filter/source/msfilter/svdfppt.cxx | 14 ++++++++++++-- sd/qa/unit/data/ppt/pass/hang-1.ppt |binary sd/source/filter/ppt/pptin.cxx | 7 ++++++- 3 files changed, 18 insertions(+), 3 deletions(-)
New commits: commit aa9a5f6c7f4fb2edce07ad42c3937ea66893b611 Author: Caolán McNamara <caol...@redhat.com> Date: Wed Aug 26 12:35:01 2015 +0100 don't hang on unreachable record ends Change-Id: I288f7ff0327831603eda6e827c8acbae678dfaff (cherry picked from commit cadac8400a018c8c566379f7767ea5edff78523d) Reviewed-on: https://gerrit.libreoffice.org/18017 Reviewed-by: David Tardon <dtar...@redhat.com> Tested-by: David Tardon <dtar...@redhat.com> diff --git a/filter/source/msfilter/svdfppt.cxx b/filter/source/msfilter/svdfppt.cxx index 2d77718..c9033c9 100644 --- a/filter/source/msfilter/svdfppt.cxx +++ b/filter/source/msfilter/svdfppt.cxx @@ -4071,8 +4071,18 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader& rSlideHd, SvStream& rIn, Sd } rSlideHd.SeekToContent( rIn ); + + auto nEndRecPos = rSlideHd.GetRecEndFilePos(); + auto nStreamLen = rIn.Tell() + rIn.remainingSize(); + if (nEndRecPos > nStreamLen) + { + SAL_WARN("filter.ms", "Parsing error: " << nStreamLen << + " max end pos, but " << nEndRecPos << " claimed, truncating"); + nEndRecPos = nStreamLen; + } + DffRecordHeader aTxMasterStyleHd; - while ( rIn.Tell() < rSlideHd.GetRecEndFilePos() ) + while (rIn.Tell() < nEndRecPos) { ReadDffRecordHeader( rIn, aTxMasterStyleHd ); if ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom ) @@ -4080,7 +4090,7 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader& rSlideHd, SvStream& rIn, Sd else aTxMasterStyleHd.SeekToEndOfRecord( rIn ); } - while ( ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom ) && ( rIn.Tell() < rSlideHd.GetRecEndFilePos() ) ) //TODO: aTxMasterStyleHd may be used without having been properly initialized + while ( ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom ) && ( rIn.Tell() < nEndRecPos ) ) //TODO: aTxMasterStyleHd may be used without having been properly initialized { sal_uInt32 nInstance = aTxMasterStyleHd.nRecInstance; if ( ( nInstance < PPT_STYLESHEETENTRYS ) && diff --git a/sd/qa/unit/data/ppt/pass/hang-1.ppt b/sd/qa/unit/data/ppt/pass/hang-1.ppt new file mode 100644 index 0000000..d30cb84 Binary files /dev/null and b/sd/qa/unit/data/ppt/pass/hang-1.ppt differ diff --git a/sd/source/filter/ppt/pptin.cxx b/sd/source/filter/ppt/pptin.cxx index 8b1eee6..d475eb2 100644 --- a/sd/source/filter/ppt/pptin.cxx +++ b/sd/source/filter/ppt/pptin.cxx @@ -814,7 +814,12 @@ bool ImplSdPPTImport::Import() } break; } - aHd.SeekToEndOfRecord( rStCtrl ); + bool bSuccess = aHd.SeekToEndOfRecord(rStCtrl); + if (!bSuccess) + { + SAL_WARN("filter.ms", "Count not seek to end of record"); + break; + } } } rStCtrl.Seek( nFPosMerk );
_______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits