dffpropset.cxx

truckman Fri, 17 Aug 2018 15:25:18 -0700

Author: truckman
Date: Fri Aug 17 22:24:27 2018
New Revision: 1838292

URL: http://svn.apache.org/viewvc?rev=1838292&view=rev
Log:
When importing a Microsoft Office Drawing Binary File Format data stream,
ignore properties with the bComplex flag set indicating they have data 
external to the property record if the indicated size of the data is
larger than will fit in the containing property table record.


DffPropSet::GetPropertyString() should return an empty string if
the bComplex flag is not set since there is no data to return.
 
Bail out of the loop that processes the array of properties early if
we hit the end of the property table record.
 
Limit the length of the property table record to the remaining size of
the stream.


Modified:
    openoffice/trunk/main/filter/inc/filter/msfilter/dffpropset.hxx
    openoffice/trunk/main/filter/source/msfilter/dffpropset.cxx

Modified: openoffice/trunk/main/filter/inc/filter/msfilter/dffpropset.hxx
URL: 
http://svn.apache.org/viewvc/openoffice/trunk/main/filter/inc/filter/msfilter/dffpropset.hxx?rev=1838292&r1=1838291&r2=1838292&view=diff
==============================================================================
--- openoffice/trunk/main/filter/inc/filter/msfilter/dffpropset.hxx (original)
+++ openoffice/trunk/main/filter/inc/filter/msfilter/dffpropset.hxx Fri Aug 17 
22:24:27 2018
@@ -61,6 +61,7 @@ class MSFILTER_DLLPUBLIC DffPropSet
                ~DffPropSet();
 
                inline sal_Bool IsProperty( sal_uInt32 nRecType ) const { 
return ( mpPropSetEntries[ nRecType & 0x3ff ].aFlags.bSet ); };
+               inline sal_Bool IsComplex( sal_uInt32 nRecType ) const { return 
( mpPropSetEntries[ nRecType & 0x3ff ].aFlags.bComplex ); };
                sal_Bool                IsHardAttribute( sal_uInt32 nId ) const;
                sal_uInt32              GetPropertyValue( sal_uInt32 nId, 
sal_uInt32 nDefault = 0 ) const;
         /** Returns a boolean property by its real identifier. */

Modified: openoffice/trunk/main/filter/source/msfilter/dffpropset.cxx
URL: 
http://svn.apache.org/viewvc/openoffice/trunk/main/filter/source/msfilter/dffpropset.cxx?rev=1838292&r1=1838291&r2=1838292&view=diff
==============================================================================
--- openoffice/trunk/main/filter/source/msfilter/dffpropset.cxx (original)
+++ openoffice/trunk/main/filter/source/msfilter/dffpropset.cxx Fri Aug 17 
22:24:27 2018
@@ -1099,7 +1099,11 @@ DffPropSet::~DffPropSet()
 void DffPropSet::ReadPropSet( SvStream& rIn, bool bSetUninitializedOnly )
 {
        DffRecordHeader aHd;
+       sal_Size nEndOfStream, nEndOfRecord;
        rIn >> aHd;
+       nEndOfStream = rIn.Seek(STREAM_SEEK_TO_END);
+       aHd.SeekToContent( rIn );
+       nEndOfRecord = Min(aHd.GetRecEndFilePos(), nEndOfStream);
 
        if ( !bSetUninitializedOnly )
        {
@@ -1116,6 +1120,8 @@ void DffPropSet::ReadPropSet( SvStream&
        {
                sal_uInt16 nTmp;
                sal_uInt32 nRecType, nContent;
+               if (nEndOfRecord - rIn.Tell() < 6)
+                       break;
                rIn >> nTmp
                        >> nContent;
 
@@ -1157,7 +1163,7 @@ void DffPropSet::ReadPropSet( SvStream&
                                aPropFlag.bBlip = sal_True;
                        if ( nTmp & 0x8000 )
                                aPropFlag.bComplex = sal_True;
-                       if ( aPropFlag.bComplex && nContent && ( 
nComplexDataFilePos < aHd.GetRecEndFilePos() ) )
+                       if ( aPropFlag.bComplex && nContent && ( 
nComplexDataFilePos < nEndOfRecord ) )
             {
                 // normally nContent is the complete size of the complex 
property,
                 // but this is not always true for IMsoArrays ( what the hell 
is a IMsoArray ? )
@@ -1190,13 +1196,17 @@ void DffPropSet::ReadPropSet( SvStream&
                             nContent += 6;
 
                         // check if array fits into the PropertyContainer
-                        if ( ( nComplexDataFilePos + nContent ) > 
aHd.GetRecEndFilePos() )
+                        if ( nContent > nEndOfRecord - nComplexDataFilePos)
                             nContent = 0;
                     }
                     else
                         nContent = 0;
                                        rIn.Seek( nOldPos );
-                               }
+                } else {
+                    // check if complex property fits into the 
PropertyContainer
+                    if ( nContent > nEndOfRecord - nComplexDataFilePos)
+                        nContent = 0;
+                }
                 if ( nContent )
                 {
                                        if ( bSetProperty )
@@ -1301,7 +1311,7 @@ bool DffPropSet::GetPropertyBool( sal_uI
     sal_Size nOldPos = rStrm.Tell();
     ::rtl::OUStringBuffer aBuffer;
     sal_uInt32 nBufferSize = GetPropertyValue( nId );
-    if( (nBufferSize > 0) && SeekToContent( nId, rStrm ) )
+    if( (nBufferSize > 0) && IsComplex( nId ) && SeekToContent( nId, rStrm ) )
     {
         sal_Int32 nStrLen = static_cast< sal_Int32 >( nBufferSize / 2 );
         aBuffer.ensureCapacity( nStrLen );

svn commit: r1838292 - in /openoffice/trunk/main/filter: inc/filter/msfilter/dffpropset.hxx source/msfilter/dffpropset.cxx

Reply via email to