Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1
OpenOffice_org-libs-gui
SA40775-3.0.0.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File SA40775-3.0.0.diff of Package OpenOffice_org-libs-gui
--- sd/source/filter/propread.cxx Fri Aug 06 14:53:07 2010 +0200 +++ sd/source/filter/propread.cxx Mon Aug 09 14:04:21 2010 +0200 @@ -29,6 +29,7 @@ #include "precompiled_sd.hxx" #include <propread.hxx> #include <tools/bigint.hxx> +#include "tools/debug.hxx" #include "rtl/tencinfo.h" #include "rtl/textenc.h" @@ -90,6 +91,17 @@ // ----------------------------------------------------------------------- +static xub_StrLen lcl_getMaxSafeStrLen(sal_uInt32 nSize) +{ + nSize -= 1; //Drop NULL terminator + + //If it won't fit in a string, clip it to the max size that does + if (nSize > STRING_MAXLEN) + nSize = STRING_MAXLEN; + + return nSize; +} + BOOL PropItem::Read( String& rString, sal_uInt32 nStringType, sal_Bool bAlign ) { sal_uInt32 i, nItemSize, nType, nItemPos; @@ -108,36 +120,43 @@ { case VT_LPSTR : { - if ( (sal_uInt16)nItemSize ) + if ( nItemSize ) { - sal_Char* pString = new sal_Char[ (sal_uInt16)nItemSize ]; - if ( mnTextEnc == RTL_TEXTENCODING_UCS2 ) + try { - nItemSize >>= 1; - if ( (sal_uInt16)nItemSize > 1 ) + sal_Char* pString = new sal_Char[ nItemSize ]; + if ( mnTextEnc == RTL_TEXTENCODING_UCS2 ) { - sal_Unicode* pWString = (sal_Unicode*)pString; - for ( i = 0; i < (sal_uInt16)nItemSize; i++ ) - *this >> pWString[ i ]; - rString = String( pWString, (sal_uInt16)nItemSize - 1 ); - } - else - rString = String(); - bRetValue = sal_True; - } - else - { - SvMemoryStream::Read( pString, (sal_uInt16)nItemSize ); - if ( pString[ (sal_uInt16)nItemSize - 1 ] == 0 ) - { - if ( (sal_uInt16)nItemSize > 1 ) - rString = String( ByteString( pString ), mnTextEnc ); + nItemSize >>= 1; + if ( nItemSize > 1 ) + { + sal_Unicode* pWString = (sal_Unicode*)pString; + for ( i = 0; i < nItemSize; i++ ) + *this >> pWString[ i ]; + rString = String( pWString, lcl_getMaxSafeStrLen(nItemSize) ); + } else rString = String(); bRetValue = sal_True; } + else + { + SvMemoryStream::Read( pString, nItemSize ); + if ( pString[ nItemSize - 1 ] == 0 ) + { + if ( nItemSize > 1 ) + rString = String( ByteString( pString ), mnTextEnc ); + else + rString = String(); + bRetValue = sal_True; + } + } + delete[] pString; } - delete[] pString; + catch( const std::bad_alloc& ) + { + DBG_ERROR( "sd PropItem::Read bad alloc" ); + } } if ( bAlign ) SeekRel( ( 4 - ( nItemSize & 3 ) ) & 3 ); // dword align @@ -148,18 +167,25 @@ { if ( nItemSize ) { - sal_Unicode* pString = new sal_Unicode[ (sal_uInt16)nItemSize ]; - for ( i = 0; i < (sal_uInt16)nItemSize; i++ ) - *this >> pString[ i ]; - if ( pString[ i - 1 ] == 0 ) + try { - if ( (sal_uInt16)nItemSize > 1 ) - rString = String( pString, (sal_uInt16)nItemSize - 1 ); - else - rString = String(); - bRetValue = sal_True; + sal_Unicode* pString = new sal_Unicode[ nItemSize ]; + for ( i = 0; i < nItemSize; i++ ) + *this >> pString[ i ]; + if ( pString[ i - 1 ] == 0 ) + { + if ( (sal_uInt16)nItemSize > 1 ) + rString = String( pString, lcl_getMaxSafeStrLen(nItemSize) ); + else + rString = String(); + bRetValue = sal_True; + } + delete[] pString; } - delete[] pString; + catch( const std::bad_alloc& ) + { + DBG_ERROR( "sd PropItem::Read bad alloc" ); + } } if ( bAlign && ( nItemSize & 1 ) ) SeekRel( 2 ); // dword align @@ -349,24 +375,31 @@ for ( sal_uInt32 i = 0; i < nDictCount; i++ ) { aStream >> nId >> nSize; - if ( (sal_uInt16)nSize ) + if ( nSize ) { String aString; nPos = aStream.Tell(); - sal_Char* pString = new sal_Char[ (sal_uInt16)nSize ]; - aStream.Read( pString, (sal_uInt16)nSize ); - if ( mnTextEnc == RTL_TEXTENCODING_UCS2 ) + try { - nSize >>= 1; - aStream.Seek( nPos ); - sal_Unicode* pWString = (sal_Unicode*)pString; - for ( i = 0; i < (sal_uInt16)nSize; i++ ) - aStream >> pWString[ i ]; - aString = String( pWString, (sal_uInt16)nSize - 1 ); + sal_Char* pString = new sal_Char[ nSize ]; + aStream.Read( pString, nSize ); + if ( mnTextEnc == RTL_TEXTENCODING_UCS2 ) + { + nSize >>= 1; + aStream.Seek( nPos ); + sal_Unicode* pWString = (sal_Unicode*)pString; + for ( i = 0; i < nSize; i++ ) + aStream >> pWString[ i ]; + aString = String( pWString, lcl_getMaxSafeStrLen(nSize) ); + } + else + aString = String( ByteString( pString, lcl_getMaxSafeStrLen(nSize) ), mnTextEnc ); + delete[] pString; } - else - aString = String( ByteString( pString, (sal_uInt16)nSize - 1 ), mnTextEnc ); - delete[] pString; + catch( const std::bad_alloc& ) + { + DBG_ERROR( "sd Section::GetDictionary bad alloc" ); + } if ( !aString.Len() ) break; aDict.AddProperty( nId, aString ); @@ -502,6 +502,11 @@ } if ( nPropSize ) { + if ( nPropSize > nStrmSize ) + { + nPropCount = 0; + break; + } pStrm->Seek( nPropOfs + nSecOfs ); sal_uInt8* pBuf = new sal_uInt8[ nPropSize ]; pStrm->Read( pBuf, nPropSize ); --- tools/source/generic/poly.cxx Fri Aug 06 14:53:07 2010 +0200 +++ tools/source/generic/poly.cxx Mon Aug 09 14:04:21 2010 +0200 @@ -243,6 +243,11 @@ void ImplPolygon::ImplSplit( USHORT nPos, USHORT nSpace, ImplPolygon* pInitPoly ) { const ULONG nSpaceSize = nSpace * sizeof( Point ); + + //Can't fit this in :-(, throw ? + if (mnPoints + nSpace > USHRT_MAX) + return; + const USHORT nNewSize = mnPoints + nSpace; if( nPos >= mnPoints ) --- sd/source/filter/makefile.mk.old 2001-07-24 14:16:55.000000000 +0200 +++ sd/source/filter/makefile.mk 2010-08-25 18:30:57.000000000 +0200 @@ -54,7 +54,8 @@ EXCEPTIONSFILES= \ $(SLO)$/pptin.obj \ - $(SLO)$/sdfilter.obj + $(SLO)$/sdfilter.obj \ + $(SLO)$/propread.obj # --- Tagets -------------------------------------------------------
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor