[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-6.4' - 17 commits - download.lst editeng/source external/openssl external/poppler external/redland filter/source include/svl lotuswordpro/source scaddins/source sfx2/source svl/source svtools/source svx/source sw/source vcl/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Tue Jan 12 10:14:34 UTC 2021
download.lst | 4
editeng/source/misc/svxacorr.cxx | 2
external/openssl/UnpackedTarball_openssl.mk | 1
external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 | 578 ++++++++++
external/poppler/StaticLibrary_poppler.mk | 22
external/poppler/poppler-config.patch.1 | 72 -
external/redland/UnpackedTarball_raptor.mk | 1
external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 | 33
filter/source/graphicfilter/icgm/bundles.cxx | 5
filter/source/graphicfilter/icgm/bundles.hxx | 3
filter/source/graphicfilter/icgm/cgmtypes.hxx | 1
filter/source/graphicfilter/icgm/class1.cxx | 4
filter/source/msfilter/msdffimp.cxx | 9
include/svl/zformat.hxx | 8
lotuswordpro/source/filter/lwpparastyle.cxx | 2
lotuswordpro/source/filter/lwptabrack.hxx | 10
scaddins/source/analysis/analysis.cxx | 2
sfx2/source/dialog/versdlg.cxx | 1
svl/source/numbers/zformat.cxx | 27
svtools/source/svrtf/parrtf.cxx | 5
svx/source/table/svdotable.cxx | 3
sw/source/core/access/accdoc.cxx | 2
sw/source/filter/xml/xmltbli.cxx | 4
vcl/source/gdi/jobset.cxx | 7
24 files changed, 708 insertions(+), 98 deletions(-)
New commits:
commit 41838c456a04827084fd15eb0de90d747fb8550b
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Wed Jan 8 08:54:38 2020 +0000
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:35 2021 +0100
ofz#19901 Invalid-enum-value
Change-Id: I14273dfc695c504bd00f23f614b041207a8f2b29
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86396
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/filter/source/msfilter/msdffimp.cxx b/filter/source/msfilter/msdffimp.cxx
index 56716e215b9d..fbb718b732c7 100644
--- a/filter/source/msfilter/msdffimp.cxx
+++ b/filter/source/msfilter/msdffimp.cxx
@@ -4435,7 +4435,6 @@ SdrObject* SvxMSDffManager::ImportShape( const DffRecordHeader& rHd, SvStream& r
{
OUString aObjectText;
OUString aFontName;
- MSO_GeoTextAlign eGeoTextAlign;
if ( SeekToContent( DFF_Prop_gtextFont, rSt ) )
{
@@ -4470,7 +4469,7 @@ SdrObject* SvxMSDffManager::ImportShape( const DffRecordHeader& rHd, SvStream& r
ReadObjText( aObjectText, pRet );
}
- eGeoTextAlign = static_cast<MSO_GeoTextAlign>(GetPropertyValue( DFF_Prop_gtextAlign, mso_alignTextCenter ));
+ auto eGeoTextAlign = GetPropertyValue(DFF_Prop_gtextAlign, mso_alignTextCenter);
{
SdrTextHorzAdjust eHorzAdjust;
switch( eGeoTextAlign )
commit c64211c993551b5878560e60b6768c2ee0dc2015
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Fri Jan 3 19:31:55 2020 +0000
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:35 2021 +0100
ofz#19790 Invalid-enum-value
Change-Id: Ifca6b26b39d873f67d6161d19354be4bd6462953
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86200
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/filter/source/msfilter/msdffimp.cxx b/filter/source/msfilter/msdffimp.cxx
index 2ad21b4b8477..56716e215b9d 100644
--- a/filter/source/msfilter/msdffimp.cxx
+++ b/filter/source/msfilter/msdffimp.cxx
@@ -2690,7 +2690,7 @@ void DffPropertyReader::ApplyAttributes( SvStream& rIn, SfxItemSet& rSet, DffObj
}
if ( IsProperty( DFF_Prop_shadowType ) )
{
- MSO_ShadowType eShadowType = static_cast< MSO_ShadowType >( GetPropertyValue( DFF_Prop_shadowType, 0 ) );
+ auto eShadowType = GetPropertyValue(DFF_Prop_shadowType, 0);
if( eShadowType != mso_shadowOffset && !bNonZeroShadowOffset )
{
//0.12" == 173 twip == 302 100mm
commit 798962197a85ad910502eca8f834c04da6c40d15
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Fri Jan 3 17:07:08 2020 +0000
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:35 2021 +0100
ofz#19786 Invalid-enum-value
Change-Id: I9bca61f728877b6f7a741e9d89ad2f7f5ae0eb61
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86197
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/lotuswordpro/source/filter/lwpparastyle.cxx b/lotuswordpro/source/filter/lwpparastyle.cxx
index f7fc6979746d..e52909e3b361 100644
--- a/lotuswordpro/source/filter/lwpparastyle.cxx
+++ b/lotuswordpro/source/filter/lwpparastyle.cxx
@@ -597,7 +597,7 @@ void LwpParaStyle::ApplyTab(XFParaStyle *pParaStyle, LwpTabOverride *pTabOverRid
return;
enumXFTab eType = enumXFTabNone;
- LwpTab::TabType type = pTab->GetTabType();
+ sal_uInt32 type = pTab->GetTabType();
switch(type)
{
case LwpTab::TT_LEFT:
diff --git a/lotuswordpro/source/filter/lwptabrack.hxx b/lotuswordpro/source/filter/lwptabrack.hxx
index d29aaada28f9..1f038e61ffd7 100644
--- a/lotuswordpro/source/filter/lwptabrack.hxx
+++ b/lotuswordpro/source/filter/lwptabrack.hxx
@@ -96,7 +96,10 @@ public:
public:
void Read(LwpObjectStream *pStrm);
inline sal_uInt32 GetPosition() const;
- inline TabType GetTabType() const;
+ sal_uInt8 GetTabType() const
+ {
+ return m_nType;
+ }
inline LeaderType GetLeaderType() const;
inline sal_uInt16 GetAlignChar() const;
@@ -113,11 +116,6 @@ inline sal_uInt32 LwpTab::GetPosition() const
return m_nX;
}
-inline LwpTab::TabType LwpTab::GetTabType() const
-{
- return static_cast<LwpTab::TabType>(m_nType);
-}
-
inline LwpTab::LeaderType LwpTab::GetLeaderType() const
{
return static_cast<LwpTab::LeaderType>(m_nLeader);
commit 5530242003bbf25ee4e4c20094fdce98d8dd1ffb
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Dec 16 09:03:08 2019 +0000
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:35 2021 +0100
ofz#19525 Invalid enum value
value is unused anyway, so just reflect that
Change-Id: I032f477dddd4d50c791898eb214dac2dbbb69f09
Reviewed-on: https://gerrit.libreoffice.org/85203
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/filter/source/graphicfilter/icgm/bundles.cxx b/filter/source/graphicfilter/icgm/bundles.cxx
index 6754b9bccaf2..2bb36999de98 100644
--- a/filter/source/graphicfilter/icgm/bundles.cxx
+++ b/filter/source/graphicfilter/icgm/bundles.cxx
@@ -29,7 +29,6 @@ void Bundle::SetColor( sal_uInt32 nColor )
}
FontEntry::FontEntry() :
- eCharSetType ( CST_CCOMPLETE ),
nFontType ( 0 )
{
}
@@ -74,7 +73,6 @@ CGMFList& CGMFList::operator=( const CGMFList& rSource )
pCFontEntry->pCharSetValue.reset( new sal_Int8[ nSize ] );
memcpy( pCFontEntry->pCharSetValue.get(), pPtr->pCharSetValue.get(), nSize );
}
- pCFontEntry->eCharSetType = pPtr->eCharSetType;
pCFontEntry->nFontType = pPtr->nFontType;
aFontEntryList.push_back( std::move(pCFontEntry) );
}
@@ -169,7 +167,7 @@ void CGMFList::InsertName( sal_uInt8 const * pSource, sal_uInt32 nSize )
}
-void CGMFList::InsertCharSet( CharSetType eCharSetType, sal_uInt8 const * pSource, sal_uInt32 nSize )
+void CGMFList::InsertCharSet( sal_uInt8 const * pSource, sal_uInt32 nSize )
{
FontEntry* pFontEntry;
if ( nFontsAvailable == nCharSetCount )
@@ -183,7 +181,6 @@ void CGMFList::InsertCharSet( CharSetType eCharSetType, sal_uInt8 const * pSourc
pFontEntry = aFontEntryList[ nCharSetCount ].get();
}
nCharSetCount++;
- pFontEntry->eCharSetType = eCharSetType;
pFontEntry->pCharSetValue.reset( new sal_Int8[ nSize + 1 ] );
pFontEntry->pCharSetValue[ nSize ] = 0;
memcpy( pFontEntry->pCharSetValue.get(), pSource, nSize );
diff --git a/filter/source/graphicfilter/icgm/bundles.hxx b/filter/source/graphicfilter/icgm/bundles.hxx
index 1f9bf7bb29df..8d87bac2082b 100644
--- a/filter/source/graphicfilter/icgm/bundles.hxx
+++ b/filter/source/graphicfilter/icgm/bundles.hxx
@@ -143,7 +143,6 @@ class FontEntry
public:
std::unique_ptr<sal_Int8[]>
pFontName;
- CharSetType eCharSetType;
std::unique_ptr<sal_Int8[]>
pCharSetValue;
sal_uInt32 nFontType; // bit 0 = 1 -> Italic,
@@ -169,7 +168,7 @@ public:
FontEntry* GetFontEntry( sal_uInt32 );
void InsertName( sal_uInt8 const * pSource, sal_uInt32 nSize );
- void InsertCharSet( CharSetType, sal_uInt8 const * pSource, sal_uInt32 nSize );
+ void InsertCharSet( sal_uInt8 const * pSource, sal_uInt32 nSize );
CGMFList& operator=( const CGMFList& rFontList );
};
diff --git a/filter/source/graphicfilter/icgm/cgmtypes.hxx b/filter/source/graphicfilter/icgm/cgmtypes.hxx
index a245ebcbf3b2..b9a80fb4c83a 100644
--- a/filter/source/graphicfilter/icgm/cgmtypes.hxx
+++ b/filter/source/graphicfilter/icgm/cgmtypes.hxx
@@ -97,7 +97,6 @@ enum ColorSelectionMode { CSM_INDEXED = 0, CSM_DIRECT = 1 };
enum ColorModel { CM_RGB = 0, CM_CMYK = 1 };
enum CharacterCodingA { CCA_BASIC_7 = 0, CCA_BASIC_8 = 1, CCA_EXT_7 = 2, CCA_EXT_8 = 3 };
-enum CharSetType { CST_CBYTE_94 = 0, CST_CBYTE_96 = 1, CST_MULT94 = 2, CST_MULT96 = 3, CST_CCOMPLETE = 4 };
enum TextPrecision { TPR_STRING = 0, TPR_CHARACTER = 1, TPR_STROKE = 2, TPR_UNDEFINED = 0xffff };
enum TextPath { TPR_RIGHT = 0, TPR_LEFT = 1, TPR_UP = 2, TPR_DOWN = 3 };
enum TextAlignmentH { TAH_NORMAL = 0, TAH_LEFT = 1, TAH_CENTER = 2, TAH_RIGHT = 3, TAH_CONT = 4 };
diff --git a/filter/source/graphicfilter/icgm/class1.cxx b/filter/source/graphicfilter/icgm/class1.cxx
index a828c919695b..085fd00e558f 100644
--- a/filter/source/graphicfilter/icgm/class1.cxx
+++ b/filter/source/graphicfilter/icgm/class1.cxx
@@ -180,13 +180,13 @@ void CGM::ImplDoClass1()
{
while ( mnParaSize < mnElementSize )
{
- sal_uInt32 nCharSetType = ImplGetUI16();
+ ImplGetUI16(); // skip CharSetType
sal_uInt32 nSize = ImplGetUI(1);
if (static_cast<sal_uIntPtr>(mpEndValidSource - (mpSource + mnParaSize)) < nSize)
throw css::uno::Exception("attempt to read past end of input", nullptr);
- pElement->aFontList.InsertCharSet( static_cast<CharSetType>(nCharSetType), mpSource + mnParaSize, nSize );
+ pElement->aFontList.InsertCharSet( mpSource + mnParaSize, nSize );
mnParaSize += nSize;
}
}
commit 2468ff2f3f8d124db785db80365311c460954d51
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Thu Nov 28 10:42:19 2019 +0000
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:35 2021 +0100
ofz#13513 infinite loop with negative value for \bin
Change-Id: Ia2960598a837b3d0c48125980137171aa7944adb
Reviewed-on: https://gerrit.libreoffice.org/83986
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/svtools/source/svrtf/parrtf.cxx b/svtools/source/svrtf/parrtf.cxx
index a7e3f64f226e..abc5ffde2cbe 100644
--- a/svtools/source/svrtf/parrtf.cxx
+++ b/svtools/source/svrtf/parrtf.cxx
@@ -18,6 +18,7 @@
*/
#include <sal/config.h>
+#include <sal/log.hxx>
#include <rtl/character.hxx>
#include <rtl/strbuf.hxx>
@@ -547,7 +548,9 @@ void SvRTFParser::SkipGroup()
if (nToken == RTF_BIN)
{
rInput.SeekRel(-1);
- rInput.SeekRel(nTokenValue);
+ SAL_WARN_IF(nTokenValue < 0, "svtools", "negative value argument for rtf \\bin keyword");
+ if (nTokenValue > 0)
+ rInput.SeekRel(nTokenValue);
nNextCh = GetNextChar();
}
while (nNextCh==0xa || nNextCh==0xd)
commit 49b5cd7dd76ae7bbab12fc1316f713b884928466
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Thu Nov 21 12:17:04 2019 +0000
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:35 2021 +0100
ofz#19034 fix ~infinite loop
Change-Id: Ibc90b3b68a55f8396fbe623eb0db6c289fe978a1
Reviewed-on: https://gerrit.libreoffice.org/83383
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/filter/source/msfilter/msdffimp.cxx b/filter/source/msfilter/msdffimp.cxx
index 29fd41a9879c..2ad21b4b8477 100644
--- a/filter/source/msfilter/msdffimp.cxx
+++ b/filter/source/msfilter/msdffimp.cxx
@@ -6246,7 +6246,7 @@ bool SvxMSDffManager::GetShapeContainerData( SvStream& rSt,
// search for the Blip Property!
sal_uLong nPropRead = 0;
nLenShapePropTbl = nLength;
- long nStartShapePropTbl = rSt.Tell();
+ auto nStartShapePropTbl = rSt.Tell();
do
{
sal_uInt16 nPropId(0);
@@ -6329,7 +6329,7 @@ bool SvxMSDffManager::GetShapeContainerData( SvStream& rSt,
break;
}
}
- while( nPropRead < nLenShapePropTbl );
+ while (rSt.good() && nPropRead < nLenShapePropTbl);
rSt.Seek( nStartShapePropTbl + nLenShapePropTbl );
nReadSpCont += nLenShapePropTbl;
}
commit 3d9d161cfebeafc7910f07a15c4267b9375f53e7
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Sat Nov 16 20:36:24 2019 +0000
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:34 2021 +0100
ofz#12553 Timeout, cut out slow uninteresting path for fuzzing
Change-Id: Iaaf940e48a54e9578c747e57f2f328c36e4a119b
Reviewed-on: https://gerrit.libreoffice.org/83002
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/svx/source/table/svdotable.cxx b/svx/source/table/svdotable.cxx
index 47e079a3f7c2..77dc10165480 100644
--- a/svx/source/table/svdotable.cxx
+++ b/svx/source/table/svdotable.cxx
@@ -22,6 +22,7 @@
#include <com/sun/star/container/XNamed.hpp>
#include <com/sun/star/container/XNameAccess.hpp>
#include <com/sun/star/container/XIndexAccess.hpp>
+#include <unotools/configmgr.hxx>
#include <vcl/canvastools.hxx>
#include <vcl/ptrstyle.hxx>
#include <com/sun/star/style/XStyle.hpp>
@@ -785,6 +786,8 @@ sal_Int32 SdrTableObjImpl::getRowCount() const
void SdrTableObjImpl::LayoutTable( tools::Rectangle& rArea, bool bFitWidth, bool bFitHeight )
{
+ if (utl::ConfigManager::IsFuzzing())
+ return;
if(mpLayouter)
{
// Optimization: SdrTableObj::SetChanged() can call this very often, repeatedly
commit 87a980c9c213ff0435860d9a2a1f6c85b1482f02
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Nov 23 14:33:06 2020 +0000
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:34 2021 +0100
CVE-2020-25713 raptor2: malformed input file can lead to a segfault
due to an out of bounds array access in
raptor_xml_writer_start_element_common
use a better fix than the initial suggestion
See:
https: //bugs.mageia.org/show_bug.cgi?id=27605
https: //www.openwall.com/lists/oss-security/2020/11/13/1
Change-Id: Ida4783a61412ffce868eacf81310da338d3e2df1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106249
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
Tested-by: Jenkins
diff --git a/external/redland/UnpackedTarball_raptor.mk b/external/redland/UnpackedTarball_raptor.mk
index 517b11a3d14f..fbdc8b6f5510 100644
--- a/external/redland/UnpackedTarball_raptor.mk
+++ b/external/redland/UnpackedTarball_raptor.mk
@@ -28,6 +28,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,raptor,\
$(if $(SYSTEM_LIBXML),,external/redland/raptor/rpath.patch) \
external/redland/raptor/xml2-config.patch \
external/redland/raptor/0001-Calcualte-max-nspace-declarations-correctly-for-XML-.patch.1 \
+ external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 \
external/redland/raptor/libtool.patch \
))
diff --git a/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1 b/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
new file mode 100644
index 000000000000..1fb279df3e4d
--- /dev/null
+++ b/external/redland/raptor/0001-CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch.1
@@ -0,0 +1,33 @@
+From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm at redhat.com>
+Date: Tue, 24 Nov 2020 10:30:20 +0000
+Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a
+ segfault
+
+due to an out of bounds array access in
+raptor_xml_writer_start_element_common
+
+See:
+https://bugs.mageia.org/show_bug.cgi?id=27605
+https://www.openwall.com/lists/oss-security/2020/11/13/1
+https://gerrit.libreoffice.org/c/core/+/106249
+---
+ src/raptor_xml_writer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c
+index 56993dc3..4426d38c 100644
+--- a/src/raptor_xml_writer.c
++++ b/src/raptor_xml_writer.c
+@@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer,
+
+ /* check it wasn't an earlier declaration too */
+ for(j = 0; j < nspace_declarations_count; j++)
+- if(nspace_declarations[j].nspace == element->attributes[j]->nspace) {
++ if(nspace_declarations[j].nspace == element->attributes[i]->nspace) {
+ declare_me = 0;
+ break;
+ }
+--
+2.28.0
+
commit 1f3a0ddfdd73c7a00ae2082f37867ef4212fdb88
Author: Julien Nabet <serval2412 at yahoo.fr>
AuthorDate: Sun Jan 10 15:42:31 2021 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:34 2021 +0100
Related tdf#123632: fix crash in accdoc (sw)
Make sure to use gtk3 rendering
- Open https://bugs.documentfoundation.org/attachment.cgi?id=149492
- Click F5 to open the navigator
- Go to Images
- Try double click the third and last image at least 15 times
-> crash, here's part of bt:
Thread 1 "soffice.bin" received signal SIGSEGV, Segmentation fault.
SwFrame::IsInTab (this=0x0) at sw/source/core/inc/frame.hxx:938
938 if ( mbInfInvalid )
(gdb) bt
0 SwFrame::IsInTab() const (this=0x0) at sw/source/core/inc/frame.hxx:938
1 0x00007fd7e78caf9c in SwAccessibleDocument::getExtendedAttributes() (this=0x7e4e090) at sw/source/core/access/accdoc.cxx:596
2 0x00007fd7e78cbf9d in non-virtual thunk to SwAccessibleDocument::getExtendedAttributes() () at sw/source/core/access/accdoc.cxx:708
3 0x00007fd7f18f90ad in attribute_set_new_from_extended_attributes(com::sun::star::uno::Reference<com::sun::star::accessibility::XAccessibleExtendedAttributes> const&)
(rExtendedAttributes=uno::Reference to (SwAccessibleDocument *) 0x7e4e180) at vcl/unx/gtk3/a11y/gtk3atktextattributes.cxx:1229
4 0x00007fd7f19113f3 in wrapper_get_attributes(_AtkObject*) (atk_obj=0x7df37d0) at vcl/unx/gtk3/a11y/gtk3atkwrapper.cxx:394
I put "Related" because I don't know if it corresponds to the initial bug
but I used the attached file of the bugtracker
Change-Id: Ief9fda9f7bcf277d18490169eee2e43fb046a1bf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109051
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
(cherry picked from commit 003b45624788610fba98e3f3334f99140017e472)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109002
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sw/source/core/access/accdoc.cxx b/sw/source/core/access/accdoc.cxx
index 94989d2fae0a..e3f7680c704a 100644
--- a/sw/source/core/access/accdoc.cxx
+++ b/sw/source/core/access/accdoc.cxx
@@ -585,7 +585,7 @@ uno::Any SAL_CALL SwAccessibleDocument::getExtendedAttributes()
{
if (!(pCurrTextFrame->IsInTab() || pCurrTextFrame->IsInFootnote()))
{
- while( pTextFrame != pCurrTextFrame )
+ while( pTextFrame && pTextFrame != pCurrTextFrame )
{
//check header/footer
pFrame = pTextFrame;
commit 2c6b6366a5ce7b4c4b034aba0ec63bb15cfc39fa
Author: Julien Nabet <serval2412 at yahoo.fr>
AuthorDate: Sat Jan 9 20:47:24 2021 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:34 2021 +0100
tdf#96787: AutoCorrect: after deleting a replacement entry, it's still used
If specific acor<language>.dat exists in "user", don't use the initial one in "share"
since the initial one will still contain the deleted entry.
See detailed explanation here:
https://bugs.documentfoundation.org/show_bug.cgi?id=96787#c21
Change-Id: Ic349159c93d9fc327f38a1d4e8187e3bdc16d08a
Change-Id: If6b16641d04721f2945a8e920e2933d1b8baa90f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109039
Tested-by: Jenkins
Reviewed-by: Julien Nabet <serval2412 at yahoo.fr>
(cherry picked from commit ae56dc05b27f05ffcee99845d661a237e70a7a51)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108999
Reviewed-by: Adolfo Jayme Barrientos <fitojb at ubuntu.com>
diff --git a/editeng/source/misc/svxacorr.cxx b/editeng/source/misc/svxacorr.cxx
index 10f91239625a..6b24dbd23bf5 100644
--- a/editeng/source/misc/svxacorr.cxx
+++ b/editeng/source/misc/svxacorr.cxx
@@ -1798,6 +1798,8 @@ const SvxAutocorrWord* SvxAutoCorrect::SearchWordsInList(
rLang = aLanguageTag;
return pRet;
}
+ else
+ return nullptr;
}
// If it still could not be found here, then keep on searching
commit 4ff1f8153a3155303ea74f09cf4cb03d61e625a6
Author: Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Wed Jan 6 18:23:37 2021 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:34 2021 +0100
Missing construction of SfxCmisVersionsDialog::m_xVersionBox
...ever since b1baf73dc671069bedec18d170f8199b0766ea60 "weld
SfxCmisVersionsDialog". (Found by GCC 11 trunk with --enable-optimized,
> sfx2/source/dialog/versdlg.cxx: In constructor ‘SfxCmisVersionsDialog::SfxCmisVersionsDialog(weld::Window*, SfxViewFrame*)’:
> sfx2/source/dialog/versdlg.cxx:435:36: error: ‘this’ pointer null [-Werror=nonnull]
> 435 | m_xVersionBox->set_size_request(m_xVersionBox->get_approximate_digit_width() * 90,
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 436 | m_xVersionBox->get_height_rows(15));
> | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
)
Change-Id: I2720d6bc49af717951a0af6a262fb013a27e09df
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108886
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
(cherry picked from commit 29e36c699c610be4fe6f8a2fe21ae3e4c8bdbd38)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108909
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sfx2/source/dialog/versdlg.cxx b/sfx2/source/dialog/versdlg.cxx
index 1901ce9b2c29..525325b72702 100644
--- a/sfx2/source/dialog/versdlg.cxx
+++ b/sfx2/source/dialog/versdlg.cxx
@@ -434,6 +434,7 @@ SfxCmisVersionsDialog::SfxCmisVersionsDialog(weld::Window* pParent, SfxViewFrame
, m_xViewButton(m_xBuilder->weld_button("show"))
, m_xDeleteButton(m_xBuilder->weld_button("delete"))
, m_xCompareButton(m_xBuilder->weld_button("compare"))
+ , m_xVersionBox(m_xBuilder->weld_tree_view("versions"))
{
m_xVersionBox->set_size_request(m_xVersionBox->get_approximate_digit_width() * 90,
m_xVersionBox->get_height_rows(15));
commit e78a8de236d876453a719b9b0e993b9bf1ac8b2c
Author: Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Wed Jan 6 19:30:07 2021 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:34 2021 +0100
poppler: upgrade to release 21.01.0
Fixes CVE-2020-27778, CVE-2020-35702
and changelogs mention lots of fuzzing fixes.
Change-Id: Ib07bdee726905e74afc13a01bbbd53f218121744
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108912
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
(cherry picked from commit 48e8b32a9b66722bbb28fc15840b3706a461aeb7)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108904
Tested-by: Michael Stahl <michael.stahl at allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
diff --git a/download.lst b/download.lst
index 4a6b397223db..de6bc1d8b2f6 100644
--- a/download.lst
+++ b/download.lst
@@ -230,8 +230,8 @@ export PIXMAN_SHA256SUM := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
-export POPPLER_SHA256SUM := 234f8e573ea57fb6a008e7c1e56bfae1af5d1adf0e65f47555e1ae103874e4df
-export POPPLER_TARBALL := poppler-0.82.0.tar.xz
+export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3
+export POPPLER_TARBALL := poppler-21.01.0.tar.xz
export POSTGRESQL_SHA256SUM := a754c02f7051c2f21e52f8669a421b50485afcde9a581674d6106326b189d126
export POSTGRESQL_TARBALL := postgresql-9.2.24.tar.bz2
export PYTHON_SHA256SUM := 06a0a9f1bf0d8cd1e4121194d666c4e28ddae4dd54346de6c343206599f02136
diff --git a/external/poppler/StaticLibrary_poppler.mk b/external/poppler/StaticLibrary_poppler.mk
index 8bf9f528ee9e..3cc0a95e3617 100644
--- a/external/poppler/StaticLibrary_poppler.mk
+++ b/external/poppler/StaticLibrary_poppler.mk
@@ -35,6 +35,23 @@ endif
$(eval $(call gb_StaticLibrary_set_generated_cxx_suffix,poppler,cc))
+$(eval $(call gb_StaticLibrary_add_generated_cobjects,poppler,\
+ UnpackedTarball/poppler/poppler/CourierWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierBoldObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/CourierObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaBoldObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/HelveticaObliqueWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/SymbolWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesBoldWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesBoldItalicWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesItalicWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/TimesRomanWidths.pregenerated \
+ UnpackedTarball/poppler/poppler/ZapfDingbatsWidths.pregenerated \
+))
+
$(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/goo/gfile \
UnpackedTarball/poppler/goo/GooTimer \
@@ -56,8 +73,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/fofi/FoFiIdentifier \
UnpackedTarball/poppler/poppler/Annot \
UnpackedTarball/poppler/poppler/Array \
- UnpackedTarball/poppler/poppler/BuiltinFont \
- UnpackedTarball/poppler/poppler/BuiltinFontTables \
+ UnpackedTarball/poppler/poppler/BBoxOutputDev \
UnpackedTarball/poppler/poppler/CachedFile \
UnpackedTarball/poppler/poppler/Catalog \
UnpackedTarball/poppler/poppler/CertificateInfo \
@@ -79,6 +95,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/Hints \
UnpackedTarball/poppler/poppler/JArithmeticDecoder \
UnpackedTarball/poppler/poppler/JBIG2Stream \
+ UnpackedTarball/poppler/poppler/JSInfo \
UnpackedTarball/poppler/poppler/Lexer \
UnpackedTarball/poppler/poppler/Link \
UnpackedTarball/poppler/poppler/Linearization \
@@ -93,6 +110,7 @@ $(eval $(call gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/PageTransition \
UnpackedTarball/poppler/poppler/Parser \
UnpackedTarball/poppler/poppler/PDFDoc \
+ UnpackedTarball/poppler/poppler/PDFDocBuilder \
UnpackedTarball/poppler/poppler/PDFDocEncoding \
UnpackedTarball/poppler/poppler/PDFDocFactory \
UnpackedTarball/poppler/poppler/ProfileData \
diff --git a/external/poppler/poppler-config.patch.1 b/external/poppler/poppler-config.patch.1
index cb74cd66fb5e..b902402ea4e7 100644
--- a/external/poppler/poppler-config.patch.1
+++ b/external/poppler/poppler-config.patch.1
@@ -1,5 +1,7 @@
*three* poppler config headers
+note: to get the 3rd one, use -DENABLE_CPP=on
+
mkdir build && cd build && cmake .. -DENABLE_DCTDECODER=libjpeg -DHAVE_CAIRO=off -DENABLE_LIBOPENJPEG=none -DENABLE_CMS=none -DENABLE_LIBCURL=off -DENABLE_ZLIB=off -DENABLE_ZLIB_UNCOMPRESS=off -DENABLE_NSS3=off -DENABLE_LIBPNG=off -DENABLE_LIBTIFF=off -DENABLE_SPLASH=off -DENABLE_UTILS=off -DENABLE_CPP=off -DENABLE_GLIB=off -DENABLE_GOBJECT_INTROSPECTION=off -DENABLE_GTK_DOC=off -DENABLE_QT5=off
manually disabled these because cmake failed to do it:
@@ -14,7 +16,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/config.h
-@@ -0,0 +1,248 @@
+@@ -0,0 +1,221 @@
+/* config.h. Generated from config.h.cmake by cmake. */
+
+/* Build against libcurl. */
@@ -120,21 +122,6 @@ index 0fbd336a..451213f8 100644
+#endif
+
+#if !defined(_WIN32)
-+/* Define to 1 if you have the `rand_r' function. */
-+#define HAVE_RAND_R 1
-+#endif
-+
-+#if defined(_WIN32)
-+/* Define to 1 if you have the `strcpy_s' function. */
-+#define HAVE_STRCPY_S 1
-+#endif
-+
-+#if defined(_WIN32)
-+/* Define to 1 if you have the `strcat_s' function. */
-+#define HAVE_STRCAT_S 1
-+#endif
-+
-+#if !defined(_WIN32)
+/* Defines if strtok_r is available on your system */
+#define HAVE_STRTOK_R 1
+#endif
@@ -147,9 +134,6 @@ index 0fbd336a..451213f8 100644
+#define HAVE_POPEN 1
+#endif
+
-+/* Use splash for rendering. */
-+/* #undef HAVE_SPLASH */
-+
+#if !defined(__APPLE__) && !defined(_WIN32)
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+ */
@@ -179,9 +163,6 @@ index 0fbd336a..451213f8 100644
+/* Define as const if the declaration of iconv() needs const. */
+#define ICONV_CONST
+
-+/* Enable multithreading support. */
-+#define MULTITHREADED 1
-+
+/* Generate OPI comments in PS output. */
+#define OPI_SUPPORT 1
+
@@ -195,7 +176,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_NAME "poppler"
+
+/* Define to the full name and version of this package. */
-+#define PACKAGE_STRING "poppler 0.82.0"
++#define PACKAGE_STRING "poppler 21.01.0"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "poppler"
@@ -204,7 +185,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
-+#define PACKAGE_VERSION "0.82.0"
++#define PACKAGE_VERSION "21.01.0"
+
+/* Poppler data dir */
+#define POPPLER_DATADIR "/usr/local/share/poppler"
@@ -212,23 +193,17 @@ index 0fbd336a..451213f8 100644
+/* Support for curl based doc builder is compiled in. */
+/* #undef POPPLER_HAS_CURL_SUPPORT */
+
-+/* Include support for CMYK rasterization */
-+/* #undef SPLASH_CMYK */
-+
+/* Enable word list support. */
+#define TEXTOUT_WORD_LIST 1
+
+/* Defines if use cms */
+/* #undef USE_CMS */
+
-+/* Use fixed point arithmetic in the Splash backend */
-+/* #undef USE_FIXEDPOINT */
-+
+/* Use single precision arithmetic in the Splash backend */
+/* #undef USE_FLOAT */
+
+/* Version number of package */
-+#define VERSION "0.82.0"
++#define VERSION "21.01.0"
+
+#if defined(__APPLE__)
+#elif defined (_WIN32)
@@ -268,7 +243,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/poppler/poppler-config.h
-@@ -0,0 +1,173 @@
+@@ -0,0 +1,166 @@
+//================================================= -*- mode: c++ -*- ====
+//
+// poppler-config.h
@@ -288,6 +263,9 @@ index 0fbd336a..451213f8 100644
+// Copyright (C) 2014 Hib Eris <hib at hiberis.nl>
+// Copyright (C) 2016 Tor Lillqvist <tml at collabora.com>
+// Copyright (C) 2017 Adrian Johnson <ajohnson at redneon.com>
++// Copyright (C) 2018 Adam Reichold <adam.reichold at t-online.de>
++// Copyright (C) 2018 Stefan Brüns <stefan.bruens at rwth-aachen.de>
++// Copyright (C) 2020 Albert Astals Cid <aacid at kde.org>
+//
+// To see a description of the changes please see the Changelog file that
+// came with your tarball or type make ChangeLog if you are building from git
@@ -304,17 +282,7 @@ index 0fbd336a..451213f8 100644
+
+/* Defines the poppler version. */
+#ifndef POPPLER_VERSION
-+#define POPPLER_VERSION "0.82.0"
-+#endif
-+
-+/* Enable multithreading support. */
-+#ifndef MULTITHREADED
-+#define MULTITHREADED 1
-+#endif
-+
-+/* Use fixedpoint. */
-+#ifndef USE_FIXEDPOINT
-+/* #undef USE_FIXEDPOINT */
++#define POPPLER_VERSION "21.01.0"
+#endif
+
+/* Use single precision arithmetic in the Splash backend */
@@ -401,17 +369,17 @@ index 0fbd336a..451213f8 100644
+/* #undef USE_BOOST_HEADERS */
+#endif
+
-+// Also, there are preprocessor symbols in the header files
-+// that are used but never defined when building poppler using configure
-+// or cmake: DISABLE_OUTLINE, DEBUG_MEM,
-+// ENABLE_PLUGINS, DEBUG_FORMS
++/* Is splash backend available */
++#ifndef HAVE_SPLASH
++/* #undef HAVE_SPLASH */
++#endif
+
+//------------------------------------------------------------------------
+// version
+//------------------------------------------------------------------------
+
+// copyright notice
-+#define popplerCopyright "Copyright 2005-2018 The Poppler Developers - http://poppler.freedesktop.org"
++#define popplerCopyright "Copyright 2005-2021 The Poppler Developers - http://poppler.freedesktop.org"
+#define xpdfCopyright "Copyright 1996-2011 Glyph & Cog, LLC"
+
+//------------------------------------------------------------------------
@@ -429,7 +397,7 @@ index 0fbd336a..451213f8 100644
+//------------------------------------------------------------------------
+
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4)
-+#include <stdio.h> // __MINGW_PRINTF_FORMAT is defined in the mingw stdio.h
++#include <cstdio> // __MINGW_PRINTF_FORMAT is defined in the mingw stdio.h
+#ifdef __MINGW_PRINTF_FORMAT
+#define GCC_PRINTF_FORMAT(fmt_index, va_index) \
+ __attribute__((__format__(__MINGW_PRINTF_FORMAT, fmt_index, va_index)))
@@ -471,9 +439,9 @@ index 0fbd336a..451213f8 100644
+
+#include "poppler-global.h"
+
-+#define POPPLER_VERSION "0.82.0"
-+#define POPPLER_VERSION_MAJOR 0
-+#define POPPLER_VERSION_MINOR 82
++#define POPPLER_VERSION "21.01.0"
++#define POPPLER_VERSION_MAJOR 21
++#define POPPLER_VERSION_MINOR 1
+#define POPPLER_VERSION_MICRO 0
+
+namespace poppler
commit ab56d735d2cd4ebfdf88597d7d89e8a476619494
Author: Michael Stahl <michael.stahl at allotropia.de>
AuthorDate: Wed Jan 6 17:39:19 2021 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:34 2021 +0100
openssl: add patch to fix CVE-2020-1971
Change-Id: Ia756f1fa642eeb6dcadc867cc9730732a73c11b4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108884
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens at allotropia.de>
diff --git a/external/openssl/UnpackedTarball_openssl.mk b/external/openssl/UnpackedTarball_openssl.mk
index f399a0417691..a36ecde1fa1f 100644
--- a/external/openssl/UnpackedTarball_openssl.mk
+++ b/external/openssl/UnpackedTarball_openssl.mk
@@ -22,6 +22,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,openssl,\
external/openssl/openssl-3650-masm.patch.1 \
external/openssl/openssl-fixbuild.patch.1 \
external/openssl/openssl-macos-arm64.patch.1 \
+ external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1 b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1
new file mode 100644
index 000000000000..313f9cd870d7
--- /dev/null
+++ b/external/openssl/openssl-1.0.2k-cve-2020-1971.patch.1
@@ -0,0 +1,578 @@
+diff -up openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference openssl-1.0.2k/crypto/asn1/asn1_err.c
+--- openssl-1.0.2k/crypto/asn1/asn1_err.c.null-dereference 2020-12-04 10:08:08.506247597 +0100
++++ openssl-1.0.2k/crypto/asn1/asn1_err.c 2020-12-04 10:12:31.901956486 +0100
+@@ -1,6 +1,6 @@
+ /* crypto/asn1/asn1_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
++ * Copyright (c) 1999-2020 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -103,6 +103,7 @@ static ERR_STRING_DATA ASN1_str_functs[]
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
++ {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
+@@ -202,6 +203,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
+ {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
+ {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"},
+ {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
++ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"},
+ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"},
+ {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"},
+ {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+diff -up openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference openssl-1.0.2k/crypto/asn1/asn1.h
+--- openssl-1.0.2k/crypto/asn1/asn1.h.null-dereference 2020-12-04 11:00:06.896637900 +0100
++++ openssl-1.0.2k/crypto/asn1/asn1.h 2020-12-04 11:04:47.079562987 +0100
+@@ -1202,6 +1202,7 @@ void ERR_load_ASN1_strings(void);
+ # define ASN1_F_ASN1_ITEM_DUP 191
+ # define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
+ # define ASN1_F_ASN1_ITEM_EX_D2I 120
++# define ASN1_F_ASN1_ITEM_EX_I2D 231
+ # define ASN1_F_ASN1_ITEM_I2D_BIO 192
+ # define ASN1_F_ASN1_ITEM_I2D_FP 193
+ # define ASN1_F_ASN1_ITEM_PACK 198
+@@ -1298,6 +1299,7 @@ void ERR_load_ASN1_strings(void);
+ # define ASN1_R_AUX_ERROR 100
+ # define ASN1_R_BAD_CLASS 101
+ # define ASN1_R_BAD_OBJECT_HEADER 102
++# define ASN1_R_BAD_TEMPLATE 230
+ # define ASN1_R_BAD_PASSWORD_READ 103
+ # define ASN1_R_BAD_TAG 104
+ # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
+diff -up openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_dec.c
+--- openssl-1.0.2k/crypto/asn1/tasn_dec.c.null-dereference 2020-12-04 10:12:42.036057323 +0100
++++ openssl-1.0.2k/crypto/asn1/tasn_dec.c 2020-12-04 10:17:45.685035333 +0100
+@@ -223,6 +223,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ break;
+
+ case ASN1_ITYPE_MSTRING:
++ /*
++ * It never makes sense for multi-strings to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
++ goto err;
++ }
++
+ p = *in;
+ /* Just read in tag and class */
+ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+@@ -240,6 +249,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+ goto err;
+ }
++
+ /* Check tag matches bit map */
+ if (!(ASN1_tag2bit(otag) & it->utype)) {
+ /* If OPTIONAL, assume this is OK */
+@@ -316,6 +326,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
+ goto err;
+
+ case ASN1_ITYPE_CHOICE:
++ /*
++ * It never makes sense for CHOICE types to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
++ goto err;
++ }
++
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+ if (*pval) {
+diff -up openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference openssl-1.0.2k/crypto/asn1/tasn_enc.c
+--- openssl-1.0.2k/crypto/asn1/tasn_enc.c.null-dereference 2020-12-04 10:18:30.261472002 +0100
++++ openssl-1.0.2k/crypto/asn1/tasn_enc.c 2020-12-04 10:21:14.310078987 +0100
+@@ -151,9 +151,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval,
+ break;
+
+ case ASN1_ITYPE_MSTRING:
++ /*
++ * It never makes sense for multi-strings to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
++ return -1;
++ }
+ return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+ case ASN1_ITYPE_CHOICE:
++ /*
++ * It never makes sense for CHOICE types to have implicit tagging, so
++ * if tag != -1, then this looks like an error in the template.
++ */
++ if (tag != -1) {
++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
++ return -1;
++ }
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+ return 0;
+ i = asn1_get_choice_selector(pval, it);
+diff -up openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3_genn.c
+--- openssl-1.0.2k/crypto/x509v3/v3_genn.c.null-dereference 2020-12-04 10:28:02.374237945 +0100
++++ openssl-1.0.2k/crypto/x509v3/v3_genn.c 2020-12-04 10:36:51.156138263 +0100
+@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
+ IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ ASN1_SEQUENCE(EDIPARTYNAME) = {
+- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
++ /* DirectoryString is a CHOICE type so use explicit tagging */
++ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
++ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+ } ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+ IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+@@ -107,6 +108,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_N
+ (char *)a);
+ }
+
++static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
++{
++ int res;
++
++ if (a == NULL || b == NULL) {
++ /*
++ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
++ * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here
++ */
++ return -1;
++ }
++ if (a->nameAssigner == NULL && b->nameAssigner != NULL)
++ return -1;
++ if (a->nameAssigner != NULL && b->nameAssigner == NULL)
++ return 1;
++ /* If we get here then both have nameAssigner set, or both unset */
++ if (a->nameAssigner != NULL) {
++ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
++ if (res != 0)
++ return res;
++ }
++ /*
++ * partyName is required, so these should never be NULL. We treat it in
++ * the same way as the a == NULL || b == NULL case above
++ */
++ if (a->partyName == NULL || b->partyName == NULL)
++ return -1;
++
++ return ASN1_STRING_cmp(a->partyName, b->partyName);
++}
++
+ /* Returns 0 if they are equal, != 0 otherwise. */
+ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+ {
+@@ -116,8 +148,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GE
+ return -1;
+ switch (a->type) {
+ case GEN_X400:
++ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
++ break;
++
+ case GEN_EDIPARTY:
+- result = ASN1_TYPE_cmp(a->d.other, b->d.other);
++ result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
+ break;
+
+ case GEN_OTHERNAME:
+@@ -164,8 +199,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAM
+ {
+ switch (type) {
+ case GEN_X400:
++ a->d.x400Address = value;
++ break;
++
+ case GEN_EDIPARTY:
+- a->d.other = value;
++ a->d.ediPartyName = value;
+ break;
+
+ case GEN_OTHERNAME:
+@@ -199,8 +237,10 @@ void *GENERAL_NAME_get0_value(GENERAL_NA
+ *ptype = a->type;
+ switch (a->type) {
+ case GEN_X400:
++ return a->d.x400Address;
++
+ case GEN_EDIPARTY:
+- return a->d.other;
++ return a->d.ediPartyName;
+
+ case GEN_OTHERNAME:
+ return a->d.otherName;
+diff -up openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference openssl-1.0.2k/crypto/x509v3/v3nametest.c
+--- openssl-1.0.2k/crypto/x509v3/v3nametest.c.null-dereference 2020-12-04 10:28:02.374237945 +0100
++++ openssl-1.0.2k/crypto/x509v3/v3nametest.c 2020-12-04 10:36:51.156138263 +0100
+@@ -321,6 +321,356 @@ static void run_cert(X509 *crt, const ch
+ }
+ }
+
++struct gennamedata {
++ const unsigned char der[22];
++ size_t derlen;
++} gennames[] = {
++ {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * SEQUENCE {}
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00
++ },
++ 21
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * [APPLICATION 0] {}
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00
++ },
++ 21
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * UTF8String { "b" }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * BOOLEAN { TRUE }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff
++ },
++ 22
++ }, {
++ /*
++ * [0] {
++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
++ * [0] {
++ * BOOLEAN { FALSE }
++ * }
++ * }
++ */
++ {
++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00
++ },
++ 22
++ }, {
++ /* [1 PRIMITIVE] { "a" } */
++ {
++ 0x81, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [1 PRIMITIVE] { "b" } */
++ {
++ 0x81, 0x01, 0x62
++ },
++ 3
++ }, {
++ /* [2 PRIMITIVE] { "a" } */
++ {
++ 0x82, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [2 PRIMITIVE] { "b" } */
++ {
++ 0x82, 0x01, 0x62
++ },
++ 3
++ }, {
++ /*
++ * [4] {
++ * SEQUENCE {
++ * SET {
++ * SEQUENCE {
++ * # commonName
++ * OBJECT_IDENTIFIER { 2.5.4.3 }
++ * UTF8String { "a" }
++ * }
++ * }
++ * }
++ * }
++ */
++ {
++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
++ 0x04, 0x03, 0x0c, 0x01, 0x61
++ },
++ 16
++ }, {
++ /*
++ * [4] {
++ * SEQUENCE {
++ * SET {
++ * SEQUENCE {
++ * # commonName
++ * OBJECT_IDENTIFIER { 2.5.4.3 }
++ * UTF8String { "b" }
++ * }
++ * }
++ * }
++ * }
++ */
++ {
++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
++ 0x04, 0x03, 0x0c, 0x01, 0x62
++ },
++ 16
++ }, {
++ /*
++ * [5] {
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61
++ },
++ 7
++ }, {
++ /*
++ * [5] {
++ * [1] {
++ * UTF8String { "b" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62
++ },
++ 7
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String {}
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61
++ },
++ 11
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String { "a" }
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01,
++ 0x61
++ },
++ 12
++ }, {
++ /*
++ * [5] {
++ * [0] {
++ * UTF8String { "b" }
++ * }
++ * [1] {
++ * UTF8String { "a" }
++ * }
++ * }
++ */
++ {
++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01,
++ 0x61
++ },
++ 12
++ }, {
++ /* [6 PRIMITIVE] { "a" } */
++ {
++ 0x86, 0x01, 0x61
++ },
++ 3
++ }, {
++ /* [6 PRIMITIVE] { "b" } */
++ {
++ 0x86, 0x01, 0x62
++ },
++ 3
++ }, {
++ /* [7 PRIMITIVE] { `11111111` } */
++ {
++ 0x87, 0x04, 0x11, 0x11, 0x11, 0x11
++ },
++ 6
++ }, {
++ /* [7 PRIMITIVE] { `22222222`} */
++ {
++ 0x87, 0x04, 0x22, 0x22, 0x22, 0x22
++ },
++ 6
++ }, {
++ /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */
++ {
++ 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
++ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
++ },
++ 18
++ }, {
++ /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */
++ {
++ 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
++ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
++ },
++ 18
++ }, {
++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */
++ {
++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
++ 0xb7, 0x09, 0x02, 0x01
++ },
++ 15
++ }, {
++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */
++ {
++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
++ 0xb7, 0x09, 0x02, 0x02
++ },
++ 15
++ }
++};
++
++#define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0]))
++
++static int test_GENERAL_NAME_cmp(void)
++{
++ size_t i, j;
++ GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa)
++ * OSSL_NELEM(gennames));
++ GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb)
++ * OSSL_NELEM(gennames));
++ int testresult = 0;
++
++ if (namesa == NULL || namesb == NULL)
++ goto end;
++
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ const unsigned char *derp = gennames[i].der;
++
++ /*
++ * We create two versions of each GENERAL_NAME so that we ensure when
++ * we compare them they are always different pointers.
++ */
++ namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
++ derp = gennames[i].der;
++ namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
++ if (namesa[i] == NULL || namesb[i] == NULL)
++ goto end;
++ }
++
++ /* Every name should be equal to itself and not equal to any others. */
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ for (j = 0; j < OSSL_NELEM(gennames); j++) {
++ if (i == j) {
++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) != 0)
++ goto end;
++ } else {
++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) == 0)
++ goto end;
++ }
++ }
++ }
++ testresult = 1;
++
++ end:
++ for (i = 0; i < OSSL_NELEM(gennames); i++) {
++ if (namesa != NULL)
++ GENERAL_NAME_free(namesa[i]);
++ if (namesb != NULL)
++ GENERAL_NAME_free(namesb[i]);
++ }
++ OPENSSL_free(namesa);
++ OPENSSL_free(namesb);
++
++ if (!testresult)
++ fprintf(stderr, "test of GENERAL_NAME_cmp failed\n");
++
++ return testresult;
++}
++
++
++
+ int main(void)
+ {
+ const struct set_name_fn *pfn = name_fns;
+@@ -342,5 +692,8 @@ int main(void)
+ }
+ ++pfn;
+ }
++
++ errors += !test_GENERAL_NAME_cmp();
++
+ return errors > 0 ? 1 : 0;
+ }
commit a468dd80766d22bfd6054281c1c2307da7da691a
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Wed Dec 30 21:19:15 2020 +0000
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:33 2021 +0100
ofz#29113 short read
Change-Id: I107d8abeac419ba4e70a5880054c9195c60464ad
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108351
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
diff --git a/vcl/source/gdi/jobset.cxx b/vcl/source/gdi/jobset.cxx
index b1ca8e3f80f7..c6641c14ef03 100644
--- a/vcl/source/gdi/jobset.cxx
+++ b/vcl/source/gdi/jobset.cxx
@@ -262,6 +262,13 @@ SvStream& ReadJobSetup( SvStream& rIStream, JobSetup& rJobSetup )
if ( nSystem == JOBSET_FILE364_SYSTEM ||
nSystem == JOBSET_FILE605_SYSTEM )
{
+ if (nRead < sizeof(ImplOldJobSetupData) + sizeof(Impl364JobSetupData))
+ {
+ SAL_WARN("vcl", "Parsing error: " << sizeof(ImplOldJobSetupData) + sizeof(Impl364JobSetupData) <<
+ " required, but " << nRead << " available");
+ return rIStream;
+ }
+
Impl364JobSetupData* pOldJobData = reinterpret_cast<Impl364JobSetupData*>(pTempBuf.get() + sizeof( ImplOldJobSetupData ));
sal_uInt16 nOldJobDataSize = SVBT16ToUInt16( pOldJobData->nSize );
rJobData.SetSystem( SVBT16ToUInt16( pOldJobData->nSystem ) );
commit c2d0111928d1cdf769d04d96535bb40b63e72c09
Author: Eike Rathke <erack at redhat.com>
AuthorDate: Wed Jan 6 15:02:05 2021 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:33 2021 +0100
Resolves: tdf#139126 DBL_MAX is a valid value, just not for Writer
Restore the old side effect behaviour where
"1.79769313486232E+308" was not converted back to DBL_MAX, Writer
doesn't check cell value after import for this "special value",
*cough*.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108875
Tested-by: Jenkins
Reviewed-by: Eike Rathke <erack at redhat.com>
(cherry picked from commit 0e37ded8d4aea25e5d9f7325fba0597f509147bc)
Conflicts:
sw/source/filter/xml/xmltbli.cxx
Change-Id: I31cf598d5f91d1f727d5f1f0e936a3505ea1b9e0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108900
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli at libreoffice.org>
diff --git a/sw/source/filter/xml/xmltbli.cxx b/sw/source/filter/xml/xmltbli.cxx
index 815e496bcb4f..3e7a10dfca4f 100644
--- a/sw/source/filter/xml/xmltbli.cxx
+++ b/sw/source/filter/xml/xmltbli.cxx
@@ -490,8 +490,10 @@ SwXMLTableCellContext_Impl::SwXMLTableCellContext_Impl(
break;
case XML_TOK_TABLE_VALUE:
{
+ // Writer wrongly uses DBL_MAX to flag error but fails to
+ // check for it after import, so check that here, tdf#139126.
double fTmp;
- if (::sax::Converter::convertDouble(fTmp, rValue))
+ if (::sax::Converter::convertDouble(fTmp, rValue) && fTmp < DBL_MAX)
{
m_fValue = fTmp;
m_bHasValue = true;
commit 837042575949b44c9b86862971262e8ff4170f2c
Author: Eike Rathke <erack at redhat.com>
AuthorDate: Wed Jan 6 01:24:41 2021 +0100
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:33 2021 +0100
Resolves: tdf#139173 One-off error in limits for DEC2HEX()
BIN2HEX() and OCT2HEX() were not affected because the string input
is already limited to 10 characters and the converted decimal
can't even reach the limits.
Change-Id: Iba4212e8fc382287a1a454edf91426ba21497ae2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108824
Reviewed-by: Eike Rathke <erack at redhat.com>
Tested-by: Jenkins
(cherry picked from commit 70ea6b36df9ede18b135876d9b9da9945f6c129b)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108897
Reviewed-by: Xisco Fauli <xiscofauli at libreoffice.org>
diff --git a/scaddins/source/analysis/analysis.cxx b/scaddins/source/analysis/analysis.cxx
index 9e7cf05aa91c..263b826965de 100644
--- a/scaddins/source/analysis/analysis.cxx
+++ b/scaddins/source/analysis/analysis.cxx
@@ -701,7 +701,7 @@ const double SCA_MAX2 = 511.0; // min. val for binary numbe
const double SCA_MIN2 = -SCA_MAX2-1.0; // min. val for binary numbers (9 bits + sign)
const double SCA_MAX8 = 536870911.0; // max. val for octal numbers (29 bits + sign)
const double SCA_MIN8 = -SCA_MAX8-1.0; // min. val for octal numbers (29 bits + sign)
-const double SCA_MAX16 = 549755813888.0; // max. val for hexadecimal numbers (39 bits + sign)
+const double SCA_MAX16 = 549755813887.0; // max. val for hexadecimal numbers (39 bits + sign)
const double SCA_MIN16 = -SCA_MAX16-1.0; // min. val for hexadecimal numbers (39 bits + sign)
const sal_Int32 SCA_MAXPLACES = 10; // max. number of places
commit d7842f4b21f167f0ddf0716ac492695f3f1425e3
Author: Eike Rathke <erack at redhat.com>
AuthorDate: Tue Oct 13 21:41:45 2020 +0200
Commit: Andras Timar <andras.timar at collabora.com>
CommitDate: Tue Jan 12 11:13:33 2021 +0100
Resolves: tdf#137453 Implicit conversion from sal_uInt64 to sal_Int32 is bad..
Change-Id: I5681249808cf623d3b7df09988f285268ea8d85f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104255
Tested-by: Jenkins
Reviewed-by: Eike Rathke <erack at redhat.com>
(cherry picked from commit 18f8a7056ac7b4677f4d99aac24ed2db44010140)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108730
Reviewed-by: Xisco Fauli <xiscofauli at libreoffice.org>
diff --git a/include/svl/zformat.hxx b/include/svl/zformat.hxx
index b6d962d1fc98..222654004553 100644
--- a/include/svl/zformat.hxx
+++ b/include/svl/zformat.hxx
@@ -651,8 +651,8 @@ private:
SVL_DLLPRIVATE void ImpGetFractionElements( double& fNumber,
sal_uInt16 nIx,
double& fIntPart,
- sal_uInt64& nFrac,
- sal_uInt64& nDiv ) const;
+ sal_Int64& nFrac,
+ sal_Int64& nDiv ) const;
SVL_DLLPRIVATE bool ImpGetFractionOutput(double fNumber,
sal_uInt16 nIx,
OUStringBuffer& OutString);
@@ -691,10 +691,10 @@ private:
// normal digits or other digits, depending on ImpSvNumFor.aNatNum,
// [NatNum1], [NatNum2], ...
- SVL_DLLPRIVATE OUString ImpGetNatNumString( const SvNumberNatNum& rNum, sal_Int32 nVal,
+ SVL_DLLPRIVATE OUString ImpGetNatNumString( const SvNumberNatNum& rNum, sal_Int64 nVal,
sal_uInt16 nMinDigits ) const;
- OUString ImpIntToString( sal_uInt16 nIx, sal_Int32 nVal, sal_uInt16 nMinDigits = 0 ) const
+ OUString ImpIntToString( sal_uInt16 nIx, sal_Int64 nVal, sal_uInt16 nMinDigits = 0 ) const
{
const SvNumberNatNum& rNum = NumFor[nIx].GetNatNum();
if ( nMinDigits || rNum.IsComplete() )
diff --git a/svl/source/numbers/zformat.cxx b/svl/source/numbers/zformat.cxx
index 23c0919aecf2..f4158d8b105f 100644
--- a/svl/source/numbers/zformat.cxx
+++ b/svl/source/numbers/zformat.cxx
@@ -62,6 +62,7 @@ const double EXP_ABS_UPPER_BOUND = 1.0E15; // use exponential notation above th
} // namespace
const double D_MAX_U_INT32 = double(0xffffffff); // 4294967295.0
+constexpr double D_MAX_INTEGER = (sal_uInt64(1) << 53) - 1;
const double D_MAX_D_BY_100 = 1.7E306;
const double D_MIN_M_BY_1000 = 2.3E-305;
@@ -2759,7 +2760,7 @@ double SvNumberformat::GetRoundFractionValue ( double fNumber ) const
{
sal_uInt16 nIx = GetSubformatIndex ( fNumber );
double fIntPart = 0.0; // integer part of fraction
- sal_uInt64 nFrac = 0, nDiv = 1; // numerator and denominator
+ sal_Int64 nFrac = 0, nDiv = 1; // numerator and denominator
double fSign = (fNumber < 0.0) ? -1.0 : 1.0;
// fNumber is modified in ImpGetFractionElements to absolute fractional part
ImpGetFractionElements ( fNumber, nIx, fIntPart, nFrac, nDiv );
@@ -2770,7 +2771,7 @@ double SvNumberformat::GetRoundFractionValue ( double fNumber ) const
}
void SvNumberformat::ImpGetFractionElements ( double& fNumber, sal_uInt16 nIx,
- double& fIntPart, sal_uInt64& nFrac, sal_uInt64& nDiv ) const
+ double& fIntPart, sal_Int64& nFrac, sal_Int64& nDiv ) const
{
if ( fNumber < 0.0 )
fNumber = -fNumber;
@@ -2780,7 +2781,7 @@ void SvNumberformat::ImpGetFractionElements ( double& fNumber, sal_uInt16 nIx,
nDiv = lcl_GetDenominatorString( rInfo, NumFor[nIx].GetCount() ).toInt32();
if( nDiv > 0 )
{ // Forced Denominator
- nFrac = static_cast<sal_uInt64>(floor ( fNumber * nDiv ));
+ nFrac = static_cast<sal_Int64>(floor ( fNumber * nDiv ));
double fFracNew = static_cast<double>(nFrac) / static_cast<double>(nDiv);
double fFracNew1 = static_cast<double>(nFrac + 1) / static_cast<double>(nDiv);
double fDiff = fNumber - fFracNew;
@@ -2792,8 +2793,8 @@ void SvNumberformat::ImpGetFractionElements ( double& fNumber, sal_uInt16 nIx,
else // Calculated Denominator
{
nDiv = 1;
- sal_uInt64 nBasis = static_cast<sal_uInt64>(floor( pow(10.0,rInfo.nCntExp))) - 1; // 9, 99, 999 ,...
- sal_uInt64 nFracPrev = 1, nDivPrev = 0, nFracNext, nDivNext, nPartialDenom;
+ sal_Int64 nBasis = static_cast<sal_Int64>(floor( pow(10.0,rInfo.nCntExp))) - 1; // 9, 99, 999 ,...
+ sal_Int64 nFracPrev = 1, nDivPrev = 0, nFracNext, nDivNext, nPartialDenom;
double fRemainder = fNumber;
// Use continued fraction representation of fNumber
@@ -2801,7 +2802,7 @@ void SvNumberformat::ImpGetFractionElements ( double& fNumber, sal_uInt16 nIx,
while ( fRemainder > 0.0 )
{
double fTemp = 1.0 / fRemainder; // 64bits precision required when fRemainder is very weak
- nPartialDenom = static_cast<sal_uInt64>(floor(fTemp)); // due to floating point notation with double precision
+ nPartialDenom = static_cast<sal_Int64>(floor(fTemp)); // due to floating point notation with double precision
fRemainder = fTemp - static_cast<double>(nPartialDenom);
nDivNext = nPartialDenom * nDiv + nDivPrev;
if ( nDivNext <= nBasis ) // continue loop
@@ -2814,11 +2815,11 @@ void SvNumberformat::ImpGetFractionElements ( double& fNumber, sal_uInt16 nIx,
}
else // calculate collateral fraction and exit
{
- sal_uInt64 nCollat = (nBasis - nDivPrev) / nDiv;
+ sal_Int64 nCollat = (nBasis - nDivPrev) / nDiv;
if ( 2 * nCollat >= nPartialDenom )
{
- sal_uInt64 nFracTest = nCollat * nFrac + nFracPrev;
- sal_uInt64 nDivTest = nCollat * nDiv + nDivPrev;
+ sal_Int64 nFracTest = nCollat * nFrac + nFracPrev;
+ sal_Int64 nDivTest = nCollat * nDiv + nDivPrev;
double fSign = (static_cast<double>(nFrac) > fNumber * static_cast<double>(nDiv))?1.0:-1.0;
if ( fSign * ( double(nFrac * nDivTest + nDiv * nFracTest) - 2.0 * double(nDiv * nDivTest) * fNumber ) > 0.0 )
{
@@ -2850,7 +2851,7 @@ bool SvNumberformat::ImpGetFractionOutput(double fNumber,
const OUString sNumeratorFormat = lcl_GetNumeratorString(rInfo, nCnt);
const OUString sDenominatorFormat = lcl_GetDenominatorString(rInfo, nCnt);
- sal_uInt64 nFrac = 0, nDiv = 1;
+ sal_Int64 nFrac = 0, nDiv = 1;
double fNum = floor(fNumber); // Integral part
if (fNum > D_MAX_U_INT32 || rInfo.nCntExp > 9) // Too large
@@ -2871,12 +2872,12 @@ bool SvNumberformat::ImpGetFractionOutput(double fNumber,
{
double fNum1 = fNum * static_cast<double>(nDiv) + static_cast<double>(nFrac);
- if (fNum1 > D_MAX_U_INT32)
+ if (fNum1 > D_MAX_INTEGER)
{
sBuff = ImpSvNumberformatScan::GetErrorString();
return false;
}
- nFrac = static_cast<sal_uInt64>(floor(fNum1));
+ nFrac = static_cast<sal_Int64>(floor(fNum1));
}
else if (fNum == 0.0 && nFrac != 0)
{
@@ -5486,7 +5487,7 @@ OUString SvNumberformat::GetMappedFormatstring( const NfKeywordTable& rKeywords,
}
OUString SvNumberformat::ImpGetNatNumString( const SvNumberNatNum& rNum,
- sal_Int32 nVal, sal_uInt16 nMinDigits ) const
+ sal_Int64 nVal, sal_uInt16 nMinDigits ) const
{
OUString aStr;
if ( nMinDigits )
More information about the Libreoffice-commits
mailing list