filter/source/msfilter/msdffimp.cxx | 6 ++++-- filter/source/msfilter/svdfppt.cxx | 15 ++++++++++----- sd/qa/unit/data/ppt/pass/hang-13.ppt |binary sd/qa/unit/data/ppt/pass/hang-14.ppt |binary 4 files changed, 14 insertions(+), 7 deletions(-)
New commits: commit 1bfbdeb07c0d4059f08bf1c295a465482e9ef3a5 Author: Caolán McNamara <caol...@redhat.com> Date: Thu Aug 27 20:16:58 2015 +0100 check seek Change-Id: I358758999bb918e73cdee2224e575e72c2131453 (cherry picked from commit 0c713e45f9831073e34777f50abf9b5801f08ed9) Reviewed-on: https://gerrit.libreoffice.org/18085 Reviewed-by: Michael Meeks <michael.me...@collabora.com> Tested-by: Michael Meeks <michael.me...@collabora.com> diff --git a/filter/source/msfilter/msdffimp.cxx b/filter/source/msfilter/msdffimp.cxx index 4748cb9..47a89e0 100644 --- a/filter/source/msfilter/msdffimp.cxx +++ b/filter/source/msfilter/msdffimp.cxx @@ -399,7 +399,8 @@ SvStream& ReadSvxMSDffSolverContainer( SvStream& rIn, SvxMSDffSolverContainer& r if ( aHd.nRecType == DFF_msofbtSolverContainer ) { DffRecordHeader aCRule; - while ( ( rIn.GetError() == 0 ) && ( rIn.Tell() < aHd.GetRecEndFilePos() ) ) + auto nEndPos = DffPropSet::SanitizeEndPos(rIn, aHd.GetRecEndFilePos()); + while ( ( rIn.GetError() == 0 ) && ( rIn.Tell() < nEndPos ) ) { ReadDffRecordHeader( rIn, aCRule ); if ( aCRule.nRecType == DFF_msofbtConnectorRule ) @@ -408,7 +409,8 @@ SvStream& ReadSvxMSDffSolverContainer( SvStream& rIn, SvxMSDffSolverContainer& r rIn >> *pRule; rContainer.aCList.push_back( pRule ); } - aCRule.SeekToEndOfRecord( rIn ); + if (!aCRule.SeekToEndOfRecord(rIn)) + break; } } return rIn; diff --git a/sd/qa/unit/data/ppt/pass/hang-13.ppt b/sd/qa/unit/data/ppt/pass/hang-13.ppt new file mode 100644 index 0000000..04fbdc5 Binary files /dev/null and b/sd/qa/unit/data/ppt/pass/hang-13.ppt differ commit a9a09a49a86776575f78289a9023ed024dffdcf5 Author: Caolán McNamara <caol...@redhat.com> Date: Thu Aug 27 20:32:28 2015 +0100 check seeks and offsets Change-Id: I2b6ded138b9101415fc49e93e1ec3ebcd3a9d2ae (cherry picked from commit 5ed690a3e8a575784ca25048e0229ebc52e6fccd) Reviewed-on: https://gerrit.libreoffice.org/18086 Reviewed-by: Michael Meeks <michael.me...@collabora.com> Tested-by: Michael Meeks <michael.me...@collabora.com> diff --git a/filter/source/msfilter/svdfppt.cxx b/filter/source/msfilter/svdfppt.cxx index b6693086..8c41446 100644 --- a/filter/source/msfilter/svdfppt.cxx +++ b/filter/source/msfilter/svdfppt.cxx @@ -6507,10 +6507,12 @@ PPTTextObj::PPTTextObj( SvStream& rIn, SdrPowerPointImport& rSdrPowerPointImport bStatus = false; else { - rIn.Seek( pE->nSlidePersistStartOffset ); + auto nOffset(pE->nSlidePersistStartOffset); + bStatus = (nOffset == rIn.Seek(nOffset)); // now we got the right page and are searching for the right // TextHeaderAtom - while ( rIn.Tell() < pE->nSlidePersistEndOffset ) + auto nEndRecPos = DffPropSet::SanitizeEndPos(rIn, pE->nSlidePersistEndOffset); + while (bStatus && rIn.Tell() < nEndRecPos) { ReadDffRecordHeader( rIn, aClientTextBoxHd ); if ( aClientTextBoxHd.nRecType == PPT_PST_TextHeaderAtom ) @@ -6521,7 +6523,8 @@ PPTTextObj::PPTTextObj( SvStream& rIn, SdrPowerPointImport& rSdrPowerPointImport break; } } - aClientTextBoxHd.SeekToEndOfRecord( rIn ); + if (!aClientTextBoxHd.SeekToEndOfRecord(rIn)) + break; } if ( rIn.Tell() > pE->nSlidePersistEndOffset ) bStatus = false; @@ -6534,12 +6537,14 @@ PPTTextObj::PPTTextObj( SvStream& rIn, SdrPowerPointImport& rSdrPowerPointImport // we have to calculate the correct record len DffRecordHeader aTmpHd; - while ( rIn.Tell() < pE->nSlidePersistEndOffset ) + nEndRecPos = DffPropSet::SanitizeEndPos(rIn, pE->nSlidePersistEndOffset); + while (rIn.Tell() < nEndRecPos) { ReadDffRecordHeader( rIn, aTmpHd ); if ( ( aTmpHd.nRecType == PPT_PST_SlidePersistAtom ) || ( aTmpHd.nRecType == PPT_PST_TextHeaderAtom ) ) break; - aTmpHd.SeekToEndOfRecord( rIn ); + if (!aTmpHd.SeekToEndOfRecord(rIn)) + break; aClientTextBoxHd.nRecLen += aTmpHd.nRecLen + DFF_COMMON_RECORD_HEADER_SIZE; } aClientTextBoxHd.SeekToContent( rIn ); diff --git a/sd/qa/unit/data/ppt/pass/hang-14.ppt b/sd/qa/unit/data/ppt/pass/hang-14.ppt new file mode 100644 index 0000000..8dd397b Binary files /dev/null and b/sd/qa/unit/data/ppt/pass/hang-14.ppt differ
_______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits