sc/source/filter/orcus/filterdetect.cxx | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
New commits:
commit 928349f84eff4b5340170519d090b12b5f077153
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Wed Jun 22 20:37:34 2022 +0200
Commit: Stephan Bergmann <sberg...@redhat.com>
CommitDate: Thu Jun 23 11:20:36 2022 +0200
Pump XInputStream into an SvMemoryStream rather than an OStringBuffer
...to avoid overflow with streams >= 2^31 bytes. This should fix
<https://crashreport.libreoffice.org/stats/crash_details/d9613c81-de37-4de2-8c64-e36634d10ddc>
which I could reproduce with a recent master Linux build with
> $ truncate -s 3G test.xml
> $ instdir/program/soffice test.xml
causing a SIGSEGV at
> #0 0x00007ffff7f193a0 in rtl::str::stringbuffer_insert<_rtl_String,
char>(_rtl_String**, int*, int, char const*, int) (ppThis=0x7fffffffb330,
capacity=<optimized out>, offset=2147479552, pStr=0x20a92e8 "", len=4096) at
sal/rtl/strtmpl.hxx:1424
> #1 0x00007fffb6af04e5 in rtl::OStringBuffer::append(char const*, int)
(len=4096, str=<optimized out>, this=0x7fffffffb330) at
include/rtl/strbuf.hxx:594
> #2 (anonymous
namespace)::OrcusFormatDetect::detect(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&)
(this=<optimized out>, rMediaDescSeq=<optimized out>) at
sc/source/filter/orcus/filterdetect.cxx:80
[...]
(Ideally, orcus::detect would only need a short prefix of the stream's
content,
but the implementation in
workdir/UnpackedTarball/liborcus/src/liborcus/format_detection.cpp
delegates to
functions like orcus_ods::detect in
workdir/UnpackedTarball/liborcus/src/liborcus/orcus_ods.cpp, which passes
the
content through some zip_archive that presumably needs the full content.)
Change-Id: Ifaa37ee887d8296cbcf971313bde347ddfb17c12
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136297
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
(cherry picked from commit a95c585433246813096e8890b7ed6ef4fe30c621)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136251
diff --git a/sc/source/filter/orcus/filterdetect.cxx
b/sc/source/filter/orcus/filterdetect.cxx
index 4e299f1d9371..21eb1d492440 100644
--- a/sc/source/filter/orcus/filterdetect.cxx
+++ b/sc/source/filter/orcus/filterdetect.cxx
@@ -14,7 +14,7 @@
#include <unotools/mediadescriptor.hxx>
-#include <rtl/strbuf.hxx>
+#include <tools/stream.hxx>
#include <orcus/format_detection.hpp>
@@ -68,7 +68,7 @@ OUString
OrcusFormatDetect::detect(css::uno::Sequence<css::beans::PropertyValue>
return OUString();
css::uno::Reference<css::io::XInputStream>
xInputStream(aMediaDescriptor[utl::MediaDescriptor::PROP_INPUTSTREAM],
css::uno::UNO_QUERY );
- OStringBuffer aContent(xInputStream->available());
+ SvMemoryStream aContent(xInputStream->available());
static const sal_Int32 nBytes = 4096;
css::uno::Sequence<sal_Int8> aSeq(nBytes);
@@ -77,10 +77,10 @@ OUString
OrcusFormatDetect::detect(css::uno::Sequence<css::beans::PropertyValue>
{
sal_Int32 nReadBytes = xInputStream->readBytes(aSeq, nBytes);
bEnd = (nReadBytes != nBytes);
- aContent.append(reinterpret_cast<const char*>(aSeq.getConstArray()),
nReadBytes);
+ aContent.WriteBytes(aSeq.getConstArray(), nReadBytes);
}
- orcus::format_t eFormat = orcus::detect(reinterpret_cast<const unsigned
char*>(aContent.getStr()), aContent.getLength());
+ orcus::format_t eFormat = orcus::detect(static_cast<const unsigned
char*>(aContent.GetData()), aContent.GetSize());
switch (eFormat)
{
