRange()/DeleteAndJoin()/ReplaceRange()
Change-Id: I9ef73d924420686f6838fa21900ec57b4d25c905
Reviewed-on: https://gerrit.libreoffice.org/81949
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 7ecda38cdaa2361e8510bf3e7206863c4936deab)
Reviewed-on: https://gerrit.libreoffice.org/82759
(cherry picked from commit d494a4c0ead7db481757d8d67fbce9e1b02e65df)
diff --git a/sw/qa/core/data/ww5/pass/ofz18526-1.doc b/sw/qa/core/data/ww5/pass/ofz18526-1.doc
new file mode 100644
index 000000000000..e651650f9a26
Binary files /dev/null and b/sw/qa/core/data/ww5/pass/ofz18526-1.doc differ
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 3438558d42f6..792b83aad76a 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -121,6 +121,8 @@
#include <com/sun/star/document/XDocumentPropertiesSupplier.hpp>
#include <com/sun/star/document/XViewDataSupplier.hpp>
#include <com/sun/star/document/IndexedPropertyValues.hpp>
+
+#include <svl/lngmisc.hxx>
#include <svl/itemiter.hxx>
#include <comphelper/processfactory.hxx>
@@ -3411,13 +3413,37 @@ void SwWW8ImplReader::emulateMSWordAddTextToParagraph(const OUString& rAddString
}
}
+namespace sw {
+
+auto FilterControlChars(OUString const& rString) -> OUString
+{
+ OUStringBuffer buf(rString.getLength());
+ for (sal_Int32 i = 0; i < rString.getLength(); ++i)
+ {
+ sal_Unicode const ch(rString[i]);
+ if (!linguistic::IsControlChar(ch) || ch == '\r' || ch == '\n' || ch == '\t')
+ {
+ buf.append(ch);
+ }
+ else
+ {
+ SAL_INFO("sw.ww8", "filtering control character");
+ }
+ }
+ return buf.makeStringAndClear();
+}
+
+} // namespace sw
+
void SwWW8ImplReader::simpleAddTextToParagraph(const OUString& rAddString)
{
- if (rAddString.isEmpty())
+ OUString const addString(sw::FilterControlChars(rAddString));
+
+ if (addString.isEmpty())
return;
#if OSL_DEBUG_LEVEL > 1
- SAL_INFO("sw.ww8", "<addTextToParagraph>" << rAddString << "</addTextToParagraph>");
+ SAL_INFO("sw.ww8", "<addTextToParagraph>" << addString << "</addTextToParagraph>");
#endif
const SwContentNode *pCntNd = m_pPaM->GetContentNode();
@@ -3431,21 +3457,21 @@ void SwWW8ImplReader::simpleAddTextToParagraph(const OUString& rAddString)
const sal_Int32 nCharsLeft = SAL_MAX_INT32 - pNd->GetText().getLength();
if (nCharsLeft > 0)
{
- if (rAddString.getLength() <= nCharsLeft)
+ if (addString.getLength() <= nCharsLeft)
{
- m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, rAddString);
+ m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, addString);
}
else
{
- m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, rAddString.copy(0, nCharsLeft));
+ m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, addString.copy(0, nCharsLeft));
AppendTextNode(*m_pPaM->GetPoint());
- m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, rAddString.copy(nCharsLeft));
+ m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, addString.copy(nCharsLeft));
}
}
else
{
AppendTextNode(*m_pPaM->GetPoint());
- m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, rAddString);
+ m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, addString);
}
m_bReadTable = false;
@@ -3471,13 +3497,17 @@ bool SwWW8ImplReader::ReadChars(WW8_CP& rPos, WW8_CP nNextAttr, long nTextEnd,
nRequested = nMaxPossible;
}
- for (WW8_CP nCh = 0; nCh < nRequested; ++nCh)
+ if (!linguistic::IsControlChar(m_cSymbol)
+ || m_cSymbol == '\r' || m_cSymbol == '\n' || m_cSymbol == '\t')
{
- m_rDoc.getIDocumentContentOperations().InsertString( *m_pPaM, OUString(m_cSymbol) );
+ for (WW8_CP nCh = 0; nCh < nRequested; ++nCh)
+ {
+ m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, OUString(m_cSymbol));
+ }
+ m_xCtrlStck->SetAttr(*m_pPaM->GetPoint(), RES_CHRATR_FONT);
+ m_xCtrlStck->SetAttr(*m_pPaM->GetPoint(), RES_CHRATR_CJK_FONT);
+ m_xCtrlStck->SetAttr(*m_pPaM->GetPoint(), RES_CHRATR_CTL_FONT);
}
- m_xCtrlStck->SetAttr( *m_pPaM->GetPoint(), RES_CHRATR_FONT );
- m_xCtrlStck->SetAttr( *m_pPaM->GetPoint(), RES_CHRATR_CJK_FONT );
- m_xCtrlStck->SetAttr( *m_pPaM->GetPoint(), RES_CHRATR_CTL_FONT );
}
m_pStrm->SeekRel(nRequested);
rPos = nEnd; // Ignore until attribute end
diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx
index aa17d06cf506..28d59465da46 100644
--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -552,6 +552,8 @@ namespace sw
sal_Int32 GetPtContent() { return mnPtContent; };
};
}
+
+ auto FilterControlChars(OUString const& rString) -> OUString;
}
class WW8FieldEntry
diff --git a/sw/source/filter/ww8/ww8par5.cxx b/sw/source/filter/ww8/ww8par5.cxx
index 69be973d18ee..2c97062f01ff 100644
--- a/sw/source/filter/ww8/ww8par5.cxx
+++ b/sw/source/filter/ww8/ww8par5.cxx
@@ -35,6 +35,7 @@
#include <svl/urihelper.hxx>
#include <svl/zforlist.hxx>
#include <svl/zformat.hxx>
+#include <svl/lngmisc.hxx>
#include <sfx2/linkmgr.hxx>
#include <rtl/character.hxx>
#include <unotools/charclass.hxx>
@@ -1943,7 +1944,8 @@ eF_ResT SwWW8ImplReader::Read_F_Symbol( WW8FieldDesc*, OUString& rStr )
if( aQ.isEmpty() )
return eF_ResT::TAGIGN; // -> no 0-char in text
- if (sal_Unicode cChar = static_cast<sal_Unicode>(aQ.toInt32()))
+ sal_Unicode const cChar = static_cast<sal_Unicode>(aQ.toInt32());
+ if (!linguistic::IsControlChar(cChar) || cChar == '\r' || cChar == '\n' || cChar == '\t')
{
if (!aName.isEmpty()) // Font Name set ?
{
@@ -2723,11 +2725,11 @@ void SwWW8ImplReader::Read_SubF_Ruby( WW8ReadFieldParams& rReadParam)
if ((nBegin != -1) && (nEnd != -1) && (nBegin < nEnd))
{
sText = sPart.copy(nBegin+1,nEnd-nBegin-1);
+ sText = sw::FilterControlChars(sText);
}
}
}
}
-
}
break;
}
commit ac70e1031208ecdd7b28761d990254467155e260
Author: Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Thu Nov 14 17:37:17 2019 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:48:17 2021 +0300
sw: WW8 import: instead of control character insert '?' for footnote
SwWW8ImplReader::ReadChar() inserts a U+0002 control character to
temporarily mark a footnote anchor; this is then deleted and replaced
with a real footnote hint by SwWW8ImplReader::End_Footnote().
The assumption is that it is necessary to insert a placeholder
character to be able to apply formatting to it.
But if the document is corrupted, the control character could survive
the import, which sounds less than ideal.
So either make this magic character more explicit by documenting it in
hintids.hxx and removing any outstanding ones at the end of the import,
or use a non-offensive character instead; since this should only affect
invalid documents, choose the solution with the least effort.
Change-Id: I76d396258b32e0f0fb6393942a58a4dc57912211
Reviewed-on: https://gerrit.libreoffice.org/82760
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 13ba765c444713b0b0b2f4b4231bdafcbbef6ad0)
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 7d2470e640e7..3438558d42f6 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -3747,7 +3747,7 @@ bool SwWW8ImplReader::ReadChar(long nPosCp, long nCpOfs)
break;
case 0x2: // TODO: Auto-Footnote-Number, should be replaced by SwWW8ImplReader::End_Footnote later
if (!m_aFootnoteStack.empty())
- cInsert = 0x2;
+ cInsert = '?';
break;
default:
SAL_INFO( "sw.ww8.level2", "<unknownValue val=\"" << nWCharVal << "\">" );
commit d8353a20642f9da8c971ad0b4f636050ec686a6d
Author: Michael Stahl <Michael.Stahl at cib.de>
AuthorDate: Tue Oct 29 15:52:34 2019 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:45:25 2021 +0300
sw: UNO API: do not allow inserting control characters into nodes
Refuse invalid input in DocInsertStringSplitCR().
Reviewed-on: https://gerrit.libreoffice.org/81696
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
(cherry picked from commit 9b1e3e9bfdc0639630a367e45e4bdc2e9f22e503)
Change-Id: I097c1b3a1f70b0cf1fa3fc33fc1d965ee6c96280
diff --git a/sw/source/core/unocore/unocrsrhelper.cxx b/sw/source/core/unocore/unocrsrhelper.cxx
index 7581c46b16e9..093ad9463a5f 100644
--- a/sw/source/core/unocore/unocrsrhelper.cxx
+++ b/sw/source/core/unocore/unocrsrhelper.cxx
@@ -68,6 +68,7 @@
#include <cntfrm.hxx>
#include <pagefrm.hxx>
#include <svl/eitem.hxx>
+#include <svl/lngmisc.hxx>
#include <docary.hxx>
#include <swtable.hxx>
#include <tox.hxx>
@@ -1108,6 +1109,17 @@ bool DocInsertStringSplitCR(
{
bool bOK = true;
+ for (sal_Int32 i = 0; i < rText.getLength(); ++i)
+ {
+ sal_Unicode const ch(rText[i]);
+ if (linguistic::IsControlChar(ch)
+ && ch != '\r' && ch != '\n' && ch != '\t')
+ {
+ SAL_WARN("sw.uno", "DocInsertStringSplitCR: refusing to insert control character " << int(ch));
+ return false;
+ }
+ }
+
const SwInsertFlags nInsertFlags =
bForceExpandHints
? ( SwInsertFlags::FORCEHINTEXPAND | SwInsertFlags::EMPTYEXPAND)
commit c2215f489f7ba34e1dd4347004d56ef028a4883d
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Sat Oct 3 21:56:19 2020 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:41:34 2021 +0300
ofz#26122 allow NINSIZE input full elements
Change-Id: Ifbde8fc055a91e23db08508a34ce4664d2f1f96f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103906
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit fb0c3f9d8964f8c0f40238559c32d9d73cba6b55)
diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx
index 77c98f2882d4..37183d5b5fef 100644
--- a/vcl/source/font/fontcharmap.cxx
+++ b/vcl/source/font/fontcharmap.cxx
@@ -332,7 +332,8 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
static const int NINSIZE = 64;
static const int NOUTSIZE = 64;
- sal_Char cCharsInp[ NINSIZE ];
+ std::vector<char> cCharsInp;
+ cCharsInp.reserve(NINSIZE);
sal_Unicode cCharsOut[ NOUTSIZE ];
sal_UCS4* pCP = pCodePairs;
for( int i = 0; i < nRangeCount; ++i )
@@ -343,25 +344,26 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
// input codepoints in 0..SAL_MAX_UINT16 range
while (cMin < cEnd && cMin <= SAL_MAX_UINT16)
{
- int j = 0;
- for(; (cMin < cEnd) && (j < NINSIZE); ++cMin )
+ for (int j = 0; (cMin < cEnd) && (j < NINSIZE); ++cMin, ++j)
{
if( cMin >= 0x0100 )
- cCharsInp[ j++ ] = static_cast<sal_Char>(cMin >> 8);
+ cCharsInp.push_back(static_cast<char>(cMin >> 8));
if( (cMin >= 0x0100) || (cMin < 0x00A0) )
- cCharsInp[ j++ ] = static_cast<sal_Char>(cMin);
+ cCharsInp.push_back(static_cast<char>(cMin));
}
sal_uInt32 nCvtInfo;
sal_Size nSrcCvtBytes;
int nOutLen = rtl_convertTextToUnicode(
aConverter, aCvtContext,
- cCharsInp, j, cCharsOut, NOUTSIZE,
+ cCharsInp.data(), cCharsInp.size(), cCharsOut, NOUTSIZE,
RTL_TEXTTOUNICODE_FLAGS_INVALID_IGNORE
| RTL_TEXTTOUNICODE_FLAGS_UNDEFINED_IGNORE,
&nCvtInfo, &nSrcCvtBytes );
- for( j = 0; j < nOutLen; ++j )
+ cCharsInp.clear();
+
+ for (int j = 0; j < nOutLen; ++j)
aSupportedCodePoints.insert( cCharsOut[j] );
}
}
commit ec44368cd512a47adbdb9bf57cc0ec10b8d57b94
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Sep 29 20:59:40 2020 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:41:05 2021 +0300
ofz#25989 cmap parsing
Change-Id: I048e5d88d5926a4afa75afab18db5ca6354e2454
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103641
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 9a1202edab0cfe95572f12a8c49ef756ead49bf2)
diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx
index f9aa5ded6963..77c98f2882d4 100644
--- a/vcl/source/font/fontcharmap.cxx
+++ b/vcl/source/font/fontcharmap.cxx
@@ -228,7 +228,7 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
// update the glyphid-array with the glyphs in this range
pStartGlyphs[i] = -static_cast<int>(aGlyphIdArray.size());
const unsigned char* pGlyphIdPtr = pOffsetBase + 2*i + nRangeOffset;
- const size_t nRemainingSize = pEndValidArea - pGlyphIdPtr;
+ const size_t nRemainingSize = pEndValidArea >= pGlyphIdPtr ? pEndValidArea - pGlyphIdPtr : 0;
const size_t nMaxPossibleRecords = nRemainingSize/2;
if (nMaxPossibleRecords == 0) { // no sane font should trigger this
SAL_WARN("vcl.gdi", "More indexes claimed that space available in font!");
commit a2c83abb0f1c7b9fab67189ccc712c0d6e7e075b
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Sep 15 16:36:17 2020 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:40:45 2021 +0300
ofz#25684 keep ParseCMAP within legal area
Change-Id: Iee18b5a9390b79efa67414ea2d229d2816c84e18
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102776
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit a014c82522834c972e247a28d8e5f42998ae3c0e)
ofz#25696 OOM
Change-Id: Ia69e9ce1ca0156e960dddb7e0bf98dfd2be2d7cc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102846
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit d57b14e3394b081adf0888ed8dcb7b86d66c246c)
ofz#25774 keep ParseCMAP within legal area
Change-Id: Ic68fadd3d63631cbccda76e7679d95bb89452d25
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103017
Tested-by: Caolán McNamara <caolanm at redhat.com>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit f8474367449a1b6b54918d2753e3a36798761839)
Fix crash from broken font CMAP subtable
ParseCMAP crashes on a broken CMAP subtable of a font used by the
bugdoc of tdf#119074, which returns a negative offset (technically
it's large positive offset turning into a wrong negative integer,
which is still out of bounds of the CMAP overall size - you get
the point). This simply ignores that broken subtable, checking for
other existing ones.
Regressed-by: c7482bc2904401e7d975b5721ec861b8589253f9
Change-Id: I95820fe3bb6bd2fe2e0cf9d4c3536abce31fd497
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103033
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 9bf4c5ac49b73cc2a8c89a87ff87238c061a579d)
Missing include
(for std::max, since f8474367449a1b6b54918d2753e3a36798761839 "ofz#25774 keep
ParseCMAP within legal area")
Change-Id: I873c788577e9ec3bd54d9e637d2cf86be7c1f6e6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103089
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
(cherry picked from commit 8cc52b05744443c64cf5eb62ebe3098cd964c437)
ofz#25855 overflow in nTmpOffset
we already know nLength is >= 24 so just move the calc to the other term
Change-Id: Ic52f1686ccf81e6b13d7eb7e74dbd9cb51c8ea01
ofz#25868 Timeout, encoding conversion only sane in 0..SAL_MAX_UINT16 range
so ignore points outside that range to avoid ludicrous ranges that aren't
possible in the input encoding
Change-Id: Ifb7b9b389d4a31b8820a7da661249223fe1e110c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103261
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli at libreoffice.org>
(cherry picked from commit 1e41300a9552f90b3d75d5ffadd31ae42a28d249)
diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx
index a375f98fa14f..f9aa5ded6963 100644
--- a/vcl/source/font/fontcharmap.cxx
+++ b/vcl/source/font/fontcharmap.cxx
@@ -20,6 +20,7 @@
#include <impfontcharmap.hxx>
#include <sal/log.hxx>
+#include <algorithm>
#include <vector>
#include <set>
@@ -149,6 +150,10 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
continue;
int nTmpOffset = GetUInt( p+4 );
+
+ if (nTmpOffset > nLength - 2 || nTmpOffset < 0)
+ continue;
+
int nTmpFormat = GetUShort( pCmap + nTmpOffset );
if( nTmpFormat == 12 ) // 32bit code -> glyph map format
nValue += 3;
@@ -178,12 +183,29 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
{
int nSegCountX2 = GetUShort( pCmap + nOffset + 6 );
nRangeCount = nSegCountX2/2 - 1;
- pCodePairs = new sal_UCS4[ nRangeCount * 2 ];
- pStartGlyphs = new int[ nRangeCount ];
+ if (nRangeCount < 0)
+ {
+ SAL_WARN("vcl.gdi", "negative RangeCount");
+ nRangeCount = 0;
+ }
+
const unsigned char* pLimitBase = pCmap + nOffset + 14;
const unsigned char* pBeginBase = pLimitBase + nSegCountX2 + 2;
const unsigned char* pDeltaBase = pBeginBase + nSegCountX2;
const unsigned char* pOffsetBase = pDeltaBase + nSegCountX2;
+
+ const int nOffsetBaseStart = pOffsetBase - pCmap;
+ const int nRemainingLen = nLength - nOffsetBaseStart;
+ const int nMaxPossibleRangeOffsets = nRemainingLen / 2;
+ if (nRangeCount > nMaxPossibleRangeOffsets)
+ {
+ SAL_WARN("vcl.gdi", "more range offsets requested then space available");
+ nRangeCount = std::max(0, nMaxPossibleRangeOffsets);
+ }
+
+ pCodePairs = new sal_UCS4[ nRangeCount * 2 ];
+ pStartGlyphs = new int[ nRangeCount ];
+
sal_UCS4* pCP = pCodePairs;
for( int i = 0; i < nRangeCount; ++i )
{
@@ -243,7 +265,7 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
if (nRangeCount > nMaxPossiblePairs)
{
SAL_WARN("vcl.gdi", "more code pairs requested then space available");
- nRangeCount = nMaxPossiblePairs;
+ nRangeCount = std::max(0, nMaxPossiblePairs);
}
pCodePairs = new sal_UCS4[ nRangeCount * 2 ];
@@ -317,7 +339,9 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
{
sal_UCS4 cMin = *(pCP++);
sal_UCS4 cEnd = *(pCP++);
- while( cMin < cEnd )
+ // ofz#25868 the conversion only makes sense with
+ // input codepoints in 0..SAL_MAX_UINT16 range
+ while (cMin < cEnd && cMin <= SAL_MAX_UINT16)
{
int j = 0;
for(; (cMin < cEnd) && (j < NINSIZE); ++cMin )
commit 7bab94ec9a3d23e06d232115fdf55fc87e34004b
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Wed Jul 24 12:18:10 2019 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:39:50 2021 +0300
cid#1209863 Untrusted loop bound
Change-Id: Ic8d20e92b4021dfebe01e1265c3afb2bcd509827
Reviewed-on: https://gerrit.libreoffice.org/76259
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 52b92a591943c1988fd3d660bd6fc5ac53ce0f33)
diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx
index 73600f94f0c2..a375f98fa14f 100644
--- a/vcl/source/font/fontcharmap.cxx
+++ b/vcl/source/font/fontcharmap.cxx
@@ -231,6 +231,11 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
else if( (nFormat == 12) && ((nOffset+16) < nLength) )
{
nRangeCount = GetUInt( pCmap + nOffset + 12 );
+ if (nRangeCount < 0)
+ {
+ SAL_WARN("vcl.gdi", "negative RangeCount");
+ nRangeCount = 0;
+ }
const int nGroupOffset = nOffset + 16;
const int nRemainingLen = nLength - nGroupOffset;
commit 83cefb1de8a9846306b348adff39624126959861
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Jul 22 09:13:14 2019 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:39:29 2021 +0300
cid#1209863 Untrusted loop bound
Change-Id: Ie9c3672a065b9df4580559cd927c6b1524edde0e
Reviewed-on: https://gerrit.libreoffice.org/76099
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit a6eaacf66ccc8f83b075b775f4dfa0aace0c3e3a)
diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx
index c64b920a7318..73600f94f0c2 100644
--- a/vcl/source/font/fontcharmap.cxx
+++ b/vcl/source/font/fontcharmap.cxx
@@ -231,9 +231,20 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
else if( (nFormat == 12) && ((nOffset+16) < nLength) )
{
nRangeCount = GetUInt( pCmap + nOffset + 12 );
+
+ const int nGroupOffset = nOffset + 16;
+ const int nRemainingLen = nLength - nGroupOffset;
+ const int nMaxPossiblePairs = nRemainingLen / 12;
+ if (nRangeCount > nMaxPossiblePairs)
+ {
+ SAL_WARN("vcl.gdi", "more code pairs requested then space available");
+ nRangeCount = nMaxPossiblePairs;
+ }
+
pCodePairs = new sal_UCS4[ nRangeCount * 2 ];
pStartGlyphs = new int[ nRangeCount ];
- const unsigned char* pGroup = pCmap + nOffset + 16;
+
+ const unsigned char* pGroup = pCmap + nGroupOffset;
sal_UCS4* pCP = pCodePairs;
for( int i = 0; i < nRangeCount; ++i )
{
commit 894cac6a2b48e8536567f0bc23c8ab61400112aa
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Wed Jul 24 12:07:57 2019 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:39:05 2021 +0300
rename search+replaced Getsal_uInt16 result back to GetUShort
Change-Id: Ia6e35d0ca15b0ac2310ad847c6eda6db548b25f6
Reviewed-on: https://gerrit.libreoffice.org/76258
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 63922db083dc70c9b248c9eb34b24382048adf08)
diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx
index ade991626dd9..c64b920a7318 100644
--- a/vcl/source/font/fontcharmap.cxx
+++ b/vcl/source/font/fontcharmap.cxx
@@ -86,7 +86,7 @@ bool ImplFontCharMap::isDefaultMap() const
}
static unsigned GetUInt( const unsigned char* p ) { return((p[0]<<24)+(p[1]<<16)+(p[2]<<8)+p[3]);}
-static unsigned Getsal_uInt16( const unsigned char* p ){ return((p[0]<<8) | p[1]);}
+static unsigned GetUShort( const unsigned char* p ){ return((p[0]<<8) | p[1]);}
static int GetSShort( const unsigned char* p ){ return static_cast<sal_Int16>((p[0]<<8)|p[1]);}
// TODO: move CMAP parsing directly into the ImplFontCharMap class
@@ -103,10 +103,10 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
if( !pCmap || (nLength < 24) )
return false;
- if( Getsal_uInt16( pCmap ) != 0x0000 ) // simple check for CMAP corruption
+ if( GetUShort( pCmap ) != 0x0000 ) // simple check for CMAP corruption
return false;
- int nSubTables = Getsal_uInt16( pCmap + 2 );
+ int nSubTables = GetUShort( pCmap + 2 );
if( (nSubTables <= 0) || (nLength < (24 + 8*nSubTables)) )
return false;
@@ -119,8 +119,8 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
int nBestVal = 0;
for( const unsigned char* p = pCmap + 4; --nSubTables >= 0; p += 8 )
{
- int nPlatform = Getsal_uInt16( p );
- int nEncoding = Getsal_uInt16( p+2 );
+ int nPlatform = GetUShort( p );
+ int nEncoding = GetUShort( p+2 );
int nPlatformEncoding = (nPlatform << 8) + nEncoding;
int nValue;
@@ -149,7 +149,7 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
continue;
int nTmpOffset = GetUInt( p+4 );
- int nTmpFormat = Getsal_uInt16( pCmap + nTmpOffset );
+ int nTmpFormat = GetUShort( pCmap + nTmpOffset );
if( nTmpFormat == 12 ) // 32bit code -> glyph map format
nValue += 3;
else if( nTmpFormat != 4 ) // 16bit code -> glyph map format
@@ -176,7 +176,7 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
// format 4, the most common 16bit char mapping table
if( (nFormat == 4) && ((nOffset+16) < nLength) )
{
- int nSegCountX2 = Getsal_uInt16( pCmap + nOffset + 6 );
+ int nSegCountX2 = GetUShort( pCmap + nOffset + 6 );
nRangeCount = nSegCountX2/2 - 1;
pCodePairs = new sal_UCS4[ nRangeCount * 2 ];
pStartGlyphs = new int[ nRangeCount ];
@@ -187,10 +187,10 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
sal_UCS4* pCP = pCodePairs;
for( int i = 0; i < nRangeCount; ++i )
{
- const sal_UCS4 cMinChar = Getsal_uInt16( pBeginBase + 2*i );
- const sal_UCS4 cMaxChar = Getsal_uInt16( pLimitBase + 2*i );
+ const sal_UCS4 cMinChar = GetUShort( pBeginBase + 2*i );
+ const sal_UCS4 cMaxChar = GetUShort( pLimitBase + 2*i );
const int nGlyphDelta = GetSShort( pDeltaBase + 2*i );
- const int nRangeOffset = Getsal_uInt16( pOffsetBase + 2*i );
+ const int nRangeOffset = GetUShort( pOffsetBase + 2*i );
if( cMinChar > cMaxChar ) { // no sane font should trigger this
SAL_WARN("vcl.gdi", "Min char should never be more than the max char!");
break;
@@ -218,7 +218,7 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
break;
}
for( sal_UCS4 c = cMinChar; c <= cMaxChar; ++c, pGlyphIdPtr+=2 ) {
- const int nGlyphIndex = Getsal_uInt16( pGlyphIdPtr ) + nGlyphDelta;
+ const int nGlyphIndex = GetUShort( pGlyphIdPtr ) + nGlyphDelta;
aGlyphIdArray.push_back( static_cast<sal_uInt16>(nGlyphIndex) );
}
}
commit 1e3a277929821a17855a779c13725ececfeb11b5
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Sun Oct 18 20:36:16 2020 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:38:35 2021 +0300
ofz#26480 validate WW8PLCFpcd is sorted like WW8PLCF does
Change-Id: I11393c730986585aeea229ebeec6417e4a0578d9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104510
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 7f55db80c6fe42c162bbf51404e638a66b6ae9ab)
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 8d6e42303503..53f7cd84d4e2 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -2334,26 +2334,40 @@ void WW8PLCF::ReadPLCF(SvStream& rSt, WW8_FC nFilePos, sal_uInt32 nPLCF)
void WW8PLCF::MakeFailedPLCF()
{
nIMax = 0;
- pPLCF_PosArray.reset( new sal_Int32[2] );
+ pPLCF_PosArray.reset( new WW8_CP[2] );
pPLCF_PosArray[0] = pPLCF_PosArray[1] = WW8_CP_MAX;
pPLCF_Contents = reinterpret_cast<sal_uInt8*>(&pPLCF_PosArray[nIMax + 1]);
}
-void WW8PLCF::TruncToSortedRange()
+namespace
{
- //Docs state that: ... all Plcs ... are sorted in ascending order.
- //So ensure that here for broken documents.
- for (auto nI = 0; nI < nIMax; ++nI)
+ sal_Int32 TruncToSortedRange(const sal_Int32* pPLCF_PosArray, sal_Int32 nIMax)
{
- if (pPLCF_PosArray[nI] > pPLCF_PosArray[nI+1])
+ //Docs state that: ... all Plcs ... are sorted in ascending order.
+ //So ensure that here for broken documents.
+ for (auto nI = 0; nI < nIMax; ++nI)
{
- SAL_WARN("sw.ww8", "Document has unsorted PLCF, truncated to sorted portion");
- nIMax = nI;
- break;
+ if (pPLCF_PosArray[nI] > pPLCF_PosArray[nI+1])
+ {
+ SAL_WARN("sw.ww8", "Document has unsorted PLCF, truncated to sorted portion");
+ nIMax = nI;
+ break;
+ }
}
+ return nIMax;
}
}
+void WW8PLCFpcd::TruncToSortedRange()
+{
+ nIMax = ::TruncToSortedRange(pPLCF_PosArray.get(), nIMax);
+}
+
+void WW8PLCF::TruncToSortedRange()
+{
+ nIMax = ::TruncToSortedRange(pPLCF_PosArray.get(), nIMax);
+}
+
void WW8PLCF::GeneratePLCF(SvStream& rSt, sal_Int32 nPN, sal_Int32 ncpN)
{
OSL_ENSURE( nIMax < ncpN, "Pcl.Fkp: Why is PLCF too big?" );
@@ -2375,7 +2389,7 @@ void WW8PLCF::GeneratePLCF(SvStream& rSt, sal_Int32 nPN, sal_Int32 ncpN)
{
size_t nSiz = (4 + nStru) * nIMax + 4;
size_t nElems = ( nSiz + 3 ) / 4;
- pPLCF_PosArray.reset( new sal_Int32[ nElems ] ); // Pointer to Pos-array
+ pPLCF_PosArray.reset( new WW8_CP[ nElems ] ); // Pointer to Pos-array
for (sal_Int32 i = 0; i < ncpN && !failure; ++i)
{
@@ -2509,7 +2523,7 @@ WW8PLCFpcd::WW8PLCFpcd(SvStream* pSt, sal_uInt32 nFilePos,
bValid = false;
nPLCF = bValid ? std::min(nRemainingSize, static_cast<std::size_t>(nPLCF)) : nValidMin;
- pPLCF_PosArray.reset( new sal_Int32[ ( nPLCF + 3 ) / 4 ] ); // Pointer to Pos-array
+ pPLCF_PosArray.reset( new WW8_CP[ ( nPLCF + 3 ) / 4 ] ); // Pointer to Pos-array
pPLCF_PosArray[0] = 0;
nPLCF = bValid ? pSt->ReadBytes(pPLCF_PosArray.get(), nPLCF) : nValidMin;
@@ -2523,6 +2537,7 @@ WW8PLCFpcd::WW8PLCFpcd(SvStream* pSt, sal_uInt32 nFilePos,
// Pointer to content array
pPLCF_Contents = reinterpret_cast<sal_uInt8*>(&pPLCF_PosArray[nIMax + 1]);
+ TruncToSortedRange();
pSt->Seek( nOldPos );
}
diff --git a/sw/source/filter/ww8/ww8scan.hxx b/sw/source/filter/ww8/ww8scan.hxx
index 1c1d9d148476..45454a6d3187 100644
--- a/sw/source/filter/ww8/ww8scan.hxx
+++ b/sw/source/filter/ww8/ww8scan.hxx
@@ -346,14 +346,16 @@ class WW8PLCFpcd
{
friend class WW8PLCFpcd_Iter;
- std::unique_ptr<sal_Int32[]> pPLCF_PosArray; // pointer to Pos-array and the whole structure
+ std::unique_ptr<WW8_CP[]> pPLCF_PosArray; // pointer to Pos-array and the whole structure
sal_uInt8* pPLCF_Contents; // pointer to content-array-part of Pos-array
- long nIMax;
+ sal_Int32 nIMax;
sal_uInt32 nStru;
WW8PLCFpcd(const WW8PLCFpcd&) = delete;
WW8PLCFpcd& operator=(const WW8PLCFpcd&) = delete;
+ void TruncToSortedRange();
+
public:
WW8PLCFpcd(SvStream* pSt, sal_uInt32 nFilePos, sal_uInt32 nPLCF,
sal_uInt32 nStruct);
commit f08fefd5ee6f250cd36d7415348cb1221c3efb21
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Wed Sep 23 12:44:14 2020 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:36:48 2021 +0300
ofz#25881 use std::vector with bounds checking accessor
Change-Id: Ic557e85bce5f3ebe7224b0aa2192a74969f4fce2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103194
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli at libreoffice.org>
(cherry picked from commit f074ad34d5fbc52f4f8df4eec31ba95ee92f879b)
diff --git a/lotuswordpro/source/filter/lwptablelayout.cxx b/lotuswordpro/source/filter/lwptablelayout.cxx
index bf1c0dfe61e7..0f3b0d21b30e 100644
--- a/lotuswordpro/source/filter/lwptablelayout.cxx
+++ b/lotuswordpro/source/filter/lwptablelayout.cxx
@@ -855,7 +855,7 @@ sal_uInt16 LwpTableLayout::ConvertHeadingRow(
ConvertTable(pTmpTable.get(),nStartHeadRow,nEndHeadRow,0,nCol);
sal_uInt16 nRowNum = pTmpTable->GetRowCount();
- std::unique_ptr<sal_uInt8[]> CellMark( new sal_uInt8[nRowNum] );
+ std::vector<sal_uInt8> CellMark(nRowNum);
if (nRowNum == 1)
{
@@ -867,11 +867,11 @@ sal_uInt16 LwpTableLayout::ConvertHeadingRow(
else
{
sal_uInt8 nFirstColSpann = 1;
- const bool bFindFlag = FindSplitColMark(pTmpTable.get(),CellMark.get(),nFirstColSpann);
+ const bool bFindFlag = FindSplitColMark(pTmpTable.get(), CellMark, nFirstColSpann);
if (bFindFlag)//split to 2 cells
{
- SplitRowToCells(pTmpTable.get(),pXFTable,nFirstColSpann,CellMark.get());
+ SplitRowToCells(pTmpTable.get(), pXFTable, nFirstColSpann, CellMark.data());
nContentRow = nEndHeadRow;
}
else//can not split,the first row will be the heading row,the rest will be content row
@@ -987,7 +987,7 @@ void LwpTableLayout::SplitRowToCells(XFTable* pTmpTable, rtl::Reference<XFTable>
* @param pXFTable - pointer of tmp XFtable
* @param CellMark - pointer of cell mark array
*/
-bool LwpTableLayout::FindSplitColMark(XFTable* pXFTable, sal_uInt8* pCellMark,
+bool LwpTableLayout::FindSplitColMark(XFTable* pXFTable, std::vector<sal_uInt8>& rCellMark,
sal_uInt8& nMaxColSpan)
{
sal_uInt16 nRowNum = pXFTable->GetRowCount();
@@ -1017,7 +1017,7 @@ bool LwpTableLayout::FindSplitColMark(XFTable* pXFTable, sal_uInt8* pCellMark,
}
if (nColSpan > nMaxColSpan)
nMaxColSpan = nColSpan;
- pCellMark[nRowLoop] = 0;//reset all cell mark to zero
+ rCellMark.at(nRowLoop) = 0;//reset all cell mark to zero
}
//find if other row has the same column
@@ -1040,11 +1040,11 @@ bool LwpTableLayout::FindSplitColMark(XFTable* pXFTable, sal_uInt8* pCellMark,
if (nCellMark == 0)
break;
else
- pCellMark[nRowLoop] = nCellMark;
+ rCellMark.at(nRowLoop) = nCellMark;
}
for(nRowLoop=1;nRowLoop<=nRowNum;nRowLoop++)//check if all ==0,break
{
- if (pCellMark[nRowLoop] == 0)
+ if (rCellMark.at(nRowLoop) == 0)
break;
}
if (nRowLoop == nRowNum+1)
diff --git a/lotuswordpro/source/filter/lwptablelayout.hxx b/lotuswordpro/source/filter/lwptablelayout.hxx
index 29d462359be8..692452437cf9 100644
--- a/lotuswordpro/source/filter/lwptablelayout.hxx
+++ b/lotuswordpro/source/filter/lwptablelayout.hxx
@@ -141,7 +141,7 @@ private:
sal_uInt8 nEndCol, sal_uInt16 nRowID);
void ConvertColumn(rtl::Reference<XFTable> const & pXFTable, sal_uInt8 nStartCol, sal_uInt8 nEndCol);
sal_uInt16 ConvertHeadingRow(rtl::Reference<XFTable> const & pXFTable,sal_uInt16 nStartHeadRow,sal_uInt16 nEndHeadRow);
- static bool FindSplitColMark(XFTable* pXFTable,sal_uInt8* pCellMark,sal_uInt8& nMaxColSpan);
+ static bool FindSplitColMark(XFTable* pXFTable, std::vector<sal_uInt8>& rCellMark, sal_uInt8& nMaxColSpan);
void SplitRowToCells(XFTable* pTmpTable, rtl::Reference<XFTable> const & pXFTable,
sal_uInt8 nFirstColSpann, const sal_uInt8* pCellMark);
commit 5d116bfb5f609f94ac43f82c6e3e34951854746c
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Thu Oct 24 09:52:44 2019 +0100
Commit: Vasily Melenchuk <vasily.melenchuk at cib.de>
CommitDate: Thu Feb 25 15:32:31 2021 +0300
Resolves: ofz#18414 drop apo anchor if it will be deleted
Change-Id: Ic9dc053582055cae717df6244873cee14f6e44c6
Reviewed-on: https://gerrit.libreoffice.org/81433
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 808da2c918e662c19618c9f4035e8c9a802bb887)
diff --git a/sw/qa/core/data/ww8/pass/ofz18414-1.doc b/sw/qa/core/data/ww8/pass/ofz18414-1.doc
new file mode 100644
index 000000000000..84204d197b70
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/ofz18414-1.doc differ
diff --git a/sw/source/filter/ww8/ww8par6.cxx b/sw/source/filter/ww8/ww8par6.cxx
index 3603f42df6a1..075756a6d558 100644
--- a/sw/source/filter/ww8/ww8par6.cxx
+++ b/sw/source/filter/ww8/ww8par6.cxx
@@ -2514,7 +2514,7 @@ bool SwWW8ImplReader::JoinNode(SwPaM &rPam, bool bStealAttr)
if (bStealAttr)
m_xCtrlStck->StealAttr(rPam.GetPoint()->nNode);
- if (m_pLastAnchorPos || m_pPreviousNode)
+ if (m_pLastAnchorPos || m_pPreviousNode || (m_xSFlyPara && m_xSFlyPara->xMainTextPos))
{
SwNodeIndex aToBeJoined(aPref, 1);
@@ -2539,6 +2539,15 @@ bool SwWW8ImplReader::JoinNode(SwPaM &rPam, bool bStealAttr)
if (aDropCharPos == aToBeJoined)
m_pPreviousNode = nullptr;
}
+
+ if (m_xSFlyPara)
+ {
+ // If an open apo pos is here, then clear it before
+ // JoinNext destroys it
+ SwNodeIndex aOpenApoPos(m_xSFlyPara->xMainTextPos->nNode);
+ if (aOpenApoPos == aToBeJoined)
+ m_xSFlyPara->xMainTextPos.reset();
+ }
}
pNode->JoinNext();
More information about the Libreoffice-commits
mailing list