vcl/source/filter/svm/SvmConverter.cxx | 18 ++++++++++++++++++
vcl/source/filter/svm/SvmConverter.hxx | 2 ++
vcl/source/outdev/hatch.cxx | 7 +++++++
vcl/workben/fftester.cxx | 28 ++++++++++++++--------------
vcl/workben/svmfuzzer.cxx | 11 +++--------
5 files changed, 44 insertions(+), 22 deletions(-)
New commits:
commit 2e6a7db11b8cfbf326789600393549e9c01d24cd
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Mar 6 15:49:28 2022 +0000
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Sun Mar 6 18:30:44 2022 +0100
ofz: Too many hatch points
Change-Id: I08cb9d09a9bb48ab31763f50bc2fa23cf723330f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131079
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/vcl/source/outdev/hatch.cxx b/vcl/source/outdev/hatch.cxx
index 31bcf6e71ba1..c85febe3a38f 100644
--- a/vcl/source/outdev/hatch.cxx
+++ b/vcl/source/outdev/hatch.cxx
@@ -373,7 +373,14 @@ void OutputDevice::DrawHatchLine( const tools::Line&
rLine, const tools::PolyPol
nAdd = 1;
if( nAdd )
+ {
+ if (nPCounter == HATCH_MAXPOINTS)
+ {
+ SAL_WARN("vcl.gdi", "too many hatch points");
+ return;
+ }
pPtBuffer[ nPCounter++ ] = Point( FRound( fX ),
FRound( fY ) );
+ }
}
aCurSegment.SetStart( aCurSegment.GetEnd() );
commit 434d852762eafe7230299ea6110096b9ac8bb98d
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Mar 6 15:39:18 2022 +0000
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Sun Mar 6 18:30:27 2022 +0100
ofz#45276 uncaught exception
Change-Id: I5863d6474aa47f24b24a15481c8329a5e587a8d8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131078
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/vcl/source/filter/svm/SvmConverter.cxx
b/vcl/source/filter/svm/SvmConverter.cxx
index 004abcd4d751..36fc1d43f7db 100644
--- a/vcl/source/filter/svm/SvmConverter.cxx
+++ b/vcl/source/filter/svm/SvmConverter.cxx
@@ -33,6 +33,7 @@
#include "SvmConverter.hxx"
+#include <boost/rational.hpp>
#include <algorithm>
#include <memory>
#include <stack>
@@ -1268,4 +1269,21 @@ void SVMConverter::ImplConvertFromSVM1( SvStream& rIStm,
GDIMetaFile& rMtf )
rIStm.SetEndian( nOldFormat );
}
+bool TestImportSVM(SvStream& rStream)
+{
+ GDIMetaFile aGDIMetaFile;
+ SvmReader aReader(rStream);
+ aReader.Read(aGDIMetaFile);
+ ScopedVclPtrInstance<VirtualDevice> aVDev;
+ try
+ {
+ aGDIMetaFile.Play(*aVDev);
+ }
+ catch (const boost::bad_rational&)
+ {
+ return false;
+ }
+ return true;
+}
+
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/vcl/source/filter/svm/SvmConverter.hxx
b/vcl/source/filter/svm/SvmConverter.hxx
index 459f327d409c..23185dc04b4b 100644
--- a/vcl/source/filter/svm/SvmConverter.hxx
+++ b/vcl/source/filter/svm/SvmConverter.hxx
@@ -85,6 +85,8 @@ private:
SVMConverter& operator=( const SVMConverter& ) = delete;
};
+extern "C" SAL_DLLPUBLIC_EXPORT bool TestImportSVM(SvStream& rStream);
+
#endif // INCLUDED_VCL_INC_SVMCONVERTER_HXX
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/vcl/workben/fftester.cxx b/vcl/workben/fftester.cxx
index 7938f0011b38..4950341462a8 100644
--- a/vcl/workben/fftester.cxx
+++ b/vcl/workben/fftester.cxx
@@ -182,15 +182,6 @@ SAL_IMPLEMENT_MAIN_WITH_ARGS(argc, argv)
SvFileStream aFileStream(out, StreamMode::READ);
ret = static_cast<int>(ReadDIB(aTarget, aFileStream, true));
}
- else if (strcmp(argv[2], "svm") == 0)
- {
- GDIMetaFile aGDIMetaFile;
- SvFileStream aFileStream(out, StreamMode::READ);
- SvmReader aReader(aFileStream);
- aReader.Read(aGDIMetaFile);
- ScopedVclPtrInstance<VirtualDevice> aVDev;
- aGDIMetaFile.Play(*aVDev);
- }
else if (strcmp(argv[2], "pcd") == 0)
{
Graphic aGraphic;
@@ -263,6 +254,13 @@ SAL_IMPLEMENT_MAIN_WITH_ARGS(argc, argv)
SvFileStream aFileStream(out, StreamMode::READ);
ret = static_cast<int>(ImportWebpGraphic(aFileStream, aGraphic));
}
+ else if (strcmp(argv[2], "sft") == 0)
+ {
+ SvFileStream aFileStream(out, StreamMode::READ);
+ std::vector<sal_uInt8> aData(aFileStream.remainingSize());
+ aFileStream.ReadBytes(aData.data(), aData.size());
+ ret = TestFontSubset(aData.data(), aData.size());
+ }
#ifndef DISABLE_DYNLOADING
else if ((strcmp(argv[2], "doc") == 0) || (strcmp(argv[2], "ww8") ==
0))
{
@@ -524,14 +522,16 @@ SAL_IMPLEMENT_MAIN_WITH_ARGS(argc, argv)
SvFileStream aFileStream(out, StreamMode::READ);
ret = static_cast<int>((*pfnImport)(aFileStream));
}
- else if (strcmp(argv[2], "sft") == 0)
+ else if (strcmp(argv[2], "svm") == 0)
{
+ static FFilterCall pfnImport(nullptr);
+ if (!pfnImport)
+ {
+ pfnImport = load(u"libvcllo.so", "TestImportSVM");
+ }
SvFileStream aFileStream(out, StreamMode::READ);
- std::vector<sal_uInt8> aData(aFileStream.remainingSize());
- aFileStream.ReadBytes(aData.data(), aData.size());
- ret = TestFontSubset(aData.data(), aData.size());
+ ret = static_cast<int>((*pfnImport)(aFileStream));
}
-
#endif
}
catch (...)
diff --git a/vcl/workben/svmfuzzer.cxx b/vcl/workben/svmfuzzer.cxx
index 06188ece3004..53757e3199c7 100644
--- a/vcl/workben/svmfuzzer.cxx
+++ b/vcl/workben/svmfuzzer.cxx
@@ -8,14 +8,13 @@
*/
#include <tools/stream.hxx>
-#include <vcl/gdimtf.hxx>
-#include <vcl/virdev.hxx>
-#include <vcl/filter/SvmReader.hxx>
#include "commonfuzzer.hxx"
#include <config_features.h>
#include <osl/detail/component-mapping.h>
+extern "C" bool TestImportSVM(SvStream &rStream);
+
extern "C" {
void * com_sun_star_i18n_LocaleDataImpl_get_implementation( void *, void * );
void * com_sun_star_i18n_BreakIterator_Unicode_get_implementation( void *,
void * );
@@ -77,11 +76,7 @@ extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
SvMemoryStream aStream(const_cast<uint8_t*>(data), size, StreamMode::READ);
- GDIMetaFile aGDIMetaFile;
- SvmReader aReader(aStream);
- aReader.Read(aGDIMetaFile);
- ScopedVclPtrInstance<VirtualDevice> aVDev;
- aGDIMetaFile.Play(*aVDev);
+ (void)TestImportSVM(aStream);
return 0;
}
