src/lib/CDRDocument.cpp | 6 ++++++
src/lib/CDRInternalStream.cpp | 3 +++
src/lib/CDRParser.cpp | 2 ++
src/lib/CDRStylesCollector.cpp | 4 +++-
src/lib/CMXDocument.cpp | 6 ++++++
5 files changed, 20 insertions(+), 1 deletion(-)
New commits:
commit 983bc0a2e969b011760956d739260a181001a855
Author: David Tardon <dtar...@redhat.com>
Date: Thu Nov 20 16:31:17 2014 +0100
deinit z_stream properly if reading from input fails
Change-Id: I5a2ce38daf8f251029ccf8c1458025f950fe2af2
diff --git a/src/lib/CDRInternalStream.cpp b/src/lib/CDRInternalStream.cpp
index cdef100..11ecb0f 100644
--- a/src/lib/CDRInternalStream.cpp
+++ b/src/lib/CDRInternalStream.cpp
@@ -61,7 +61,10 @@
libcdr::CDRInternalStream::CDRInternalStream(librevenge::RVNGInputStream *input,
const unsigned char *tmpBuffer = input->read(size, tmpNumBytesRead);
if (size != tmpNumBytesRead)
+ {
+ (void)inflateEnd(&strm);
return;
+ }
strm.avail_in = (uInt)tmpNumBytesRead;
strm.next_in = (Bytef *)tmpBuffer;
commit 1d605d21e7b5f87c1ad18ff2e7dc03a092a6e557
Author: David Tardon <dtar...@redhat.com>
Date: Thu Nov 20 16:15:49 2014 +0100
avoid out-of-bounds read
Change-Id: I6b43ce6e7160789bdd99aabf8632bfc3431d4b7d
diff --git a/src/lib/CDRStylesCollector.cpp b/src/lib/CDRStylesCollector.cpp
index f6aa912..7ead9b1 100644
--- a/src/lib/CDRStylesCollector.cpp
+++ b/src/lib/CDRStylesCollector.cpp
@@ -113,6 +113,8 @@ void libcdr::CDRStylesCollector::collectBmp(unsigned
imageId, unsigned colorMode
while (i < lineWidth && i < width)
{
unsigned char c = bitmap[j*lineWidth+i];
+ if (c >= palette.size())
+ c = palette.size() - 1;
i++;
writeU32(image, m_ps.getBMPColor(libcdr::CDRColor(colorModel,
palette[c])));
}
commit 629dadcd8002d077fdd4f30d4e7f156b03e644f8
Author: David Tardon <dtar...@redhat.com>
Date: Thu Nov 20 15:36:46 2014 +0100
nothing to do here if there's no bitmap data to read
Change-Id: I07d1540d44dc97d7fbb88db363123cb28b7d812d
diff --git a/src/lib/CDRParser.cpp b/src/lib/CDRParser.cpp
index 70fa511..d9d66c9 100644
--- a/src/lib/CDRParser.cpp
+++ b/src/lib/CDRParser.cpp
@@ -2277,6 +2277,8 @@ void
libcdr::CDRParser::readBmp(librevenge::RVNGInputStream *input, unsigned len
palette.push_back(b | (g << 8) | (r << 16));
}
}
+ if (bmpsize == 0)
+ return;
std::vector<unsigned char> bitmap(bmpsize);
unsigned long tmpNumBytesRead = 0;
const unsigned char *tmpBuffer = input->read(bmpsize, tmpNumBytesRead);
commit 4a1be786ced3083a9a609e4aa2af9bc5b89ec21e
Author: David Tardon <dtar...@redhat.com>
Date: Thu Nov 20 15:32:41 2014 +0100
avoid out-of-bounds read
Change-Id: I5510b80b9c6d1512f2e6e8bb25f48fb0bcded515
diff --git a/src/lib/CDRStylesCollector.cpp b/src/lib/CDRStylesCollector.cpp
index bce3d7f..f6aa912 100644
--- a/src/lib/CDRStylesCollector.cpp
+++ b/src/lib/CDRStylesCollector.cpp
@@ -244,7 +244,7 @@ void libcdr::CDRStylesCollector::collectText(unsigned
textId, unsigned styleId,
}
tmpTextData.push_back(data[j++]);
- if (tmpCharDescription & 0x01)
+ if ((tmpCharDescription & 0x01) && (j < data.size()))
tmpTextData.push_back(data[j++]);
}
if (!tmpTextData.empty())
commit 88b4e8b39c3c187e2262786d469b0a9d9e2eae9d
Author: David Tardon <dtar...@redhat.com>
Date: Tue Jul 29 18:22:41 2014 +0200
check arguments
Change-Id: I62f5abfe8f954f9825befcad589ded09ae8f7700
diff --git a/src/lib/CDRDocument.cpp b/src/lib/CDRDocument.cpp
index 5509716..de6ec95 100644
--- a/src/lib/CDRDocument.cpp
+++ b/src/lib/CDRDocument.cpp
@@ -61,6 +61,9 @@ stream is a Corel Draw Document that libcdr is able to parse
*/
CDRAPI bool libcdr::CDRDocument::isSupported(librevenge::RVNGInputStream
*input)
{
+ if (!input)
+ return false;
+
librevenge::RVNGInputStream *tmpInput = input;
try
{
@@ -104,6 +107,9 @@ CDRPaintInterface class implementation when needed. This is
often commonly calle
*/
CDRAPI bool libcdr::CDRDocument::parse(librevenge::RVNGInputStream *input,
librevenge::RVNGDrawingInterface *painter)
{
+ if (!input || !painter)
+ return false;
+
input->seek(0, librevenge::RVNG_SEEK_SET);
bool retVal = false;
unsigned version = 0;
diff --git a/src/lib/CMXDocument.cpp b/src/lib/CMXDocument.cpp
index 74f8619..ff8df44 100644
--- a/src/lib/CMXDocument.cpp
+++ b/src/lib/CMXDocument.cpp
@@ -25,6 +25,9 @@ stream is a Corel Draw Document that libcdr is able to parse
CDRAPI bool libcdr::CMXDocument::isSupported(librevenge::RVNGInputStream
*input)
try
{
+ if (!input)
+ return false;
+
input->seek(0, librevenge::RVNG_SEEK_SET);
unsigned riff = readU32(input);
if (riff != CDR_FOURCC_RIFF && riff != CDR_FOURCC_RIFX)
@@ -56,6 +59,9 @@ CDRPaintInterface class implementation when needed. This is
often commonly calle
*/
CDRAPI bool libcdr::CMXDocument::parse(librevenge::RVNGInputStream *input,
librevenge::RVNGDrawingInterface *painter)
{
+ if (!input || !painter)
+ return false;
+
input->seek(0, librevenge::RVNG_SEEK_SET);
CDRParserState ps;
CDRStylesCollector stylesCollector(ps);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
