source

Xisco Fauli (via logerrit) Fri, 24 Jul 2020 11:15:11 -0700

 oox/source/ppt/timenode.cxx               |    4 ++++
 sd/source/filter/eppt/pptx-animations.cxx |    2 ++
 sd/source/filter/ppt/pptinanimations.cxx  |    5 +++++
 xmloff/source/draw/animationimport.cxx    |    8 ++++++++
 4 files changed, 19 insertions(+)


New commits:
commit bcdcdaa5dfc5f1d50e0239055161b71e97f5f022
Author:     Xisco Fauli <xiscofa...@libreoffice.org>
AuthorDate: Thu Jul 23 16:52:14 2020 +0200
Commit:     Mike Kaganski <mike.kagan...@collabora.com>
CommitDate: Fri Jul 24 20:13:52 2020 +0200

    throw if length of keys and values are different
    
    See 
https://crashreport.libreoffice.org/stats/signature/%60anonymous%20namespace'::WriteAnimateValues
    
    This is expected to start rejecting broken files, instead of accepting 
invalid  data silently,
    as it did before. This is not a regression, and should be indication of 
corrupted generator,
    which is the actual cause of the bug...
    
    Change-Id: I66dbb380e8b2d313e58cddf938d952aed4a635b7
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/99327
    Tested-by: Jenkins
    Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>

diff --git a/oox/source/ppt/timenode.cxx b/oox/source/ppt/timenode.cxx
index efc632ebf514..41fb39fba150 100644
--- a/oox/source/ppt/timenode.cxx
+++ b/oox/source/ppt/timenode.cxx
@@ -33,6 +33,7 @@
 #include <com/sun/star/animations/AnimationNodeType.hpp>
 #include <com/sun/star/animations/Event.hpp>
 #include <com/sun/star/animations/EventTrigger.hpp>
+#include <com/sun/star/io/WrongFormatException.hpp>
 #include <com/sun/star/presentation/EffectNodeType.hpp>
 #include <com/sun/star/uno/XComponentContext.hpp>
 
@@ -542,6 +543,9 @@ namespace oox::ppt {
                 }
             }
 
+            if (xAnimate.is() && xAnimate->getValues().getLength() != 
xAnimate->getKeyTimes().getLength())
+                throw css::io::WrongFormatException();
+
             if( mnNodeType == AnimationNodeType::TRANSITIONFILTER )
             {
 
diff --git a/sd/source/filter/eppt/pptx-animations.cxx 
b/sd/source/filter/eppt/pptx-animations.cxx
index 90720501d07a..53d2ce888686 100644
--- a/sd/source/filter/eppt/pptx-animations.cxx
+++ b/sd/source/filter/eppt/pptx-animations.cxx
@@ -207,6 +207,8 @@ void WriteAnimateValues(const FSHelperPtr& pFS, const 
Reference<XAnimate>& rXAni
 
     SAL_INFO("sd.eppt", "animate values, formula: " << sFormula.toUtf8());
 
+    assert(aValues.getLength() == aKeyTimes.getLength());
+
     pFS->startElementNS(XML_p, XML_tavLst);
 
     for (int i = 0; i < aKeyTimes.getLength(); i++)
diff --git a/sd/source/filter/ppt/pptinanimations.cxx 
b/sd/source/filter/ppt/pptinanimations.cxx
index be51eb9003e4..8516b063728a 100644
--- a/sd/source/filter/ppt/pptinanimations.cxx
+++ b/sd/source/filter/ppt/pptinanimations.cxx
@@ -48,6 +48,7 @@
 #include <com/sun/star/beans/NamedValue.hpp>
 #include <com/sun/star/container/XEnumerationAccess.hpp>
 #include <com/sun/star/drawing/XDrawPage.hpp>
+#include <com/sun/star/io/WrongFormatException.hpp>
 #include <com/sun/star/presentation/ParagraphTarget.hpp>
 #include <com/sun/star/presentation/TextAnimationType.hpp>
 #include <comphelper/processfactory.hxx>
@@ -2212,6 +2213,10 @@ void AnimationImporter::importAnimateKeyPoints( const 
Atom* pAtom, const Referen
             aKeyTimes[nKeyTime] = static_cast<double>(nKeyTime) / 
static_cast<double>(nKeyTimes - 1);
         }
     }
+
+    if (aValues.getLength() != aKeyTimes.getLength())
+        throw css::io::WrongFormatException();
+
     xAnim->setKeyTimes( aKeyTimes );
     xAnim->setValues( aValues );
     xAnim->setFormula( aFormula );
diff --git a/xmloff/source/draw/animationimport.cxx 
b/xmloff/source/draw/animationimport.cxx
index b05d6e398b79..777deb36d3bb 100644
--- a/xmloff/source/draw/animationimport.cxx
+++ b/xmloff/source/draw/animationimport.cxx
@@ -38,6 +38,7 @@
 #include <com/sun/star/animations/Timing.hpp>
 #include <com/sun/star/animations/Event.hpp>
 #include <com/sun/star/beans/XPropertySet.hpp>
+#include <com/sun/star/io/WrongFormatException.hpp>
 #include <com/sun/star/xml/sax/XFastAttributeList.hpp>
 #include <com/sun/star/text/XTextCursor.hpp>
 #include <com/sun/star/text/XTextRangeCompare.hpp>
@@ -1124,8 +1125,15 @@ void AnimationNodeContext::init_node(  const 
css::uno::Reference< css::xml::sax:
 
             if( !aValues.isEmpty() )
                 xAnimate->setValues( mpHelper->convertValueSequence( 
meAttributeName, aValues ) );
+
+            if (xAnimate->getValues().getLength() != 
xAnimate->getKeyTimes().getLength())
+                throw css::io::WrongFormatException();
         }
     }
+    catch (const css::io::WrongFormatException&)
+    {
+        throw;
+    }
     catch (const RuntimeException&)
     {
         OSL_FAIL( "xmloff::AnimationNodeContext::StartElement(), 
RuntimeException caught!" );
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: oox/source sd/source xmloff/source

Reply via email to