filter/source/msfilter/svdfppt.cxx | 62 ++++++++++++++++++++++++-----------
sd/qa/unit/data/ppt/pass/hang-15.ppt |binary
sd/qa/unit/data/ppt/pass/hang-16.ppt |binary
sd/qa/unit/data/ppt/pass/hang-17.ppt |binary
sd/source/filter/ppt/pptin.cxx | 29 +++++++++++-----
sd/source/filter/ppt/propread.cxx | 21 ++++++-----
6 files changed, 76 insertions(+), 36 deletions(-)
New commits:
commit 00abcf33a923084f6d27b5b41c55b0b03ce04a52
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Aug 28 08:28:51 2015 +0100
check seeks and reads
Change-Id: I0c5c4784713376e0762bfbd197640f8d31b65562
(cherry picked from commit 1847753ab135f522df6a293a8539155437f0129f)
Reviewed-on: https://gerrit.libreoffice.org/18112
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: David Tardon <dtar...@redhat.com>
Tested-by: David Tardon <dtar...@redhat.com>
diff --git a/filter/source/msfilter/svdfppt.cxx
b/filter/source/msfilter/svdfppt.cxx
index 0ac8030..42f8b1b 100644
--- a/filter/source/msfilter/svdfppt.cxx
+++ b/filter/source/msfilter/svdfppt.cxx
@@ -785,7 +785,8 @@ SdrObject* SdrEscherImport::ProcessObj( SvStream& rSt,
DffObjData& rObjData, voi
}
break;
}
- aClientDataHd.SeekToEndOfRecord( rSt );
+ if (!aClientDataHd.SeekToEndOfRecord(rSt))
+ break;
}
}
if ( ( aPlaceholderAtom.nPlaceholderId ==
PptPlaceholder::NOTESSLIDEIMAGE ) && !rPersistEntry.bNotesMaster )
@@ -1809,7 +1810,10 @@ SdrObject* SdrPowerPointImport::ImportOLE( long nOLEId,
break;
}
else
- aPlaceHd.SeekToEndOfRecord( rStCtrl );
+ {
+ if (!aPlaceHd.SeekToEndOfRecord(rStCtrl))
+ break;
+ }
}
}
@@ -2401,7 +2405,8 @@ bool SdrPowerPointImport::SeekToContentOfProgTag(
sal_Int32 nVersion, SvStream&
}
}
}
- aProgTagBinaryDataHd.SeekToEndOfRecord( rSt );
+ if (!aProgTagBinaryDataHd.SeekToEndOfRecord(rSt))
+ break;
}
}
if ( !bRetValue )
@@ -2702,7 +2707,8 @@ void ImportComment10( SvxMSDffManager& rMan, SvStream&
rStCtrl, SdrPage* pPage,
}
break;
}
- aCommentHd.SeekToEndOfRecord( rStCtrl );
+ if (!aCommentHd.SeekToEndOfRecord(rStCtrl))
+ break;
}
Point aPosition( nPosX, nPosY );
rMan.Scale( aPosition );
@@ -2762,7 +2768,8 @@ void SdrPowerPointImport::ImportPage( SdrPage* pRet,
const PptSlidePersistEntry*
while( ( rStCtrl.GetError() == 0 ) && SeekToRec(
rStCtrl, PPT_PST_Comment10, aContentDataHd.GetRecEndFilePos(), &aComment10Hd ) )
{
ImportComment10( *this, rStCtrl, pRet,
aComment10Hd );
- aComment10Hd.SeekToEndOfRecord( rStCtrl );
+ if (!aComment10Hd.SeekToEndOfRecord(rStCtrl))
+ break;
}
}
}
@@ -2840,7 +2847,8 @@ void SdrPowerPointImport::ImportPage( SdrPage* pRet,
const PptSlidePersistEntry*
}
if ( aEscherObjListHd.nRecType ==
DFF_msofbtSpContainer )
break;
- aEscherObjListHd.SeekToEndOfRecord( rStCtrl );
+ if (!aEscherObjListHd.SeekToEndOfRecord(rStCtrl))
+ break;
}
// now importing page
@@ -2890,7 +2898,8 @@ void SdrPowerPointImport::ImportPage( SdrPage* pRet,
const PptSlidePersistEntry*
}
if ( aEscherObjListHd.nRecType ==
DFF_msofbtSpgrContainer )
break;
- aEscherObjListHd.SeekToEndOfRecord( rStCtrl );
+ if (!aEscherObjListHd.SeekToEndOfRecord(rStCtrl))
+ break;
}
if ( rSlidePersist.pBObj )
@@ -2906,7 +2915,8 @@ void SdrPowerPointImport::ImportPage( SdrPage* pRet,
const PptSlidePersistEntry*
}
break;
}
- aHd.SeekToEndOfRecord( rStCtrl );
+ if (!aHd.SeekToEndOfRecord(rStCtrl))
+ break;
}
if ( rSlidePersist.pSolverContainer )
SolveSolver( *rSlidePersist.pSolverContainer );
@@ -3126,7 +3136,8 @@ void SdrEscherImport::ImportHeaderFooterContainer(
DffRecordHeader& rHd, HeaderF
}
break;
}
- aHd.SeekToEndOfRecord( rStCtrl );
+ if (!aHd.SeekToEndOfRecord(rStCtrl))
+ break;
}
}
@@ -3256,7 +3267,8 @@ PPTExtParaProv::PPTExtParaProv( SdrPowerPointImport&
rMan, SvStream& rSt, const
#ifdef DBG_UTIL
else OSL_FAIL( "PPTExParaProv::PPTExParaProv - unknown
atom interpreting the PPT_PST_ExtendedBuGraContainer (SJ)" );
#endif
- aBuGraAtomHd.SeekToEndOfRecord( rSt );
+ if (!aBuGraAtomHd.SeekToEndOfRecord(rSt))
+ break;
}
if ( !aBuGraList.empty() )
bGraphics = true;
@@ -3280,7 +3292,8 @@ PPTExtParaProv::PPTExtParaProv( SdrPowerPointImport&
rMan, SvStream& rSt, const
break;
#endif
}
- aHd.SeekToEndOfRecord( rSt );
+ if (!aHd.SeekToEndOfRecord(rSt))
+ break;
}
}
@@ -3329,7 +3342,8 @@ PPTExtParaProv::PPTExtParaProv( SdrPowerPointImport&
rMan, SvStream& rSt, const
case 0xf144 :
break;
}
- aHd.SeekToEndOfRecord( rSt );
+ if (!aHd.SeekToEndOfRecord(rSt))
+ break;
}
}
rSt.Seek( nOldPos );
@@ -4106,7 +4120,10 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader&
rSlideHd, SvStream& rIn, Sd
break;
}
else
- aTxMasterStyleHd.SeekToEndOfRecord( rIn );
+ {
+ if (!aTxMasterStyleHd.SeekToEndOfRecord(rIn))
+ break;
+ }
}
}
@@ -4120,7 +4137,10 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader&
rSlideHd, SvStream& rIn, Sd
if ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom )
break;
else
- aTxMasterStyleHd.SeekToEndOfRecord( rIn );
+ {
+ if (!aTxMasterStyleHd.SeekToEndOfRecord(rIn))
+ break;
+ }
}
while ( ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom ) && (
rIn.Tell() < nEndRecPos ) ) //TODO: aTxMasterStyleHd may be used without having
been properly initialized
{
@@ -4222,7 +4242,8 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader&
rSlideHd, SvStream& rIn, Sd
}
#endif
}
- aTxMasterStyleHd.SeekToEndOfRecord( rIn );
+ if (!aTxMasterStyleHd.SeekToEndOfRecord(rIn))
+ break;
ReadDffRecordHeader( rIn, aTxMasterStyleHd );
}
if ( !mpCharSheet[ TSS_TYPE_SUBTITLE ] )
@@ -4295,7 +4316,10 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader&
rSlideHd, SvStream& rIn, Sd
break;
}
else
- aTxMasterStyleHd2.SeekToEndOfRecord( rIn );
+ {
+ if (!aTxMasterStyleHd2.SeekToEndOfRecord(rIn))
+ break;
+ }
}
}
}
@@ -6501,7 +6525,8 @@ PPTTextObj::PPTTextObj( SvStream& rIn,
SdrPowerPointImport& rSdrPowerPointImport
if ( ( nTmpSlideId == nSlideId ) && (
pHd->nRecInstance == nRefNum ) )
{
- pHd->SeekToEndOfRecord( rIn );
+ if (!pHd->SeekToEndOfRecord(rIn))
+ break;
ReadDffRecordHeader( rIn, aPresRuleHd );
if ( aPresRuleHd.nRecType ==
PPT_PST_ExtendedParagraphAtom )
{
@@ -6831,7 +6856,8 @@ PPTTextObj::PPTTextObj( SvStream& rIn,
SdrPowerPointImport& rSdrPowerPointImport
}
break;
}
- aTextHd.SeekToEndOfRecord( rIn );
+ if (!aTextHd.SeekToEndOfRecord(rIn))
+ break;
if ( pEntry )
{
// sorting fields ( hi >> lo )
diff --git a/sd/qa/unit/data/ppt/pass/hang-15.ppt
b/sd/qa/unit/data/ppt/pass/hang-15.ppt
new file mode 100644
index 0000000..b93255a
Binary files /dev/null and b/sd/qa/unit/data/ppt/pass/hang-15.ppt differ
diff --git a/sd/qa/unit/data/ppt/pass/hang-16.ppt
b/sd/qa/unit/data/ppt/pass/hang-16.ppt
new file mode 100644
index 0000000..c398d2b
Binary files /dev/null and b/sd/qa/unit/data/ppt/pass/hang-16.ppt differ
diff --git a/sd/qa/unit/data/ppt/pass/hang-17.ppt
b/sd/qa/unit/data/ppt/pass/hang-17.ppt
new file mode 100644
index 0000000..de876ff
Binary files /dev/null and b/sd/qa/unit/data/ppt/pass/hang-17.ppt differ
diff --git a/sd/source/filter/ppt/pptin.cxx b/sd/source/filter/ppt/pptin.cxx
index 0b2c0c8..3cb8d80 100644
--- a/sd/source/filter/ppt/pptin.cxx
+++ b/sd/source/filter/ppt/pptin.cxx
@@ -520,7 +520,8 @@ bool ImplSdPPTImport::Import()
break;
rStCtrl.SeekRel( 8 );
rStCtrl.ReadUInt32( pPtr->nIndex );
- aHyperE.SeekToEndOfRecord( rStCtrl );
+ if (!aHyperE.SeekToEndOfRecord(rStCtrl))
+ break;
}
}
}
@@ -819,7 +820,8 @@ bool ImplSdPPTImport::Import()
}
break;
}
- aProgTagContentHd.SeekToEndOfRecord(
rStCtrl );
+ if
(!aProgTagContentHd.SeekToEndOfRecord(rStCtrl))
+ break;
}
}
}
@@ -945,7 +947,8 @@ bool ImplSdPPTImport::Import()
case PPT_PST_SlideTime10Atom : //
??? don't know, this atom is always 8 bytes big
break; //
and is appearing in nearly every l10 progtag
}
- aProgTagContentHd.SeekToEndOfRecord(
rStCtrl );
+ if
(!aProgTagContentHd.SeekToEndOfRecord(rStCtrl))
+ break;
}
}
}
@@ -957,7 +960,8 @@ bool ImplSdPPTImport::Import()
break;
}
- aHd.SeekToEndOfRecord( rStCtrl );
+ if (!aHd.SeekToEndOfRecord(rStCtrl))
+ break;
}
ImportPageEffect( pPage, bNewAnimationsUsed );
}
@@ -1777,7 +1781,8 @@ void ImplSdPPTImport::ImportPageEffect( SdPage* pPage,
const bool bNewAnimations
}
}
}
- aHd.SeekToEndOfRecord( rStCtrl );
+ if (!aHd.SeekToEndOfRecord(rStCtrl))
+ break;
}
if ( bTryTwice && !bSSSlideInfoAtom )
{
@@ -1939,7 +1944,10 @@ OUString ImplSdPPTImport::ReadSound(sal_uInt32
nSoundRef) const
}
}
if ( !bDone )
- aSoundRecHd.SeekToEndOfRecord( rStCtrl );
+ {
+ if (!aSoundRecHd.SeekToEndOfRecord(rStCtrl))
+ break;
+ }
}
}
}
@@ -1999,7 +2007,8 @@ OUString ImplSdPPTImport::ReadMedia( sal_uInt32 nMediaRef
) const
}
break;
}
- aHd.SeekToEndOfRecord( rStCtrl );
+ if (!aHd.SeekToEndOfRecord(rStCtrl))
+ break;
}
break;
}
@@ -2008,7 +2017,8 @@ OUString ImplSdPPTImport::ReadMedia( sal_uInt32 nMediaRef
) const
}
break;
}
- aHdMovie.SeekToEndOfRecord( rStCtrl );
+ if (!aHdMovie.SeekToEndOfRecord(rStCtrl))
+ break;
}
}
return aRetVal;
@@ -2663,7 +2673,8 @@ SdrObject* ImplSdPPTImport::ProcessObj( SvStream& rSt,
DffObjData& rObjData, voi
}
break;
}
- aHd.SeekToEndOfRecord( rSt );
+ if (!aHd.SeekToEndOfRecord(rSt))
+ break;
}
while( ( rSt.GetError() == 0 ) && ( rSt.Tell() <
nClientDataLen ) );
diff --git a/sd/source/filter/ppt/propread.cxx
b/sd/source/filter/ppt/propread.cxx
index d738eb8..4f2e37b 100644
--- a/sd/source/filter/ppt/propread.cxx
+++ b/sd/source/filter/ppt/propread.cxx
@@ -319,7 +319,7 @@ bool Section::GetDictionary( Dictionary& rDict )
void Section::Read( SotStorageStream *pStrm )
{
- sal_uInt32 i, nSecOfs, nPropSize, nStrmSize;
+ sal_uInt32 nSecOfs, nPropSize, nStrmSize;
nSecOfs = pStrm->Tell();
pStrm->Seek( STREAM_SEEK_TO_END );
@@ -357,7 +357,7 @@ void Section::Read( SotStorageStream *pStrm )
bool bVariant = ( nPropType == VT_VARIANT );
- for ( i = 0; nPropSize && ( i < nVectorCount ); i++ )
+ for (sal_uInt32 i = 0; nPropSize && ( i < nVectorCount ); ++i)
{
if ( bVariant )
{
@@ -453,7 +453,7 @@ void Section::Read( SotStorageStream *pStrm )
if( nPropSize > nSecSize - nSecOfs )
nPropSize = nSecSize - nSecOfs;
sal_uInt8* pBuf = new sal_uInt8[ nPropSize ];
- pStrm->Read( pBuf, nPropSize );
+ nPropSize = pStrm->Read(pBuf, nPropSize);
AddProperty( nPropId, pBuf, nPropSize );
delete[] pBuf;
}
@@ -488,14 +488,17 @@ void Section::Read( SotStorageStream *pStrm )
}
else
{
- sal_uInt32 nDictCount, nSize;
- pStrm->ReadUInt32( nDictCount );
- for ( i = 0; i < nDictCount; i++ )
+ sal_uInt32 nDictCount(0);
+ pStrm->ReadUInt32(nDictCount);
+ for (sal_uInt32 i = 0; i < nDictCount; ++i)
{
+ sal_uInt32 nSize(0);
pStrm->ReadUInt32( nSize ).ReadUInt32( nSize );
- pStrm->SeekRel( nSize );
+ sal_uInt64 nPos = pStrm->Tell() + nSize;
+ if (nPos != pStrm->Seek(nPos))
+ break;
}
- nSize = pStrm->Tell();
+ sal_uInt32 nSize = pStrm->Tell();
pStrm->Seek( nPropOfs + nSecOfs );
nSize -= pStrm->Tell();
if ( nSize > nStrmSize )
@@ -504,7 +507,7 @@ void Section::Read( SotStorageStream *pStrm )
break;
}
sal_uInt8* pBuf = new sal_uInt8[ nSize ];
- pStrm->Read( pBuf, nSize );
+ nSize = pStrm->Read(pBuf, nSize);
AddProperty( 0xffffffff, pBuf, nSize );
delete[] pBuf;
}
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
