[Libreoffice-commits] core.git: include/svtools svtools/source

Thu, 09 Feb 2023 04:30:30 -0800 

 include/svtools/svparser.hxx      |    1 +
 svtools/source/svhtml/parhtml.cxx |    4 ++++
 svtools/source/svrtf/svparser.cxx |    2 ++
 3 files changed, 7 insertions(+)

New commits:
commit ead9ff420989c7991108428a21eef5c3f0e9c362
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Feb 9 10:16:21 2023 +0000
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Thu Feb 9 12:30:04 2023 +0000

    ofz#55798 Timeout
    
    Change-Id: Ifbff597d02da9b870ef936bdcca31e31d49cbf58
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146684
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/include/svtools/svparser.hxx b/include/svtools/svparser.hxx
index afa4ccdeb034..e1a74840add0 100644
--- a/include/svtools/svparser.hxx
+++ b/include/svtools/svparser.hxx
@@ -56,6 +56,7 @@ protected:
     tools::Long                m_nTokenIndex;      // current token index to 
detect loops for seeking backwards
     tools::Long                nTokenValue;        // additional value (RTF)
     bool                bTokenHasValue;     // indicates whether nTokenValue 
is valid
+    bool                bFuzzing;           // indicates we are in Fuzzing mode
     SvParserState       eState;             // status also in derived classes
 
     rtl_TextEncoding    eSrcEnc;            // Source encoding
diff --git a/svtools/source/svhtml/parhtml.cxx 
b/svtools/source/svhtml/parhtml.cxx
index e705c98013e4..7031b443344e 100644
--- a/svtools/source/svhtml/parhtml.cxx
+++ b/svtools/source/svhtml/parhtml.cxx
@@ -1054,7 +1054,11 @@ HtmlTokenId HTMLParser::GetNextToken_()
                         sTmpBuffer.appendUtf32( nNextCh );
                         nNextCh = GetNextChar();
                         if (std::u16string_view(sTmpBuffer) == u"![CDATA[")
+                            break;
+                        if (bFuzzing && sTmpBuffer.getLength() > 1024)
                         {
+                            SAL_WARN("svtools", "abandoning import for 
performance reasons with long tokens");
+                            eState = SvParserState::Error;
                             break;
                         }
                     } while( '>' != nNextCh && '/' != nNextCh && 
!rtl::isAsciiWhiteSpace( nNextCh ) &&
diff --git a/svtools/source/svrtf/svparser.cxx 
b/svtools/source/svrtf/svparser.cxx
index d4b22fe13f67..1a8e73d0edb6 100644
--- a/svtools/source/svrtf/svparser.cxx
+++ b/svtools/source/svrtf/svparser.cxx
@@ -26,6 +26,7 @@
 #include <rtl/character.hxx>
 #include <sal/log.hxx>
 #include <unicode/ucsdet.h>
+#include <unotools/configmgr.hxx>
 
 #include <vector>
 
@@ -81,6 +82,7 @@ SvParser<T>::SvParser( SvStream& rIn, sal_uInt8 nStackSize )
     , m_nTokenIndex(0)
     , nTokenValue( 0 )
     , bTokenHasValue( false )
+    , bFuzzing(utl::ConfigManager::IsFuzzing())
     , eState( SvParserState::NotStarted )
     , eSrcEnc( RTL_TEXTENCODING_DONTKNOW )
     , nNextChPos(0)

Reply via email to