[Libreoffice-commits] core.git: starmath/source

Tue, 22 Dec 2020 04:57:00 -0800 

 starmath/source/mathtype.cxx |   50 ++++++++++++++++++++++++-------------------
 1 file changed, 29 insertions(+), 21 deletions(-)

New commits:
commit 77387ae00ae27e3f8bcdf7bccf97fb2db8f196b7
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Dec 22 10:13:33 2020 +0000
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Tue Dec 22 13:56:02 2020 +0100

    oss-fuzz: mtpfuzzer doesn't pass sanity check
    
    Step #5:     #6 0x6b5998f in __cxa_throw (/tmp/not-out/mtpfuzzer+0x6b5998f)
    Step #5:     #7 0x21a5bfa in SvStream::ReadUInt16(unsigned short&) 
(/tmp/not-out/mtpfuzzer+0x21a5bfa)
    Step #5:     #8 0x51f2ef in EQNOLEFILEHDR::Read(SvStream*) 
(/tmp/not-out/mtpfuzzer+0x51f2ef)
    Step #5:     #9 0x51ef53 in MathType::Parse(SvStream*) 
(/tmp/not-out/mtpfuzzer+0x51ef53)
    
    Change-Id: I6ae5905930376f9424f5d2eb3660ae177c7dc6f9
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108153
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/starmath/source/mathtype.cxx b/starmath/source/mathtype.cxx
index 43602a491d03..72c3bed94edb 100644
--- a/starmath/source/mathtype.cxx
+++ b/starmath/source/mathtype.cxx
@@ -558,28 +558,36 @@ bool MathType::Parse(SvStream* pStream)
     pS = pStream;
     pS->SetEndian( SvStreamEndian::LITTLE );
 
-    EQNOLEFILEHDR aHdr;
-    aHdr.Read(pS);
-    sal_uInt8 nProdVersion;
-    sal_uInt8 nProdSubVersion;
-    sal_uInt8 nPlatform;
-    sal_uInt8 nProduct;
-    pS->ReadUChar( nVersion );
-    pS->ReadUChar( nPlatform );
-    pS->ReadUChar( nProduct );
-    pS->ReadUChar( nProdVersion );
-    pS->ReadUChar( nProdSubVersion );
-
-    if (nVersion > 3)   // allow only supported versions of MathType to be 
parsed
-        return false;
-
-    bool bRet = HandleRecords(0);
-    //little crude hack to close occasionally open expressions
-    //a sophisticated system to determine what expressions are
-    //opened is required, but this is as much work as rewriting
-    //starmaths internals.
-    rRet.append("{}");
+    bool bRet;
+    try
+    {
+        EQNOLEFILEHDR aHdr;
+        aHdr.Read(pS);
+        sal_uInt8 nProdVersion;
+        sal_uInt8 nProdSubVersion;
+        sal_uInt8 nPlatform;
+        sal_uInt8 nProduct;
+        pS->ReadUChar( nVersion );
+        pS->ReadUChar( nPlatform );
+        pS->ReadUChar( nProduct );
+        pS->ReadUChar( nProdVersion );
+        pS->ReadUChar( nProdSubVersion );
+
+        if (nVersion > 3)   // allow only supported versions of MathType to be 
parsed
+            return false;
 
+        bRet = HandleRecords(0);
+        //little crude hack to close occasionally open expressions
+        //a sophisticated system to determine what expressions are
+        //opened is required, but this is as much work as rewriting
+        //starmaths internals.
+        rRet.append("{}");
+    }
+    catch (const SvStreamEOFException&)
+    {
+        SAL_WARN("starmath", "EOF");
+        bRet = false;
+    }
     return bRet;
 }
 
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to