src/lib/VSDMetaData.cpp | 5 +++++
src/lib/VSDParser.cpp | 12 ++++++++----
src/lib/libvisio_utils.h | 3 +++
3 files changed, 16 insertions(+), 4 deletions(-)
New commits:
commit 4b03893826bcc5f859b0ac3bea6a98269499d99f
Author: David Tardon <dtar...@redhat.com>
Date: Tue Aug 25 16:27:18 2015 +0200
sanitize page dimensions and scale
Change-Id: Ie170d9911b9f7349e4700efd5e2c089423f4218b
diff --git a/src/lib/VSDParser.cpp b/src/lib/VSDParser.cpp
index 827ed48..3074784 100644
--- a/src/lib/VSDParser.cpp
+++ b/src/lib/VSDParser.cpp
@@ -1102,17 +1102,21 @@ void
libvisio::VSDParser::readPageProps(librevenge::RVNGInputStream *input)
{
// Skip bytes representing unit to *display* (value is always inches)
input->seek(1, librevenge::RVNG_SEEK_CUR);
- double pageWidth = readDouble(input);
+ const double pageWidth = std::max<double>(readDouble(input), 0);
input->seek(1, librevenge::RVNG_SEEK_CUR);
- double pageHeight = readDouble(input);
+ const double pageHeight = std::max<double>(readDouble(input), 0);
input->seek(1, librevenge::RVNG_SEEK_CUR);
m_shadowOffsetX = readDouble(input);
input->seek(1, librevenge::RVNG_SEEK_CUR);
m_shadowOffsetY = readDouble(input);
input->seek(1, librevenge::RVNG_SEEK_CUR);
- double scale = readDouble(input);
+ const double numerator = readDouble(input);
input->seek(1, librevenge::RVNG_SEEK_CUR);
- scale /= readDouble(input);
+ double denominator = readDouble(input);
+ if (VSD_ALMOST_ZERO(denominator))
+ denominator = 1;
+
+ const double scale = std::abs(numerator / denominator);
if (m_isStencilStarted && m_currentStencil)
{
diff --git a/src/lib/libvisio_utils.h b/src/lib/libvisio_utils.h
index 0ff3a16..c6c3a03 100644
--- a/src/lib/libvisio_utils.h
+++ b/src/lib/libvisio_utils.h
@@ -14,6 +14,9 @@
#include "VSDTypes.h"
+#define VSD_EPSILON 1E-6
+#define VSD_ALMOST_ZERO(m) (fabs(m) <= VSD_EPSILON)
+
#ifdef _MSC_VER
typedef unsigned char uint8_t;
commit 4700056698abce223b3da120d58019c4626b5e57
Author: David Tardon <dtar...@redhat.com>
Date: Tue Aug 25 16:12:25 2015 +0200
afl: avoid out of bounds access to vector
Change-Id: I51fdad6cca395bb5aadc916ef452ee020f666607
diff --git a/src/lib/VSDMetaData.cpp b/src/lib/VSDMetaData.cpp
index 00dca07..7241b00 100644
--- a/src/lib/VSDMetaData.cpp
+++ b/src/lib/VSDMetaData.cpp
@@ -8,6 +8,7 @@
*/
#include "VSDMetaData.h"
+#include <cassert>
#include <cmath>
#include <cstdio>
#include <cstring>
@@ -238,6 +239,9 @@ librevenge::RVNGString
libvisio::VSDMetaData::readCodePageString(librevenge::RVN
{
uint32_t size = readU32(input);
+ if (size == 0)
+ return librevenge::RVNGString();
+
std::vector<unsigned char> characters;
for (uint32_t i = 0; i < size; ++i)
characters.push_back(readU8(input));
@@ -267,6 +271,7 @@ librevenge::RVNGString
libvisio::VSDMetaData::readCodePageString(librevenge::RVN
if (U_SUCCESS(status) && conv)
{
+ assert(!characters.empty());
const char *src = (const char *)&characters[0];
const char *srcLimit = (const char *)src + characters.size();
while (src < srcLimit)
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
