readlicense_oo/license/license.xml | 6 +++
sc/source/filter/html/htmlpars.cxx | 58 ++++++++++++++++++++++++-------------
2 files changed, 44 insertions(+), 20 deletions(-)
New commits:
commit 94746ec391881a1b98477096e018bb8d538584bb
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Wed Apr 24 20:10:38 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 11:05:12 2024 +0200
ofz#68269 more fixes to sc html parser
Change-Id: I2fd889c438d4707a4e174a5a4300e742cd895d3b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166607
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit d5823f417248663d78072e2a0be162175def2235)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index ec92df3b75dc..acc297026203 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -597,7 +597,7 @@ void ScHTMLLayoutParser::Adjust()
if ( pE->nCol != nColBeforeSkip )
{
size_t nCount = maColOffset.size();
- if ( nCount <= o3tl::make_unsigned(pE->nCol) )
+ if (pE->nCol < 0 || nCount <= o3tl::make_unsigned(pE->nCol))
{
pE->nOffset = static_cast<sal_uInt16>(maColOffset[nCount-1]);
MakeCol( &maColOffset, pE->nOffset, pE->nWidth,
nOffsetTolerance, nOffsetTolerance );
commit 833fc7e95dcc4653cbc43496c7d3fde3242fe286
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Apr 5 10:40:36 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 11:05:01 2024 +0200
ofz#67854 UNKNOWN READ
Change-Id: I37d2bc6153a8bf616d19105645f91b8519890e61
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165813
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 79d1c80892b36d2c155aa6112de8b1a7b1e07ae8)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index ddb59763d6bf..ec92df3b75dc 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -596,8 +596,8 @@ void ScHTMLLayoutParser::Adjust()
SkipLocked(pE.get(), false);
if ( pE->nCol != nColBeforeSkip )
{
- SCCOL nCount = static_cast<SCCOL>(maColOffset.size());
- if ( nCount <= pE->nCol )
+ size_t nCount = maColOffset.size();
+ if ( nCount <= o3tl::make_unsigned(pE->nCol) )
{
pE->nOffset = static_cast<sal_uInt16>(maColOffset[nCount-1]);
MakeCol( &maColOffset, pE->nOffset, pE->nWidth,
nOffsetTolerance, nOffsetTolerance );
commit 8d2fa10c46e2ce39a5536f6902b7a349b18d84c0
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Apr 16 17:34:35 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 11:04:40 2024 +0200
ofz#68081 keep within bounds
Change-Id: Ib7f11f2447d5a2cc6b9b559727f2a0127c15913e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166154
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit e16730a87c17d1a3e6219159d1d012caad4ebf13)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index ccd35f5d9e09..ddb59763d6bf 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -825,7 +825,7 @@ void ScHTMLLayoutParser::Colonize( ScEEParseEntry* pE )
{ // Replaced
nCol = pE->nCol - nColCntStart;
SCCOL nCount = static_cast<SCCOL>(pLocalColOffset->size());
- if ( nCol < nCount )
+ if (nCol >= 0 && nCol < nCount)
nColOffset = static_cast<sal_uInt16>((*pLocalColOffset)[nCol]);
else
nColOffset = static_cast<sal_uInt16>((*pLocalColOffset)[nCount -
1]);
commit 8e3fdf072bce6221f4e5e885da309213aacedf52
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Apr 12 15:24:53 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 11:01:14 2024 +0200
ofz#68004 Unknown Read
Change-Id: Id3e50e3a8522523d2b665e394d8f4a65b7f4df5d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166034
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 54d577ed22fd4bae093639be3056a722f5a40bb2)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index c536feff1c9b..ccd35f5d9e09 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -689,7 +689,7 @@ void ScHTMLLayoutParser::SetWidths()
if ( pE->nTab == nTable && pE->nWidth )
{
nCol = pE->nCol - nColCntStart;
- if ( nCol < nColsPerRow )
+ if (nCol >= 0 && nCol < nColsPerRow)
{
if ( pE->nColOverlap == 1 )
{
commit 773a6d09ac9a5c7939b539c1a10f2018cee9ea75
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Apr 8 22:07:11 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 10:58:56 2024 +0200
ofz#67906 Integer-overflow
Change-Id: I459bdeef6bb7577c5388202374c981c7b01fa137
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165899
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 11e98a5087f39eb8ff6a0b8ce260169f213e7c67)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index 8e4a8f9fd888..c536feff1c9b 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -942,7 +942,7 @@ void ScHTMLLayoutParser::TableDataOn( HtmlImportInfo* pInfo
)
case HtmlOptionId::COLSPAN:
{
sal_Int32 nColOverlap = rOption.GetString().toInt32();
- if (nColOverlap >= 0 && nColOverlap <= SCCOL_MAX)
+ if (nColOverlap >= 0 && nColOverlap <= mpDoc->MaxCol())
mxActEntry->nColOverlap = static_cast<SCCOL>(nColOverlap);
else
SAL_WARN("sc", "ScHTMLLayoutParser::TableDataOn ignoring
colspan: " << nColOverlap);
@@ -951,7 +951,7 @@ void ScHTMLLayoutParser::TableDataOn( HtmlImportInfo* pInfo
)
case HtmlOptionId::ROWSPAN:
{
sal_Int32 nRowOverlap = rOption.GetString().toInt32();
- if (nRowOverlap >= 0)
+ if (nRowOverlap >= 0 && nRowOverlap <= mpDoc->MaxRow())
mxActEntry->nRowOverlap = static_cast<SCROW>(nRowOverlap);
else
SAL_WARN("sc", "ScHTMLLayoutParser::TableDataOn ignoring
rowspan: " << nRowOverlap);
commit d82b9fe4e4e2839495b80f05aa2de3026e541207
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Apr 8 21:59:41 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 10:58:21 2024 +0200
ofz#67904 Integer-overflow
Change-Id: I27f4126fe0109611f6fdb486ed7f9ee3067ebcb1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165898
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 8527dc74eb1adc9fe4c25134ec853a83d46f1089)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index 36e3d6a602dd..8e4a8f9fd888 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -451,7 +451,7 @@ void ScHTMLLayoutParser::SkipLocked( ScEEParseEntry* pE,
bool bJoin )
bool bFail = o3tl::checked_add<SCCOL>(pE->nCol, pE->nColOverlap - 1,
nEndCol) ||
o3tl::checked_add<SCROW>(pE->nRow, pE->nRowOverlap - 1,
nEndRow);
- if (bFail)
+ if (bFail || nEndRow > mpDoc->MaxRow())
{
SAL_WARN("sc", "invalid range: " << pE->nCol << " " << pE->nColOverlap
<<
" " << pE->nRow << " " <<
pE->nRowOverlap);
commit 986eab9621bd205145462e2262f12a74195b3321
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Apr 5 10:58:20 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 10:56:16 2024 +0200
ofz#67782 Integer-overflow
Change-Id: I039478c339e297f9fcb48a98099bc587b6b4aa32
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165815
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit e74a8371f0ed92d11b652452d7ae85675d722279)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index f57bc600e601..36e3d6a602dd 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -1179,12 +1179,13 @@ void ScHTMLLayoutParser::TableOff( const
HtmlImportInfo* pInfo )
else
pTab1 = it->second;
SCROW nRowSpan = pE->nRowOverlap;
- SCROW nRowKGV;
+ using SCUROW = std::make_unsigned_t<SCROW>;
+ SCUROW nRowKGV;
SCROW nRowsPerRow1; // Outer table
SCROW nRowsPerRow2; // Inner table
if ( nRowSpan > 1 )
{ // LCM to which we can map the inner and outer rows
- nRowKGV = std::lcm( nRowSpan, nRows );
+ nRowKGV = std::lcm<SCUROW>(nRowSpan, nRows);
nRowsPerRow1 = nRowKGV / nRowSpan;
nRowsPerRow2 = nRowKGV / nRows;
}
commit 233867849cd8d06a7982c494f93f13291926ab3e
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Wed Apr 3 14:09:53 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 10:55:25 2024 +0200
ofz#67815 overflowed short
Change-Id: Iee9a5caee53b522ed16d234c2bc06987264e23db
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165751
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit c4f2a85bc5fa319a84474191275a2434dda1830b)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index 14fb1a6d37e3..f57bc600e601 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -743,14 +743,14 @@ void ScHTMLLayoutParser::SetWidths()
pWidths[nCol] = nW;
}
}
- for ( nCol = 1; nCol <= nColsPerRow; nCol++ )
+ for (int nCol2 = 1; nCol2 <= nColsPerRow; nCol2++)
{
- pOffsets[nCol] = pOffsets[nCol-1] + pWidths[nCol-1];
+ pOffsets[nCol2] = pOffsets[nCol2-1] + pWidths[nCol2-1];
}
pLocalColOffset->clear();
- for ( nCol = 0; nCol <= nColsPerRow; nCol++ )
+ for (int nCol2 = 0; nCol2 <= nColsPerRow; nCol2++)
{
- MakeColNoRef( pLocalColOffset, pOffsets[nCol], 0, 0, 0 );
+ MakeColNoRef( pLocalColOffset, pOffsets[nCol2], 0, 0, 0 );
}
nTableWidth = pOffsets[nColsPerRow] - pOffsets[0];
commit 1342eedfa5293cb294de1623f274af44ac0e6a03
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Mar 26 09:22:56 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 10:49:49 2024 +0200
ofz#67635 Integer-overflow
Change-Id: Ia764276d6b35ea84d7415484eaeb9da77e55092a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165307
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 9d1275974d23c520a706129807443ff909719e23)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index c4b474fdc651..14fb1a6d37e3 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -615,13 +615,12 @@ void ScHTMLLayoutParser::Adjust()
//FIXME: This may not be correct, but works anyway ...
pE->nColOverlap = 1;
}
- xLockedList->Join( ScRange( pE->nCol, pE->nRow, 0,
- pE->nCol + pE->nColOverlap - 1, pE->nRow + pE->nRowOverlap - 1, 0
) );
+ SCCOL nColTmp = o3tl::saturating_add(pE->nCol, pE->nColOverlap);
+ SCROW nRowTmp = o3tl::saturating_add(pE->nRow ,pE->nRowOverlap);
+ xLockedList->Join( ScRange( pE->nCol, pE->nRow, 0, nColTmp - 1,
nRowTmp - 1, 0 ) );
// Take over MaxDimensions
- SCCOL nColTmp = pE->nCol + pE->nColOverlap;
if ( nColMax < nColTmp )
nColMax = nColTmp;
- SCROW nRowTmp = pE->nRow + pE->nRowOverlap;
if ( nRowMax < nRowTmp )
nRowMax = nRowTmp;
}
commit 2cd4e020010e9c0190f939be120f89cddecc35d1
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sat Mar 23 15:19:04 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 10:48:46 2024 +0200
ofz#67577 Integer-overflow
Change-Id: I3828bb76ab7808ac0717b33c231927730216b42b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165216
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 035f87f7ed8775c30c6f84d7d02bc72a66182c63)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index b8b698eca383..c4b474fdc651 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -445,8 +445,20 @@ void ScHTMLLayoutParser::SkipLocked( ScEEParseEntry* pE,
bool bJoin )
// Or else this would create a wrong value at ScAddress (chance for an
infinite loop)!
bool bBadCol = false;
bool bAgain;
- ScRange aRange( pE->nCol, pE->nRow, 0,
- pE->nCol + pE->nColOverlap - 1, pE->nRow + pE->nRowOverlap - 1, 0 );
+
+ SCCOL nEndCol(0);
+ SCROW nEndRow(0);
+ bool bFail = o3tl::checked_add<SCCOL>(pE->nCol, pE->nColOverlap - 1,
nEndCol) ||
+ o3tl::checked_add<SCROW>(pE->nRow, pE->nRowOverlap - 1,
nEndRow);
+
+ if (bFail)
+ {
+ SAL_WARN("sc", "invalid range: " << pE->nCol << " " << pE->nColOverlap
<<
+ " " << pE->nRow << " " <<
pE->nRowOverlap);
+ return;
+ }
+
+ ScRange aRange(pE->nCol, pE->nRow, 0, nEndCol, nEndRow, 0);
do
{
bAgain = false;
commit 47b9ec65f57ba9c3b6a98c60e13b4bea7aeb8ab2
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Mar 19 08:46:45 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 10:47:46 2024 +0200
null deref in initial sc html fuzzing
Change-Id: I368db8fec4cfd9409197d17f2892153aca2ba502
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165019
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 85c40af4e9d4c679f66e7f7e004c018dd28994ee)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index 6cecb4d4cc68..b8b698eca383 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -835,7 +835,8 @@ void ScHTMLLayoutParser::CloseEntry( const HtmlImportInfo*
pInfo )
if ( bTabInTabCell )
{ // From the stack in TableOff
bTabInTabCell = false;
- NewActEntry(maList.back().get()); // New free flying mxActEntry
+ SAL_WARN_IF(maList.empty(), "sc", "unexpected close entry without
open");
+ NewActEntry(maList.empty() ? nullptr : maList.back().get()); // New
free flying mxActEntry
return ;
}
if (mxActEntry->nTab == 0)
commit 41ed12ee53bd9796659fc6fc728c3eb5d131bd40
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Mar 18 20:47:02 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 10:47:30 2024 +0200
AddressSanitizer: container-overflow in initial sc html fuzzing
Change-Id: I20d7baa6fd6fcb9c7d0019d7891a237dd721ef31
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164980
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 4645391b56c32d59f241e66798f72183ad29ad13)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index dc51403a06a0..6cecb4d4cc68 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -647,12 +647,17 @@ void ScHTMLLayoutParser::SetWidths()
MakeColNoRef( pLocalColOffset, nOff, 0, 0, 0 );
}
nTableWidth = static_cast<sal_uInt16>(pLocalColOffset->back() -
pLocalColOffset->front());
+ const auto nColsAvailable = pLocalColOffset->size();
for ( size_t i = nFirstTableCell, nListSize = maList.size(); i <
nListSize; ++i )
{
auto& pE = maList[ i ];
if ( pE->nTab == nTable )
{
- pE->nOffset =
static_cast<sal_uInt16>((*pLocalColOffset)[pE->nCol - nColCntStart]);
+ const size_t nColRequested = pE->nCol - nColCntStart;
+ if (nColRequested < nColsAvailable)
+ pE->nOffset =
static_cast<sal_uInt16>((*pLocalColOffset)[nColRequested]);
+ else
+ SAL_WARN("sc", "missing information for column: " <<
nColRequested);
pE->nWidth = 0; // to be recalculated later
}
}
commit 3a2c8ec9bae994a4d40b77265fb2e64d9673e88b
Author: Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Mon Jun 24 01:54:01 2024 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 09:55:29 2024 +0200
licence: add zxing-cpp
Change-Id: Ia347ea638cb1ccdc4f0a351509f010c3444a4c62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169432
Tested-by: Jenkins
Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp>
(cherry picked from commit 72aa32b3c5ed7bc739d7567bf607d767f195b651)
(cherry picked from commit 157ce6a4c4c35dc06f19b6bd36895eac551c9760)
diff --git a/readlicense_oo/license/license.xml
b/readlicense_oo/license/license.xml
index 5fdcdad12d0a..bb6aa5b5657b 100644
--- a/readlicense_oo/license/license.xml
+++ b/readlicense_oo/license/license.xml
@@ -2178,6 +2178,12 @@
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.</p>
</div>
+ <div class="ZXING-CPP">
+ <h2>ZXing-C++</h2>
+ <p>The following software may be included in this product: ZXing-C++.
Use of any of this software is governed
+ by the terms of the license below:</p>
+ <p><a href="#a__Apache_License_version_2_0">Jump to Apache License
Version 2.0</a></p>
+ </div>
<div class="ZLIB">
<h2>zlib</h2>
<p>The following software may be included in this product: zlib. Use
of any of this software is governed by the
