src/lib/CDROutputElementList.cpp | 4 +-
src/lib/CDRPath.cpp | 2 -
src/lib/CMXParser.cpp | 66 ++++++++++++++++++++++++---------------
3 files changed, 44 insertions(+), 28 deletions(-)
New commits:
commit f270338fcf07bdbf2d0fa1f4b7dd8aed8eedcfd6
Author: David Tardon <dtar...@redhat.com>
Date: Tue Apr 4 18:44:17 2017 +0200
ofz: avoid inf. loop if tag length is 0
Change-Id: If5a6644de892a466b5bd54ab3c807b6149aace8e
diff --git a/src/lib/CMXParser.cpp b/src/lib/CMXParser.cpp
index b4fbee5..f74c10e 100644
--- a/src/lib/CMXParser.cpp
+++ b/src/lib/CMXParser.cpp
@@ -32,6 +32,22 @@
#define M_PI 3.14159265358979323846
#endif
+namespace
+{
+
+uint16_t readTagLength(librevenge::RVNGInputStream *const input, const bool
bigEndian)
+{
+ uint16_t tagLength = libcdr::readU16(input, bigEndian);
+ if (tagLength < 3)
+ {
+ CDR_DEBUG_MSG(("invalid tag length %" PRIu16 "\n", tagLength));
+ tagLength = 3;
+ }
+ return tagLength;
+}
+
+}
+
libcdr::CMXParser::CMXParser(libcdr::CDRCollector *collector, CMXParserState
&parserState)
: CommonParser(collector),
m_bigEndian(false), m_unit(0),
@@ -462,7 +478,7 @@ void
libcdr::CMXParser::readBeginPage(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" CMXParser::readBeginPage - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" CMXParser::readBeginPage - tagId %i, tagLength %u\n",
tagId, tagLength));
switch (tagId)
{
@@ -512,7 +528,7 @@ void
libcdr::CMXParser::readBeginGroup(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" CMXParser::readBeginGroup - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" CMXParser::readBeginGroup - tagId %i, tagLength %u\n",
tagId, tagLength));
switch (tagId)
{
@@ -562,7 +578,7 @@ void
libcdr::CMXParser::readPolyCurve(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" CMXParser::readPolyCurve - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" CMXParser::readPolyCurve - tagId %i, tagLength %u\n",
tagId, tagLength));
switch (tagId)
{
@@ -644,7 +660,7 @@ void
libcdr::CMXParser::readEllipse(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" CMXParser::readEllipse - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" CMXParser::readEllipse - tagId %i, tagLength %u\n",
tagId, tagLength));
switch (tagId)
{
@@ -742,7 +758,7 @@ void
libcdr::CMXParser::readDrawImage(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" CMXParser::readDrawImage - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" CMXParser::readDrawImage - tagId %i, tagLength %u\n",
tagId, tagLength));
switch (tagId)
{
@@ -806,7 +822,7 @@ void
libcdr::CMXParser::readRectangle(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" CMXParser::readRectangle - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" CMXParser::readRectangle - tagId %i, tagLength %u\n",
tagId, tagLength));
switch (tagId)
{
@@ -888,7 +904,7 @@ void
libcdr::CMXParser::readBeginProcedure(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" CMXParser::readBeginProcedure - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" CMXParser::readBeginProcedure - tagId %i, tagLength
%u\n", tagId, tagLength));
switch (tagId)
{
@@ -1037,7 +1053,7 @@ bool
libcdr::CMXParser::readFill(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" Solid fill - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" Solid fill - tagId %i, tagLength %u\n", tagId,
tagLength));
switch (tagId)
{
@@ -1077,7 +1093,7 @@ bool
libcdr::CMXParser::readFill(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" Fountain fill - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" Fountain fill - tagId %i, tagLength %u\n", tagId,
tagLength));
switch (tagId)
{
@@ -1169,7 +1185,7 @@ bool
libcdr::CMXParser::readFill(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" %s fill - tagId %i\n", fillType == 7 ?
"Two-Color Pattern" : "Monochrome with transparent bitmap", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" %s fill - tagId %i, tagLength %u\n", fillType == 7
? "Two-Color Pattern" : "Monochrome with transparent bitmap", tagId,
tagLength));
switch (tagId)
{
@@ -1246,7 +1262,7 @@ bool
libcdr::CMXParser::readFill(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" %s fill - tagId %i\n", fillType == 9 ? "Imported
Bitmap" : "Full Color Pattern", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" %s fill - tagId %i, tagLength %u\n", fillType == 9
? "Imported Bitmap" : "Full Color Pattern", tagId, tagLength));
switch (tagId)
{
@@ -1318,7 +1334,7 @@ bool
libcdr::CMXParser::readFill(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" Texture fill - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" Texture fill - tagId %i, tagLength %u\n", tagId,
tagLength));
switch (tagId)
{
@@ -1332,7 +1348,7 @@ bool
libcdr::CMXParser::readFill(librevenge::RVNGInputStream *input)
subTagId = readU8(input, m_bigEndian);
if (subTagId == CMX_Tag_EndTag)
break;
- subTagLength = readU16(input, m_bigEndian);
+ subTagLength = readTagLength(input, m_bigEndian);
switch (subTagId)
{
case CMX_Tag_RenderAttr_FillSpec_ColorBM:
@@ -1438,7 +1454,7 @@ bool
libcdr::CMXParser::readRenderingAttributes(librevenge::RVNGInputStream *inp
CDR_DEBUG_MSG((" Fill specification - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" Fill specification - tagId %i, tagLength %u\n",
tagId, tagLength));
switch (tagId)
{
@@ -1474,7 +1490,7 @@ bool
libcdr::CMXParser::readRenderingAttributes(librevenge::RVNGInputStream *inp
CDR_DEBUG_MSG((" Outline specification - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" Outline specification - tagId %i, tagLength %u\n",
tagId, tagLength));
switch (tagId)
{
@@ -1509,7 +1525,7 @@ bool
libcdr::CMXParser::readRenderingAttributes(librevenge::RVNGInputStream *inp
CDR_DEBUG_MSG((" Lens specification - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" Lens specification - tagId %i, tagLength %u\n",
tagId, tagLength));
switch (tagId)
{
@@ -1543,7 +1559,7 @@ bool
libcdr::CMXParser::readRenderingAttributes(librevenge::RVNGInputStream *inp
CDR_DEBUG_MSG((" Canvas specification - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" Canvas specification - tagId %i, tagLength %u\n",
tagId, tagLength));
switch (tagId)
{
@@ -1573,7 +1589,7 @@ bool
libcdr::CMXParser::readRenderingAttributes(librevenge::RVNGInputStream *inp
CDR_DEBUG_MSG((" Container specification - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" Container specification - tagId %i, tagLength %u\n",
tagId, tagLength));
switch (tagId)
{
@@ -1608,7 +1624,7 @@ void
libcdr::CMXParser::readJumpAbsolute(librevenge::RVNGInputStream *input)
CDR_DEBUG_MSG((" CMXParser::readJumpAbsolute - tagId %i\n", tagId));
break;
}
- tagLength = readU16(input, m_bigEndian);
+ tagLength = readTagLength(input, m_bigEndian);
CDR_DEBUG_MSG((" CMXParser::readJumpAbsolute - tagId %i, tagLength
%u\n", tagId, tagLength));
switch (tagId)
{
@@ -1649,7 +1665,7 @@ void
libcdr::CMXParser::readRclr(librevenge::RVNGInputStream *input)
tagId = readU8(input, m_bigEndian);
if (tagId == CMX_Tag_EndTag)
break;
- unsigned short tagLength = readU16(input, m_bigEndian);
+ unsigned short tagLength = readTagLength(input, m_bigEndian);
switch (tagId)
{
case CMX_Tag_DescrSection_Color_Base:
@@ -1698,7 +1714,7 @@ void
libcdr::CMXParser::readRdot(librevenge::RVNGInputStream *input)
tagId = readU8(input, m_bigEndian);
if (tagId == CMX_Tag_EndTag)
break;
- unsigned short tagLength = readU16(input, m_bigEndian);
+ unsigned short tagLength = readTagLength(input, m_bigEndian);
switch (tagId)
{
case CMX_Tag_DescrSection_Dash:
@@ -1748,7 +1764,7 @@ void
libcdr::CMXParser::readRott(librevenge::RVNGInputStream *input)
tagId = readU8(input, m_bigEndian);
if (tagId == CMX_Tag_EndTag)
break;
- unsigned short tagLength = readU16(input, m_bigEndian);
+ unsigned short tagLength = readTagLength(input, m_bigEndian);
switch (tagId)
{
case CMX_Tag_DescrSection_LineStyle:
@@ -1796,7 +1812,7 @@ void
libcdr::CMXParser::readRotl(librevenge::RVNGInputStream *input)
tagId = readU8(input, m_bigEndian);
if (tagId == CMX_Tag_EndTag)
break;
- unsigned short tagLength = readU16(input, m_bigEndian);
+ unsigned short tagLength = readTagLength(input, m_bigEndian);
switch (tagId)
{
case CMX_Tag_DescrSection_Outline:
@@ -1852,7 +1868,7 @@ void
libcdr::CMXParser::readRpen(librevenge::RVNGInputStream *input)
tagId = readU8(input, m_bigEndian);
if (tagId == CMX_Tag_EndTag)
break;
- unsigned short tagLength = readU16(input, m_bigEndian);
+ unsigned short tagLength = readTagLength(input, m_bigEndian);
switch (tagId)
{
case CMX_Tag_DescrSection_Pen:
@@ -2052,7 +2068,7 @@ void
libcdr::CMXParser::readInfo(librevenge::RVNGInputStream *input)
tagId = readU8(input, m_bigEndian);
if (tagId == CMX_Tag_EndTag)
break;
- unsigned short tagLength = readU16(input, m_bigEndian);
+ unsigned short tagLength = readTagLength(input, m_bigEndian);
switch (tagId)
{
case CMX_Tag_DescrSection_Image_ImageInfo:
commit 77704c5f26a1019ddc8014a84113a3387c52fe3e
Author: David Tardon <dtar...@redhat.com>
Date: Tue Apr 4 18:44:32 2017 +0200
astyle
Change-Id: I4b1ee173e3c795fa2ba23f333e2e93cd392907af
diff --git a/src/lib/CDROutputElementList.cpp b/src/lib/CDROutputElementList.cpp
index 68774b5..07a581f 100644
--- a/src/lib/CDROutputElementList.cpp
+++ b/src/lib/CDROutputElementList.cpp
@@ -407,7 +407,7 @@ libcdr::CDROutputElementList::CDROutputElementList(const
libcdr::CDROutputElemen
libcdr::CDROutputElementList &libcdr::CDROutputElementList::operator=(const
libcdr::CDROutputElementList &elementList)
{
for (std::vector<CDROutputElement *>::iterator iter = m_elements.begin();
iter != m_elements.end(); ++iter)
- delete(*iter);
+ delete (*iter);
m_elements.clear();
@@ -420,7 +420,7 @@ libcdr::CDROutputElementList
&libcdr::CDROutputElementList::operator=(const libc
libcdr::CDROutputElementList::~CDROutputElementList()
{
for (std::vector<CDROutputElement *>::iterator iter = m_elements.begin();
iter != m_elements.end(); ++iter)
- delete(*iter);
+ delete (*iter);
m_elements.clear();
}
diff --git a/src/lib/CDRPath.cpp b/src/lib/CDRPath.cpp
index 8ec5991..708626b 100644
--- a/src/lib/CDRPath.cpp
+++ b/src/lib/CDRPath.cpp
@@ -875,7 +875,7 @@ void libcdr::CDRPath::clear()
{
for (std::vector<CDRPathElement *>::iterator iter = m_elements.begin(); iter
!= m_elements.end(); ++iter)
if (*iter)
- delete(*iter);
+ delete (*iter);
m_elements.clear();
m_isClosed = false;
}
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
