filter/source/msfilter/svdfppt.cxx | 6 +++---
include/filter/msfilter/svdfppt.hxx | 12 +++++++-----
sd/qa/unit/data/ppt/pass/crash-1.ppt |binary
sd/source/core/drawdoc.cxx | 1 +
4 files changed, 11 insertions(+), 8 deletions(-)
New commits:
commit 334dba623dfb0c4fb2b5292c2d03741b7b33aef1
Author: Caolán McNamara <caol...@redhat.com>
Date: Wed Aug 26 11:25:03 2015 +0100
fix crash on loading certain ppts
Change-Id: I544a67e3706c7d12414cc075118ef2f0f5ddd0f6
diff --git a/filter/source/msfilter/svdfppt.cxx
b/filter/source/msfilter/svdfppt.cxx
index 47e9f35..f5b7931 100644
--- a/filter/source/msfilter/svdfppt.cxx
+++ b/filter/source/msfilter/svdfppt.cxx
@@ -4019,13 +4019,13 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader&
rSlideHd, SvStream& rIn, Sd
ReadDffRecordHeader( rIn, aTxMasterStyleHd );
if ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom )
{
- sal_uInt16 nLevelAnz;
- rIn.ReadUInt16( nLevelAnz );
+ sal_uInt16 nLevelAnz(0);
+ rIn.ReadUInt16(nLevelAnz);
sal_uInt16 nLev = 0;
bool bFirst = true;
bFoundTxMasterStyleAtom04 = true;
- while ( rIn.GetError() == 0 && rIn.Tell() <
aTxMasterStyleHd.GetRecEndFilePos() && nLev < nLevelAnz )
+ while (rIn.GetError() == 0 && rIn.Tell() <
aTxMasterStyleHd.GetRecEndFilePos() && nLev < nLevelAnz && nLev < nMaxPPTLevels)
{
if ( nLev )
{
diff --git a/include/filter/msfilter/svdfppt.hxx
b/include/filter/msfilter/svdfppt.hxx
index def0fd1..bfcea45 100644
--- a/include/filter/msfilter/svdfppt.hxx
+++ b/include/filter/msfilter/svdfppt.hxx
@@ -170,6 +170,8 @@ const sal_uInt32 PPTInventor = sal_uInt32('P') * 0x00000001
+ sal_uInt32('T') * 0x00010000
+ sal_uInt32('0') * 0x01000000;
+const int nMaxPPTLevels = 5;
+
// Object IDs for StarDraw UserData
#define PPT_OBJECTINFO_ID (1)
@@ -705,7 +707,7 @@ struct PPTExtParaLevel
struct PPTExtParaSheet
{
- PPTExtParaLevel aExtParaLevel[ 5 ];
+ PPTExtParaLevel aExtParaLevel[nMaxPPTLevels];
};
struct PPTBuGraEntry
@@ -750,7 +752,7 @@ struct PPTCharLevel
struct PPTCharSheet
{
- PPTCharLevel maCharLevel[ 5 ];
+ PPTCharLevel maCharLevel[nMaxPPTLevels];
explicit PPTCharSheet( sal_uInt32 nInstance );
PPTCharSheet( const PPTCharSheet& rCharSheet );
@@ -783,7 +785,7 @@ struct PPTParaSheet
{
public:
- PPTParaLevel maParaLevel[ 5 ];
+ PPTParaLevel maParaLevel[nMaxPPTLevels];
explicit PPTParaSheet( sal_uInt32 nInstance );
PPTParaSheet( const PPTParaSheet& rParaSheet );
@@ -988,8 +990,8 @@ struct PPTRuler
sal_Int32 nFlags;
sal_uInt16 nDefaultTab;
- sal_uInt16 nTextOfs[ 5 ];
- sal_uInt16 nBulletOfs[ 5 ];
+ sal_uInt16 nTextOfs[nMaxPPTLevels];
+ sal_uInt16 nBulletOfs[nMaxPPTLevels];
PPTTabEntry* pTab;
sal_uInt16 nTabCount;
diff --git a/sd/qa/unit/data/ppt/pass/crash-1.ppt
b/sd/qa/unit/data/ppt/pass/crash-1.ppt
new file mode 100644
index 0000000..5d1a04b
Binary files /dev/null and b/sd/qa/unit/data/ppt/pass/crash-1.ppt differ
commit 15166358d850e76fde98afcff7f62812ce5378e3
Author: Caolán McNamara <caol...@redhat.com>
Date: Wed Aug 26 11:06:48 2015 +0100
valgrind: uninitialized value in AvoidConfig path
Change-Id: Iea0911d182b843c099cca0f2c5ec638034e7268d
diff --git a/sd/source/core/drawdoc.cxx b/sd/source/core/drawdoc.cxx
index f31528b..5c50be3 100644
--- a/sd/source/core/drawdoc.cxx
+++ b/sd/source/core/drawdoc.cxx
@@ -164,6 +164,7 @@ SdDrawDocument::SdDrawDocument(DocumentType eType,
SfxObjectShell* pDrDocSh)
, mbHasOnlineSpellErrors(false)
, mbInitialOnlineSpellingEnabled(true)
, mbNewOrLoadCompleted(false)
+, mbOnlineSpell(false)
, mbStartWithPresentation( false )
, mbExitAfterPresenting( false )
, meLanguage( LANGUAGE_SYSTEM )
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
