[Libreoffice-commits] core.git: 2 commits - sw/source

Tue, 04 Apr 2017 07:30:24 -0700 

 sw/source/filter/ww8/ww8scan.cxx |   23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

New commits:
commit 0144600bf5b5d8093f6a720ad21df221f08bce9e
Author: Caolán McNamara <caol...@redhat.com>
Date:   Tue Apr 4 15:28:54 2017 +0100

    std::unique_ptr<[]> -> std::vector
    
    Change-Id: I7fd4275664fab42c61941a4ea21750a653b437d3

diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 613041b5b730..ec04420f38b6 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -6825,8 +6825,8 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
     }
 
     // allocate Font Array
-    std::unique_ptr<sal_uInt8[]> pA( new sal_uInt8[nFFn] );
-    memset(pA.get(), 0, nFFn);
+    std::vector<sal_uInt8> aA(nFFn);
+    memset(aA.data(), 0, nFFn);
 
     ww::WordVersion eVersion = rFib.GetFIBVersion();
 
@@ -6842,9 +6842,9 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
     rSt.SeekRel( 2 );
 
     // read all font information
-    nFFn = rSt.ReadBytes(pA.get(), nFFn);
-    sal_uInt8 * const pEnd = pA.get() + nFFn;
-    const sal_uInt16 nCalcMax = calcMaxFonts(pA.get(), nFFn);
+    nFFn = rSt.ReadBytes(aA.data(), nFFn);
+    sal_uInt8 * const pEnd = aA.data() + nFFn;
+    const sal_uInt16 nCalcMax = calcMaxFonts(aA.data(), nFFn);
 
     if (eVersion < ww::eWW8)
         nMax = nCalcMax;
@@ -6863,7 +6863,7 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
 
         if( eVersion <= ww::eWW2 )
         {
-            sal_uInt8 const * pVer2 = pA.get();
+            sal_uInt8 const * pVer2 = aA.data();
             sal_uInt16 i = 0;
             for(; i<nMax; ++i, ++p)
             {
@@ -6904,7 +6904,7 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
         }
         else if( eVersion < ww::eWW8 )
         {
-            sal_uInt8 const * pVer6 = pA.get();
+            sal_uInt8 const * pVer6 = aA.data();
             sal_uInt16 i = 0;
             for(; i<nMax; ++i, ++p)
             {
@@ -6986,7 +6986,7 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
             const sal_uInt8 cbMinFFNPayload = 41;
             sal_uInt16 nValidFonts = 0;
             sal_Int32 nRemainingFFn = nFFn;
-            sal_uInt8* pRaw = pA.get();
+            sal_uInt8* pRaw = aA.data();
             for (sal_uInt16 i=0; i < nMax && nRemainingFFn; ++i, ++p)
             {
                 //pRaw[0] is cbFfnM1, the alleged total length of FFN - 1
commit be752d9f4ee29a2fad0051ff1c2ce39add2985ea
Author: Caolán McNamara <caol...@redhat.com>
Date:   Tue Apr 4 15:25:46 2017 +0100

    ofz: avoid oom
    
    Change-Id: Ie700676c8470b6764a38f4e2989dc14819244872

diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index d8d05940eae4..613041b5b730 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -6817,6 +6817,13 @@ WW8Fonts::WW8Fonts( SvStream& rSt, WW8Fib& rFib )
 
     sal_Int32 nFFn = rFib.m_lcbSttbfffn - 2;
 
+    const sal_uInt64 nMaxPossible = rSt.remainingSize();
+    if (static_cast<sal_uInt64>(nFFn) > nMaxPossible)
+    {
+        SAL_WARN("sw.ww8", "FFN structure longer than available data");
+        nFFn = nMaxPossible;
+    }
+
     // allocate Font Array
     std::unique_ptr<sal_uInt8[]> pA( new sal_uInt8[nFFn] );
     memset(pA.get(), 0, nFFn);

_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to