[PATCH] Fix memory errors in SwWW8ImplReader

Arnaud Versini arnaud.versini at gmail.com
Mon Apr 2 11:02:07 PDT 2012


It was only to make sure we don't overread the array, and because of the
valgrind message.


Le 2 avril 2012 15:04, Lubos Lunak <l.lunak at suse.cz> a écrit :

> On Saturday 31 of March 2012, Arnaud Versini wrote:
> > Hi,
> >
> > This patch prevent and fix memory issue in SwWW8ImplReader.
>  Did you base your patch just on your valgrind findings, or do you have
> also
> some other base for these changes, such as something in the .doc spec?
>  You are right that reading of some of the sprm's is broken, but looking at
> the first problem with the test document in Read_UL(), it is called with
> nId
> = 0x246D, which is sprmPFContextualSpacing, and the .doc spec for that one
> says it's 1 byte, while e.g. nId = 0xA413, sprmPDyaBefore, is 2 bytes
> according to the spec. So as far as I understand it, somebody was a bit
> lazy
> and lumped together two slightly different things, which should otherwise
> be
> read differently, and the proper fix would be to always read the exact size
> depending on the nId. On the other hand, looking at the end of
> WW8AttributeOutput::FormatULSpace(), we apparently do write
> sprmPFContextualSpacing as 2 bytes, which seems wrong.
>  So could you please explain why you decided to fix the problem this way?
> --
>  Lubos Lunak
>  l.lunak at suse.cz
> _______________________________________________
> LibreOffice mailing list
> LibreOffice at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/libreoffice

Arnaud Versini
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/libreoffice/attachments/20120402/0835f14a/attachment-0001.htm>

More information about the LibreOffice mailing list