RepositoryExternal.mk | 24 bin/check-elf-dynamic-objects | 2 download.lst | 4 external/nss/ExternalProject_nss.mk | 8 external/nss/nsinstall.py | 12 external/postgresql/ExternalPackage_postgresql.mk | 16 external/postgresql/ExternalProject_postgresql.mk | 16 external/postgresql/Module_postgresql.mk | 6 external/postgresql/UnpackedTarball_postgresql.mk | 12 external/postgresql/config.pl | 1 external/postgresql/internal-zlib.patch.1 | 29 external/postgresql/postgres-msvc-build.patch.1 | 110 +++ external/postgresql/postgresql-9.2.1-autoreconf.patch | 521 ----------------- external/postgresql/postgresql-9.2.1-libreoffice.patch | 74 -- external/postgresql/postgresql-libs-leak.patch | 40 - filter/source/graphicfilter/icgm/bitmap.cxx | 58 + filter/source/graphicfilter/icgm/bitmap.hxx | 2 filter/source/graphicfilter/icgm/cgm.cxx | 4 filter/source/graphicfilter/icgm/class7.cxx | 8 include/vcl/BitmapTools.hxx | 3 lotuswordpro/source/filter/lwptablelayout.cxx | 14 lotuswordpro/source/filter/lwptablelayout.hxx | 2 sal/textenc/tcvtkr6.tab | 2 sc/source/filter/qpro/qproform.cxx | 14 sfx2/source/sidebar/SidebarController.cxx | 23 sfx2/source/sidebar/SidebarPanelBase.cxx | 14 sfx2/source/sidebar/Theme.cxx | 20 solenv/flatpak-manifest.in | 5 svtools/source/svhtml/parhtml.cxx | 19 sw/qa/core/data/ww5/pass/ofz18526-1.doc |binary sw/qa/core/data/ww6/pass/ofz-trailingpara.doc |binary sw/qa/core/data/ww8/pass/ofz18414-1.doc |binary sw/source/core/unocore/unocrsrhelper.cxx | 12 sw/source/filter/ww8/ww8par.cxx | 63 +- sw/source/filter/ww8/ww8par.hxx | 2 sw/source/filter/ww8/ww8par2.cxx | 5 sw/source/filter/ww8/ww8par5.cxx | 37 + sw/source/filter/ww8/ww8par6.cxx | 11 sw/source/filter/ww8/ww8scan.cxx | 43 + sw/source/filter/ww8/ww8scan.hxx | 6 vcl/source/font/fontcharmap.cxx | 88 ++ vcl/unx/generic/app/i18n_cb.cxx | 4 writerfilter/source/rtftok/rtfdocumentimpl.cxx | 25 43 files changed, 565 insertions(+), 794 deletions(-)
New commits: commit e6a367b07f23810c649804145a03ef4a16751773 Author: Michael Stahl <[email protected]> AuthorDate: Wed Oct 30 16:06:02 2019 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:42:04 2021 +0100 sw: WW8 import: filter control characters in GetFieldResult() Triggers the assert in SwSubFont::GetTextSize_() on ooo58234-1.doc, which has a field result with ^G cell separators that is converted to SwInputField, which inserts the field result into SwTextNode. Change-Id: Ibdb93390862a11462d62cf744bac912d6009777e Reviewed-on: https://gerrit.libreoffice.org/81788 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 3a9d504b01c061f60a915b5681c8313859294118) diff --git a/sw/source/filter/ww8/ww8par5.cxx b/sw/source/filter/ww8/ww8par5.cxx index 2c070be937ca..067728255f8a 100644 --- a/sw/source/filter/ww8/ww8par5.cxx +++ b/sw/source/filter/ww8/ww8par5.cxx @@ -32,6 +32,7 @@ #include <com/sun/star/task/InteractionHandler.hpp> #include <com/sun/star/ucb/XCommandEnvironment.hpp> +#include <svl/lngmisc.hxx> #include <svl/urihelper.hxx> #include <svl/zforlist.hxx> #include <svl/zformat.hxx> @@ -1212,7 +1213,35 @@ OUString SwWW8ImplReader::GetFieldResult( WW8FieldDesc const * pF ) m_pStrm->Seek( nOldPos ); //replace both CR 0x0D and VT 0x0B with LF 0x0A - return sRes.replace(0x0D, 0x0A).replace(0x0B, 0x0A); + // at least in the cases where the result is added to an SwInputField + // there must not be control characters in it + OUStringBuffer buf(sRes.getLength()); + for (sal_Int32 i = 0; i < sRes.getLength(); ++i) + { + sal_Unicode const ch(sRes[i]); + if (!linguistic::IsControlChar(ch)) + { + buf.append(ch); + } + else + { + switch (ch) + { + case 0x0B: + case '\r': + buf.append('\n'); + break; + case '\n': + case '\t': + buf.append(ch); + break; + default: + SAL_INFO("sw.ww8", "GetFieldResult(): filtering control character"); + break; + } + } + } + return buf.makeStringAndClear(); } /* commit cb511910f0dc4db6f739f097de279e20128d1246 Author: Michael Stahl <[email protected]> AuthorDate: Tue Nov 12 18:57:58 2019 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:42:03 2021 +0100 ofz#18526 sw: WW8 import: don't insert control characters Sanitize string before calling InsertString(). This segfaults since: commit b522fc0646915d4da94df38dd249c88b28f25be7 Date: Tue Sep 24 18:11:45 2019 +0200 sw: maintain fieldmarks in DeleteRange()/DeleteAndJoin()/ReplaceRange() Change-Id: I9ef73d924420686f6838fa21900ec57b4d25c905 Reviewed-on: https://gerrit.libreoffice.org/81949 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit 7ecda38cdaa2361e8510bf3e7206863c4936deab) Reviewed-on: https://gerrit.libreoffice.org/82759 (cherry picked from commit d494a4c0ead7db481757d8d67fbce9e1b02e65df) diff --git a/sw/qa/core/data/ww5/pass/ofz18526-1.doc b/sw/qa/core/data/ww5/pass/ofz18526-1.doc new file mode 100644 index 000000000000..e651650f9a26 Binary files /dev/null and b/sw/qa/core/data/ww5/pass/ofz18526-1.doc differ diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx index 174c1f3d4a41..d23c5b0d7421 100644 --- a/sw/source/filter/ww8/ww8par.cxx +++ b/sw/source/filter/ww8/ww8par.cxx @@ -113,6 +113,8 @@ #include <com/sun/star/document/XDocumentPropertiesSupplier.hpp> #include <com/sun/star/document/XViewDataSupplier.hpp> #include <com/sun/star/document/IndexedPropertyValues.hpp> + +#include <svl/lngmisc.hxx> #include <svl/itemiter.hxx> #include <comphelper/processfactory.hxx> @@ -3390,13 +3392,37 @@ void SwWW8ImplReader::emulateMSWordAddTextToParagraph(const OUString& rAddString } } +namespace sw { + +auto FilterControlChars(OUString const& rString) -> OUString +{ + OUStringBuffer buf(rString.getLength()); + for (sal_Int32 i = 0; i < rString.getLength(); ++i) + { + sal_Unicode const ch(rString[i]); + if (!linguistic::IsControlChar(ch) || ch == '\r' || ch == '\n' || ch == '\t') + { + buf.append(ch); + } + else + { + SAL_INFO("sw.ww8", "filtering control character"); + } + } + return buf.makeStringAndClear(); +} + +} // namespace sw + void SwWW8ImplReader::simpleAddTextToParagraph(const OUString& rAddString) { - if (rAddString.isEmpty()) + OUString const addString(sw::FilterControlChars(rAddString)); + + if (addString.isEmpty()) return; #if OSL_DEBUG_LEVEL > 1 - SAL_INFO("sw.ww8", "<addTextToParagraph>" << rAddString << "</addTextToParagraph>"); + SAL_INFO("sw.ww8", "<addTextToParagraph>" << addString << "</addTextToParagraph>"); #endif const SwContentNode *pCntNd = m_pPaM->GetContentNode(); @@ -3410,21 +3436,21 @@ void SwWW8ImplReader::simpleAddTextToParagraph(const OUString& rAddString) const sal_Int32 nCharsLeft = SAL_MAX_INT32 - pNd->GetText().getLength(); if (nCharsLeft > 0) { - if (rAddString.getLength() <= nCharsLeft) + if (addString.getLength() <= nCharsLeft) { - m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, rAddString); + m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, addString); } else { - m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, rAddString.copy(0, nCharsLeft)); + m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, addString.copy(0, nCharsLeft)); AppendTextNode(*m_pPaM->GetPoint()); - m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, rAddString.copy(nCharsLeft)); + m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, addString.copy(nCharsLeft)); } } else { AppendTextNode(*m_pPaM->GetPoint()); - m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, rAddString); + m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, addString); } m_bReadTable = false; @@ -3450,13 +3476,17 @@ bool SwWW8ImplReader::ReadChars(WW8_CP& rPos, WW8_CP nNextAttr, long nTextEnd, nRequested = nMaxPossible; } - for (WW8_CP nCh = 0; nCh < nRequested; ++nCh) + if (!linguistic::IsControlChar(m_cSymbol) + || m_cSymbol == '\r' || m_cSymbol == '\n' || m_cSymbol == '\t') { - m_rDoc.getIDocumentContentOperations().InsertString( *m_pPaM, OUString(m_cSymbol) ); + for (WW8_CP nCh = 0; nCh < nRequested; ++nCh) + { + m_rDoc.getIDocumentContentOperations().InsertString(*m_pPaM, OUString(m_cSymbol)); + } + m_xCtrlStck->SetAttr(*m_pPaM->GetPoint(), RES_CHRATR_FONT); + m_xCtrlStck->SetAttr(*m_pPaM->GetPoint(), RES_CHRATR_CJK_FONT); + m_xCtrlStck->SetAttr(*m_pPaM->GetPoint(), RES_CHRATR_CTL_FONT); } - m_xCtrlStck->SetAttr( *m_pPaM->GetPoint(), RES_CHRATR_FONT ); - m_xCtrlStck->SetAttr( *m_pPaM->GetPoint(), RES_CHRATR_CJK_FONT ); - m_xCtrlStck->SetAttr( *m_pPaM->GetPoint(), RES_CHRATR_CTL_FONT ); } m_pStrm->SeekRel(nRequested); rPos = nEnd; // Ignore until attribute end diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx index 1a1f988e32ed..c15c07afb7fa 100644 --- a/sw/source/filter/ww8/ww8par.hxx +++ b/sw/source/filter/ww8/ww8par.hxx @@ -546,6 +546,8 @@ namespace sw sal_Int32 GetPtContent() { return mnPtContent; }; }; } + + auto FilterControlChars(OUString const& rString) -> OUString; } class WW8FieldEntry diff --git a/sw/source/filter/ww8/ww8par5.cxx b/sw/source/filter/ww8/ww8par5.cxx index e592073b3999..2c070be937ca 100644 --- a/sw/source/filter/ww8/ww8par5.cxx +++ b/sw/source/filter/ww8/ww8par5.cxx @@ -35,6 +35,7 @@ #include <svl/urihelper.hxx> #include <svl/zforlist.hxx> #include <svl/zformat.hxx> +#include <svl/lngmisc.hxx> #include <sfx2/linkmgr.hxx> #include <ucbhelper/content.hxx> @@ -1908,7 +1909,8 @@ eF_ResT SwWW8ImplReader::Read_F_Symbol( WW8FieldDesc*, OUString& rStr ) if( aQ.isEmpty() ) return eF_ResT::TAGIGN; // -> no 0-char in text - if (sal_Unicode cChar = static_cast<sal_Unicode>(aQ.toInt32())) + sal_Unicode const cChar = static_cast<sal_Unicode>(aQ.toInt32()); + if (!linguistic::IsControlChar(cChar) || cChar == '\r' || cChar == '\n' || cChar == '\t') { if (!aName.isEmpty()) // Font Name set ? { @@ -2688,11 +2690,11 @@ void SwWW8ImplReader::Read_SubF_Ruby( WW8ReadFieldParams& rReadParam) if ((nBegin != -1) && (nEnd != -1) && (nBegin < nEnd)) { sText = sPart.copy(nBegin+1,nEnd-nBegin-1); + sText = sw::FilterControlChars(sText); } } } } - } break; } commit c02b6220f3f1c24342f37b4cc7425763f5a2355c Author: Michael Stahl <[email protected]> AuthorDate: Thu Nov 14 17:37:17 2019 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:42:03 2021 +0100 sw: WW8 import: instead of control character insert '?' for footnote SwWW8ImplReader::ReadChar() inserts a U+0002 control character to temporarily mark a footnote anchor; this is then deleted and replaced with a real footnote hint by SwWW8ImplReader::End_Footnote(). The assumption is that it is necessary to insert a placeholder character to be able to apply formatting to it. But if the document is corrupted, the control character could survive the import, which sounds less than ideal. So either make this magic character more explicit by documenting it in hintids.hxx and removing any outstanding ones at the end of the import, or use a non-offensive character instead; since this should only affect invalid documents, choose the solution with the least effort. Change-Id: I76d396258b32e0f0fb6393942a58a4dc57912211 Reviewed-on: https://gerrit.libreoffice.org/82760 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit 13ba765c444713b0b0b2f4b4231bdafcbbef6ad0) diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx index 097e1f8d273d..174c1f3d4a41 100644 --- a/sw/source/filter/ww8/ww8par.cxx +++ b/sw/source/filter/ww8/ww8par.cxx @@ -3726,7 +3726,7 @@ bool SwWW8ImplReader::ReadChar(long nPosCp, long nCpOfs) break; case 0x2: // TODO: Auto-Footnote-Number, should be replaced by SwWW8ImplReader::End_Footnote later if (!m_aFootnoteStack.empty()) - cInsert = 0x2; + cInsert = '?'; break; default: SAL_INFO( "sw.ww8.level2", "<unknownValue val=\"" << nWCharVal << "\">" ); commit 6d3c50331eb1cabf1aa0c71100fb7b5fdbe681d7 Author: Michael Stahl <[email protected]> AuthorDate: Tue Oct 29 15:54:41 2019 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:42:02 2021 +0100 writerfilter: rtftok: filter control characters ... in RTFDocumentImpl::checkUnicode(); see ooo86460-1.xls [sic] for an example. There is another caller of text() in rtfdispatchdestination.cxx:311 but it turns out that buffered text was created by text() in the first place. This shouldn't be a problem for DOCX because XML 1.0 doesn't allow the bad control characters anyway so the sax parser should report an error in that case. Reviewed-on: https://gerrit.libreoffice.org/81697 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Michael Stahl <[email protected]> (cherry picked from commit a6516c76c01b92f7d35bfb352b63af7de42b5707) Change-Id: Ice45e1c3c8c7db668a4cfb8364e42addea1777ce diff --git a/writerfilter/source/rtftok/rtfdocumentimpl.cxx b/writerfilter/source/rtftok/rtfdocumentimpl.cxx index 4094dc97dacf..fc6773203cf2 100644 --- a/writerfilter/source/rtftok/rtfdocumentimpl.cxx +++ b/writerfilter/source/rtftok/rtfdocumentimpl.cxx @@ -26,6 +26,7 @@ #include <tools/datetimeutils.hxx> #include <comphelper/classids.hxx> #include <comphelper/embeddedobjectcontainer.hxx> +#include <svl/lngmisc.hxx> #include <sfx2/sfxbasemodel.hxx> #include <sfx2/classificationhelper.hxx> #include <oox/mathml/import.hxx> @@ -3413,11 +3414,34 @@ bool RTFDocumentImpl::getSkipUnknown() { return m_bSkipUnknown; } void RTFDocumentImpl::setSkipUnknown(bool bSkipUnknown) { m_bSkipUnknown = bSkipUnknown; } +static auto FilterControlChars(Destination const destination, OUString const& rString) -> OUString +{ + if (destination == Destination::LEVELNUMBERS || destination == Destination::LEVELTEXT) + { // control characters are magic here! + return rString; + } + OUStringBuffer buf(rString.getLength()); + for (sal_Int32 i = 0; i < rString.getLength(); ++i) + { + sal_Unicode const ch(rString[i]); + if (!linguistic::IsControlChar(ch) || ch == '\r' || ch == '\n' || ch == '\t') + { + buf.append(ch); + } + else + { + SAL_INFO("writerfilter.rtf", "filtering control character"); + } + } + return buf.makeStringAndClear(); +} + void RTFDocumentImpl::checkUnicode(bool bUnicode, bool bHex) { if (bUnicode && !m_aUnicodeBuffer.isEmpty()) { OUString aString = m_aUnicodeBuffer.makeStringAndClear(); + aString = FilterControlChars(m_aStates.top().eDestination, aString); text(aString); } if (bHex && !m_aHexBuffer.isEmpty()) @@ -3427,6 +3451,7 @@ void RTFDocumentImpl::checkUnicode(bool bUnicode, bool bHex) && m_aStates.top().nCurrentEncoding == RTL_TEXTENCODING_SYMBOL) nEncoding = RTL_TEXTENCODING_MS_1252; OUString aString = OStringToOUString(m_aHexBuffer.makeStringAndClear(), nEncoding); + aString = FilterControlChars(m_aStates.top().eDestination, aString); text(aString); } } commit fc032ed3eb05bfba1dcd07bce566346b3f6f2fb9 Author: Michael Stahl <[email protected]> AuthorDate: Tue Oct 29 15:52:34 2019 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:42:02 2021 +0100 sw: UNO API: do not allow inserting control characters into nodes Refuse invalid input in DocInsertStringSplitCR(). Reviewed-on: https://gerrit.libreoffice.org/81696 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 9b1e3e9bfdc0639630a367e45e4bdc2e9f22e503) Change-Id: I097c1b3a1f70b0cf1fa3fc33fc1d965ee6c96280 diff --git a/sw/source/core/unocore/unocrsrhelper.cxx b/sw/source/core/unocore/unocrsrhelper.cxx index 227c08f131bc..f0bca8cf4903 100644 --- a/sw/source/core/unocore/unocrsrhelper.cxx +++ b/sw/source/core/unocore/unocrsrhelper.cxx @@ -65,6 +65,7 @@ #include <cntfrm.hxx> #include <pagefrm.hxx> #include <svl/eitem.hxx> +#include <svl/lngmisc.hxx> #include <docary.hxx> #include <swtable.hxx> #include <tox.hxx> @@ -1107,6 +1108,17 @@ bool DocInsertStringSplitCR( { bool bOK = true; + for (sal_Int32 i = 0; i < rText.getLength(); ++i) + { + sal_Unicode const ch(rText[i]); + if (linguistic::IsControlChar(ch) + && ch != '\r' && ch != '\n' && ch != '\t') + { + SAL_WARN("sw.uno", "DocInsertStringSplitCR: refusing to insert control character " << int(ch)); + return false; + } + } + const SwInsertFlags nInsertFlags = bForceExpandHints ? ( SwInsertFlags::FORCEHINTEXPAND | SwInsertFlags::EMPTYEXPAND) commit 85f3d259b4621decf7c4287ecfcbd6df61f7f13b Author: Michael Stahl <[email protected]> AuthorDate: Mon Oct 28 14:31:23 2019 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:42:01 2021 +0100 svl: HTMLParser: stop inserting control character garbage into Writer E.g. rhbz433940-1.html contains literal ^G characters that are inserted as-is into SwTextNodes. This now triggers assert about CH_TXT_ATR_FIELDSTART in SwSubFont::GetTextSize_() that was added in 19a559b0ec9b806519c405651d6d2b2e14712b4a. Change-Id: I6aa7de41a04069e15b40865fd57894dae0fc10db Reviewed-on: https://gerrit.libreoffice.org/81606 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Michael Stahl <[email protected]> (cherry picked from commit 35d248cab1f0d4800f72abb5cb6afb56f40d9083) diff --git a/svtools/source/svhtml/parhtml.cxx b/svtools/source/svhtml/parhtml.cxx index be3167d30053..dad59b28a2ab 100644 --- a/svtools/source/svhtml/parhtml.cxx +++ b/svtools/source/svhtml/parhtml.cxx @@ -29,6 +29,7 @@ #include <tools/datetime.hxx> #include <unotools/datetime.hxx> #include <svl/inettype.hxx> +#include <svl/lngmisc.hxx> #include <com/sun/star/beans/PropertyAttribute.hpp> #include <com/sun/star/document/XDocumentProperties.hpp> @@ -454,8 +455,12 @@ HtmlTokenId HTMLParser::ScanText( const sal_Unicode cBreak ) else nNextCh = 0U; - if ( ! rtl::isUnicodeCodePoint( cChar ) ) + if (!rtl::isUnicodeCodePoint(cChar) + || (linguistic::IsControlChar(cChar) + && cChar != '\r' && cChar != '\n' && cChar != '\t')) + { cChar = '?'; + } } else if( rtl::isAsciiAlpha( nNextCh ) ) { @@ -743,8 +748,11 @@ HtmlTokenId HTMLParser::ScanText( const sal_Unicode cBreak ) else { do { + if (!linguistic::IsControlChar(nNextCh)) + { // All remaining characters make their way into the text. - sTmpBuffer.appendUtf32( nNextCh ); + sTmpBuffer.appendUtf32( nNextCh ); + } if( MAX_LEN == sTmpBuffer.getLength() ) { aToken += sTmpBuffer.makeStringAndClear(); @@ -971,8 +979,11 @@ HtmlTokenId HTMLParser::GetNextRawToken() } SAL_FALLTHROUGH; default: - // all remaining characters are appended to the buffer - sTmpBuffer.appendUtf32( nNextCh ); + if (!linguistic::IsControlChar(nNextCh) || nNextCh == '\t') + { + // all remaining characters are appended to the buffer + sTmpBuffer.appendUtf32( nNextCh ); + } break; } commit 58d9d287191d3260f7c6332b36bd736e6eb0ec6d Author: Caolán McNamara <[email protected]> AuthorDate: Sat Oct 3 21:56:19 2020 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:42:01 2021 +0100 ofz#26122 allow NINSIZE input full elements Change-Id: Ifbde8fc055a91e23db08508a34ce4664d2f1f96f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103906 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit fb0c3f9d8964f8c0f40238559c32d9d73cba6b55) diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx index 2b636f7777da..1177651c324d 100644 --- a/vcl/source/font/fontcharmap.cxx +++ b/vcl/source/font/fontcharmap.cxx @@ -331,7 +331,8 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) static const int NINSIZE = 64; static const int NOUTSIZE = 64; - sal_Char cCharsInp[ NINSIZE ]; + std::vector<char> cCharsInp; + cCharsInp.reserve(NINSIZE); sal_Unicode cCharsOut[ NOUTSIZE ]; sal_UCS4* pCP = pCodePairs; for( int i = 0; i < nRangeCount; ++i ) @@ -342,25 +343,26 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) // input codepoints in 0..SAL_MAX_UINT16 range while (cMin < cEnd && cMin <= SAL_MAX_UINT16) { - int j = 0; - for(; (cMin < cEnd) && (j < NINSIZE); ++cMin ) + for (int j = 0; (cMin < cEnd) && (j < NINSIZE); ++cMin, ++j) { if( cMin >= 0x0100 ) - cCharsInp[ j++ ] = static_cast<sal_Char>(cMin >> 8); + cCharsInp.push_back(static_cast<char>(cMin >> 8)); if( (cMin >= 0x0100) || (cMin < 0x00A0) ) - cCharsInp[ j++ ] = static_cast<sal_Char>(cMin); + cCharsInp.push_back(static_cast<char>(cMin)); } sal_uInt32 nCvtInfo; sal_Size nSrcCvtBytes; int nOutLen = rtl_convertTextToUnicode( aConverter, aCvtContext, - cCharsInp, j, cCharsOut, NOUTSIZE, + cCharsInp.data(), cCharsInp.size(), cCharsOut, NOUTSIZE, RTL_TEXTTOUNICODE_FLAGS_INVALID_IGNORE | RTL_TEXTTOUNICODE_FLAGS_UNDEFINED_IGNORE, &nCvtInfo, &nSrcCvtBytes ); - for( j = 0; j < nOutLen; ++j ) + cCharsInp.clear(); + + for (int j = 0; j < nOutLen; ++j) aSupportedCodePoints.insert( cCharsOut[j] ); } } commit 0fd4ee6d4fb0598bbf282d837018a3d82cb9f9ee Author: Caolán McNamara <[email protected]> AuthorDate: Tue Sep 29 20:59:40 2020 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:42:01 2021 +0100 ofz#25989 cmap parsing Change-Id: I048e5d88d5926a4afa75afab18db5ca6354e2454 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103641 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 9a1202edab0cfe95572f12a8c49ef756ead49bf2) diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx index 8b2236d38e1b..2b636f7777da 100644 --- a/vcl/source/font/fontcharmap.cxx +++ b/vcl/source/font/fontcharmap.cxx @@ -227,7 +227,7 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) // update the glyphid-array with the glyphs in this range pStartGlyphs[i] = -static_cast<int>(aGlyphIdArray.size()); const unsigned char* pGlyphIdPtr = pOffsetBase + 2*i + nRangeOffset; - const size_t nRemainingSize = pEndValidArea - pGlyphIdPtr; + const size_t nRemainingSize = pEndValidArea >= pGlyphIdPtr ? pEndValidArea - pGlyphIdPtr : 0; const size_t nMaxPossibleRecords = nRemainingSize/2; if (nMaxPossibleRecords == 0) { // no sane font should trigger this SAL_WARN("vcl.gdi", "More indexes claimed that space available in font!"); commit 45849da277333d7e3c145d64bd55a11ae3939286 Author: Caolán McNamara <[email protected]> AuthorDate: Tue Sep 15 16:36:17 2020 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:42:00 2021 +0100 ofz#25684 keep ParseCMAP within legal area Change-Id: Iee18b5a9390b79efa67414ea2d229d2816c84e18 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102776 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit a014c82522834c972e247a28d8e5f42998ae3c0e) ofz#25696 OOM Change-Id: Ia69e9ce1ca0156e960dddb7e0bf98dfd2be2d7cc Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102846 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit d57b14e3394b081adf0888ed8dcb7b86d66c246c) ofz#25774 keep ParseCMAP within legal area Change-Id: Ic68fadd3d63631cbccda76e7679d95bb89452d25 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103017 Tested-by: Caolán McNamara <[email protected]> Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit f8474367449a1b6b54918d2753e3a36798761839) Fix crash from broken font CMAP subtable ParseCMAP crashes on a broken CMAP subtable of a font used by the bugdoc of tdf#119074, which returns a negative offset (technically it's large positive offset turning into a wrong negative integer, which is still out of bounds of the CMAP overall size - you get the point). This simply ignores that broken subtable, checking for other existing ones. Regressed-by: c7482bc2904401e7d975b5721ec861b8589253f9 Change-Id: I95820fe3bb6bd2fe2e0cf9d4c3536abce31fd497 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103033 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 9bf4c5ac49b73cc2a8c89a87ff87238c061a579d) Missing include (for std::max, since f8474367449a1b6b54918d2753e3a36798761839 "ofz#25774 keep ParseCMAP within legal area") Change-Id: I873c788577e9ec3bd54d9e637d2cf86be7c1f6e6 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103089 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <[email protected]> (cherry picked from commit 8cc52b05744443c64cf5eb62ebe3098cd964c437) ofz#25855 overflow in nTmpOffset we already know nLength is >= 24 so just move the calc to the other term Change-Id: Ic52f1686ccf81e6b13d7eb7e74dbd9cb51c8ea01 ofz#25868 Timeout, encoding conversion only sane in 0..SAL_MAX_UINT16 range so ignore points outside that range to avoid ludicrous ranges that aren't possible in the input encoding Change-Id: Ifb7b9b389d4a31b8820a7da661249223fe1e110c Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103261 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit 1e41300a9552f90b3d75d5ffadd31ae42a28d249) diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx index 5091d226a0af..8b2236d38e1b 100644 --- a/vcl/source/font/fontcharmap.cxx +++ b/vcl/source/font/fontcharmap.cxx @@ -19,6 +19,7 @@ #include <fontinstance.hxx> #include <impfontcharmap.hxx> +#include <algorithm> #include <vector> #include <set> @@ -148,6 +149,10 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) continue; int nTmpOffset = GetUInt( p+4 ); + + if (nTmpOffset > nLength - 2 || nTmpOffset < 0) + continue; + int nTmpFormat = GetUShort( pCmap + nTmpOffset ); if( nTmpFormat == 12 ) // 32bit code -> glyph map format nValue += 3; @@ -177,12 +182,29 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) { int nSegCountX2 = GetUShort( pCmap + nOffset + 6 ); nRangeCount = nSegCountX2/2 - 1; - pCodePairs = new sal_UCS4[ nRangeCount * 2 ]; - pStartGlyphs = new int[ nRangeCount ]; + if (nRangeCount < 0) + { + SAL_WARN("vcl.gdi", "negative RangeCount"); + nRangeCount = 0; + } + const unsigned char* pLimitBase = pCmap + nOffset + 14; const unsigned char* pBeginBase = pLimitBase + nSegCountX2 + 2; const unsigned char* pDeltaBase = pBeginBase + nSegCountX2; const unsigned char* pOffsetBase = pDeltaBase + nSegCountX2; + + const int nOffsetBaseStart = pOffsetBase - pCmap; + const int nRemainingLen = nLength - nOffsetBaseStart; + const int nMaxPossibleRangeOffsets = nRemainingLen / 2; + if (nRangeCount > nMaxPossibleRangeOffsets) + { + SAL_WARN("vcl.gdi", "more range offsets requested then space available"); + nRangeCount = std::max(0, nMaxPossibleRangeOffsets); + } + + pCodePairs = new sal_UCS4[ nRangeCount * 2 ]; + pStartGlyphs = new int[ nRangeCount ]; + sal_UCS4* pCP = pCodePairs; for( int i = 0; i < nRangeCount; ++i ) { @@ -242,7 +264,7 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) if (nRangeCount > nMaxPossiblePairs) { SAL_WARN("vcl.gdi", "more code pairs requested then space available"); - nRangeCount = nMaxPossiblePairs; + nRangeCount = std::max(0, nMaxPossiblePairs); } pCodePairs = new sal_UCS4[ nRangeCount * 2 ]; @@ -316,7 +338,9 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) { sal_UCS4 cMin = *(pCP++); sal_UCS4 cEnd = *(pCP++); - while( cMin < cEnd ) + // ofz#25868 the conversion only makes sense with + // input codepoints in 0..SAL_MAX_UINT16 range + while (cMin < cEnd && cMin <= SAL_MAX_UINT16) { int j = 0; for(; (cMin < cEnd) && (j < NINSIZE); ++cMin ) commit 5c3381d20871c04c34ac48c1a7aa1dd585f91721 Author: Caolán McNamara <[email protected]> AuthorDate: Wed Jul 24 12:18:10 2019 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:42:00 2021 +0100 cid#1209863 Untrusted loop bound Change-Id: Ic8d20e92b4021dfebe01e1265c3afb2bcd509827 Reviewed-on: https://gerrit.libreoffice.org/76259 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit 52b92a591943c1988fd3d660bd6fc5ac53ce0f33) diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx index 588dda386f46..5091d226a0af 100644 --- a/vcl/source/font/fontcharmap.cxx +++ b/vcl/source/font/fontcharmap.cxx @@ -230,6 +230,11 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) else if( (nFormat == 12) && ((nOffset+16) < nLength) ) { nRangeCount = GetUInt( pCmap + nOffset + 12 ); + if (nRangeCount < 0) + { + SAL_WARN("vcl.gdi", "negative RangeCount"); + nRangeCount = 0; + } const int nGroupOffset = nOffset + 16; const int nRemainingLen = nLength - nGroupOffset; commit 66bd97aeef6c931d4e1082976ab5306a69273d33 Author: Caolán McNamara <[email protected]> AuthorDate: Mon Jul 22 09:13:14 2019 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:59 2021 +0100 cid#1209863 Untrusted loop bound Change-Id: Ie9c3672a065b9df4580559cd927c6b1524edde0e Reviewed-on: https://gerrit.libreoffice.org/76099 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit a6eaacf66ccc8f83b075b775f4dfa0aace0c3e3a) diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx index 02171f4f7a91..588dda386f46 100644 --- a/vcl/source/font/fontcharmap.cxx +++ b/vcl/source/font/fontcharmap.cxx @@ -230,9 +230,20 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) else if( (nFormat == 12) && ((nOffset+16) < nLength) ) { nRangeCount = GetUInt( pCmap + nOffset + 12 ); + + const int nGroupOffset = nOffset + 16; + const int nRemainingLen = nLength - nGroupOffset; + const int nMaxPossiblePairs = nRemainingLen / 12; + if (nRangeCount > nMaxPossiblePairs) + { + SAL_WARN("vcl.gdi", "more code pairs requested then space available"); + nRangeCount = nMaxPossiblePairs; + } + pCodePairs = new sal_UCS4[ nRangeCount * 2 ]; pStartGlyphs = new int[ nRangeCount ]; - const unsigned char* pGroup = pCmap + nOffset + 16; + + const unsigned char* pGroup = pCmap + nGroupOffset; sal_UCS4* pCP = pCodePairs; for( int i = 0; i < nRangeCount; ++i ) { commit 32c224e88f0a598c00de977112362252ee031fc3 Author: Caolán McNamara <[email protected]> AuthorDate: Wed Jul 24 12:07:57 2019 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:59 2021 +0100 rename search+replaced Getsal_uInt16 result back to GetUShort Change-Id: Ia6e35d0ca15b0ac2310ad847c6eda6db548b25f6 Reviewed-on: https://gerrit.libreoffice.org/76258 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit 63922db083dc70c9b248c9eb34b24382048adf08) diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx index 4064dd1e86e3..02171f4f7a91 100644 --- a/vcl/source/font/fontcharmap.cxx +++ b/vcl/source/font/fontcharmap.cxx @@ -85,7 +85,7 @@ bool ImplFontCharMap::isDefaultMap() const } static unsigned GetUInt( const unsigned char* p ) { return((p[0]<<24)+(p[1]<<16)+(p[2]<<8)+p[3]);} -static unsigned Getsal_uInt16( const unsigned char* p ){ return((p[0]<<8) | p[1]);} +static unsigned GetUShort( const unsigned char* p ){ return((p[0]<<8) | p[1]);} static int GetSShort( const unsigned char* p ){ return static_cast<sal_Int16>((p[0]<<8)|p[1]);} // TODO: move CMAP parsing directly into the ImplFontCharMap class @@ -102,10 +102,10 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) if( !pCmap || (nLength < 24) ) return false; - if( Getsal_uInt16( pCmap ) != 0x0000 ) // simple check for CMAP corruption + if( GetUShort( pCmap ) != 0x0000 ) // simple check for CMAP corruption return false; - int nSubTables = Getsal_uInt16( pCmap + 2 ); + int nSubTables = GetUShort( pCmap + 2 ); if( (nSubTables <= 0) || (nLength < (24 + 8*nSubTables)) ) return false; @@ -118,8 +118,8 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) int nBestVal = 0; for( const unsigned char* p = pCmap + 4; --nSubTables >= 0; p += 8 ) { - int nPlatform = Getsal_uInt16( p ); - int nEncoding = Getsal_uInt16( p+2 ); + int nPlatform = GetUShort( p ); + int nEncoding = GetUShort( p+2 ); int nPlatformEncoding = (nPlatform << 8) + nEncoding; int nValue; @@ -148,7 +148,7 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) continue; int nTmpOffset = GetUInt( p+4 ); - int nTmpFormat = Getsal_uInt16( pCmap + nTmpOffset ); + int nTmpFormat = GetUShort( pCmap + nTmpOffset ); if( nTmpFormat == 12 ) // 32bit code -> glyph map format nValue += 3; else if( nTmpFormat != 4 ) // 16bit code -> glyph map format @@ -175,7 +175,7 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) // format 4, the most common 16bit char mapping table if( (nFormat == 4) && ((nOffset+16) < nLength) ) { - int nSegCountX2 = Getsal_uInt16( pCmap + nOffset + 6 ); + int nSegCountX2 = GetUShort( pCmap + nOffset + 6 ); nRangeCount = nSegCountX2/2 - 1; pCodePairs = new sal_UCS4[ nRangeCount * 2 ]; pStartGlyphs = new int[ nRangeCount ]; @@ -186,10 +186,10 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) sal_UCS4* pCP = pCodePairs; for( int i = 0; i < nRangeCount; ++i ) { - const sal_UCS4 cMinChar = Getsal_uInt16( pBeginBase + 2*i ); - const sal_UCS4 cMaxChar = Getsal_uInt16( pLimitBase + 2*i ); + const sal_UCS4 cMinChar = GetUShort( pBeginBase + 2*i ); + const sal_UCS4 cMaxChar = GetUShort( pLimitBase + 2*i ); const int nGlyphDelta = GetSShort( pDeltaBase + 2*i ); - const int nRangeOffset = Getsal_uInt16( pOffsetBase + 2*i ); + const int nRangeOffset = GetUShort( pOffsetBase + 2*i ); if( cMinChar > cMaxChar ) { // no sane font should trigger this SAL_WARN("vcl.gdi", "Min char should never be more than the max char!"); break; @@ -217,7 +217,7 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) break; } for( sal_UCS4 c = cMinChar; c <= cMaxChar; ++c, pGlyphIdPtr+=2 ) { - const int nGlyphIndex = Getsal_uInt16( pGlyphIdPtr ) + nGlyphDelta; + const int nGlyphIndex = GetUShort( pGlyphIdPtr ) + nGlyphDelta; aGlyphIdArray.push_back( static_cast<sal_uInt16>(nGlyphIndex) ); } } commit 3972fdaf694341c48a09ef186932ed91525ff82a Author: Caolán McNamara <[email protected]> AuthorDate: Sun Oct 18 20:36:16 2020 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:59 2021 +0100 ofz#26480 validate WW8PLCFpcd is sorted like WW8PLCF does Change-Id: I11393c730986585aeea229ebeec6417e4a0578d9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104510 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 7f55db80c6fe42c162bbf51404e638a66b6ae9ab) diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx index 85ef44ee3e3b..38e3783e934b 100644 --- a/sw/source/filter/ww8/ww8scan.cxx +++ b/sw/source/filter/ww8/ww8scan.cxx @@ -2324,26 +2324,40 @@ void WW8PLCF::ReadPLCF(SvStream& rSt, WW8_FC nFilePos, sal_uInt32 nPLCF) void WW8PLCF::MakeFailedPLCF() { nIMax = 0; - pPLCF_PosArray.reset( new sal_Int32[2] ); + pPLCF_PosArray.reset( new WW8_CP[2] ); pPLCF_PosArray[0] = pPLCF_PosArray[1] = WW8_CP_MAX; pPLCF_Contents = reinterpret_cast<sal_uInt8*>(&pPLCF_PosArray[nIMax + 1]); } -void WW8PLCF::TruncToSortedRange() +namespace { - //Docs state that: ... all Plcs ... are sorted in ascending order. - //So ensure that here for broken documents. - for (auto nI = 0; nI < nIMax; ++nI) + sal_Int32 TruncToSortedRange(const sal_Int32* pPLCF_PosArray, sal_Int32 nIMax) { - if (pPLCF_PosArray[nI] > pPLCF_PosArray[nI+1]) + //Docs state that: ... all Plcs ... are sorted in ascending order. + //So ensure that here for broken documents. + for (auto nI = 0; nI < nIMax; ++nI) { - SAL_WARN("sw.ww8", "Document has unsorted PLCF, truncated to sorted portion"); - nIMax = nI; - break; + if (pPLCF_PosArray[nI] > pPLCF_PosArray[nI+1]) + { + SAL_WARN("sw.ww8", "Document has unsorted PLCF, truncated to sorted portion"); + nIMax = nI; + break; + } } + return nIMax; } } +void WW8PLCFpcd::TruncToSortedRange() +{ + nIMax = ::TruncToSortedRange(pPLCF_PosArray.get(), nIMax); +} + +void WW8PLCF::TruncToSortedRange() +{ + nIMax = ::TruncToSortedRange(pPLCF_PosArray.get(), nIMax); +} + void WW8PLCF::GeneratePLCF(SvStream& rSt, sal_Int32 nPN, sal_Int32 ncpN) { OSL_ENSURE( nIMax < ncpN, "Pcl.Fkp: Why is PLCF too big?" ); @@ -2365,7 +2379,7 @@ void WW8PLCF::GeneratePLCF(SvStream& rSt, sal_Int32 nPN, sal_Int32 ncpN) { size_t nSiz = (4 + nStru) * nIMax + 4; size_t nElems = ( nSiz + 3 ) / 4; - pPLCF_PosArray.reset( new sal_Int32[ nElems ] ); // Pointer to Pos-array + pPLCF_PosArray.reset( new WW8_CP[ nElems ] ); // Pointer to Pos-array for (sal_Int32 i = 0; i < ncpN && !failure; ++i) { @@ -2499,7 +2513,7 @@ WW8PLCFpcd::WW8PLCFpcd(SvStream* pSt, sal_uInt32 nFilePos, bValid = false; nPLCF = bValid ? std::min(nRemainingSize, static_cast<std::size_t>(nPLCF)) : nValidMin; - pPLCF_PosArray.reset( new sal_Int32[ ( nPLCF + 3 ) / 4 ] ); // Pointer to Pos-array + pPLCF_PosArray.reset( new WW8_CP[ ( nPLCF + 3 ) / 4 ] ); // Pointer to Pos-array pPLCF_PosArray[0] = 0; nPLCF = bValid ? pSt->ReadBytes(pPLCF_PosArray.get(), nPLCF) : nValidMin; @@ -2513,6 +2527,7 @@ WW8PLCFpcd::WW8PLCFpcd(SvStream* pSt, sal_uInt32 nFilePos, // Pointer to content array pPLCF_Contents = reinterpret_cast<sal_uInt8*>(&pPLCF_PosArray[nIMax + 1]); + TruncToSortedRange(); pSt->Seek( nOldPos ); } diff --git a/sw/source/filter/ww8/ww8scan.hxx b/sw/source/filter/ww8/ww8scan.hxx index e3331305e5a2..88196d73855f 100644 --- a/sw/source/filter/ww8/ww8scan.hxx +++ b/sw/source/filter/ww8/ww8scan.hxx @@ -346,14 +346,16 @@ class WW8PLCFpcd { friend class WW8PLCFpcd_Iter; - std::unique_ptr<sal_Int32[]> pPLCF_PosArray; // pointer to Pos-array and the whole structure + std::unique_ptr<WW8_CP[]> pPLCF_PosArray; // pointer to Pos-array and the whole structure sal_uInt8* pPLCF_Contents; // pointer to content-array-part of Pos-array - long nIMax; + sal_Int32 nIMax; sal_uInt32 nStru; WW8PLCFpcd(const WW8PLCFpcd&) = delete; WW8PLCFpcd& operator=(const WW8PLCFpcd&) = delete; + void TruncToSortedRange(); + public: WW8PLCFpcd(SvStream* pSt, sal_uInt32 nFilePos, sal_uInt32 nPLCF, sal_uInt32 nStruct); commit 6ec7e44874f591e5bfa6795b1361729f55cf7e64 Author: Caolán McNamara <[email protected]> AuthorDate: Sat Mar 7 19:24:42 2020 +0000 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:58 2021 +0100 ofz#20622 oom Change-Id: Id77d90197e98d29787a40966f248dd769c9dac28 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/90175 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> (cherry picked from commit 1e95c2c17a49349caba1e62b4de3752c5f767f01) diff --git a/include/vcl/BitmapTools.hxx b/include/vcl/BitmapTools.hxx index 75eb6ed53077..2ff0f69eea79 100644 --- a/include/vcl/BitmapTools.hxx +++ b/include/vcl/BitmapTools.hxx @@ -45,7 +45,8 @@ public: assert(nBitCount == 24 || nBitCount == 32); sal_Int32 nRowSize, nDataSize; if (o3tl::checked_multiply<sal_Int32>(rSize.getWidth(), nBitCount/8, nRowSize) || - o3tl::checked_multiply<sal_Int32>(nRowSize, rSize.getHeight(), nDataSize)) + o3tl::checked_multiply<sal_Int32>(nRowSize, rSize.getHeight(), nDataSize) || + nDataSize < 0) { throw std::bad_alloc(); } commit ef5683c8640056e1ea8e9428df40c70c4b7e66d4 Author: Caolán McNamara <[email protected]> AuthorDate: Wed Sep 23 12:44:14 2020 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:58 2021 +0100 ofz#25881 use std::vector with bounds checking accessor Change-Id: Ic557e85bce5f3ebe7224b0aa2192a74969f4fce2 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103194 Tested-by: Jenkins Reviewed-by: Xisco Fauli <[email protected]> (cherry picked from commit f074ad34d5fbc52f4f8df4eec31ba95ee92f879b) diff --git a/lotuswordpro/source/filter/lwptablelayout.cxx b/lotuswordpro/source/filter/lwptablelayout.cxx index 51d2a25ab641..dcdd5651db6b 100644 --- a/lotuswordpro/source/filter/lwptablelayout.cxx +++ b/lotuswordpro/source/filter/lwptablelayout.cxx @@ -852,7 +852,7 @@ sal_uInt16 LwpTableLayout::ConvertHeadingRow( ConvertTable(pTmpTable.get(),nStartHeadRow,nEndHeadRow,0,nCol); sal_uInt16 nRowNum = pTmpTable->GetRowCount(); - std::unique_ptr<sal_uInt8[]> CellMark( new sal_uInt8[nRowNum] ); + std::vector<sal_uInt8> CellMark(nRowNum); if (nRowNum == 1) { @@ -864,11 +864,11 @@ sal_uInt16 LwpTableLayout::ConvertHeadingRow( else { sal_uInt8 nFirstColSpann = 1; - const bool bFindFlag = FindSplitColMark(pTmpTable.get(),CellMark.get(),nFirstColSpann); + const bool bFindFlag = FindSplitColMark(pTmpTable.get(), CellMark, nFirstColSpann); if (bFindFlag)//split to 2 cells { - SplitRowToCells(pTmpTable.get(),pXFTable,nFirstColSpann,CellMark.get()); + SplitRowToCells(pTmpTable.get(), pXFTable, nFirstColSpann, CellMark.data()); nContentRow = nEndHeadRow; } else//can not split,the first row will be the heading row,the rest will be content row @@ -982,7 +982,7 @@ void LwpTableLayout::SplitRowToCells(XFTable* pTmpTable, rtl::Reference<XFTable> * @param pXFTable - pointer of tmp XFtable * @param CellMark - pointer of cell mark array */ -bool LwpTableLayout::FindSplitColMark(XFTable* pXFTable, sal_uInt8* pCellMark, +bool LwpTableLayout::FindSplitColMark(XFTable* pXFTable, std::vector<sal_uInt8>& rCellMark, sal_uInt8& nMaxColSpan) { sal_uInt16 nRowNum = pXFTable->GetRowCount(); @@ -1012,7 +1012,7 @@ bool LwpTableLayout::FindSplitColMark(XFTable* pXFTable, sal_uInt8* pCellMark, } if (nColSpan > nMaxColSpan) nMaxColSpan = nColSpan; - pCellMark[nRowLoop] = 0;//reset all cell mark to zero + rCellMark.at(nRowLoop) = 0;//reset all cell mark to zero } //find if other row has the same column @@ -1035,11 +1035,11 @@ bool LwpTableLayout::FindSplitColMark(XFTable* pXFTable, sal_uInt8* pCellMark, if (nCellMark == 0) break; else - pCellMark[nRowLoop] = nCellMark; + rCellMark.at(nRowLoop) = nCellMark; } for(nRowLoop=1;nRowLoop<=nRowNum;nRowLoop++)//check if all ==0,break { - if (pCellMark[nRowLoop] == 0) + if (rCellMark.at(nRowLoop) == 0) break; } if (nRowLoop == nRowNum+1) diff --git a/lotuswordpro/source/filter/lwptablelayout.hxx b/lotuswordpro/source/filter/lwptablelayout.hxx index 700c16647472..1f8dc1ae8247 100644 --- a/lotuswordpro/source/filter/lwptablelayout.hxx +++ b/lotuswordpro/source/filter/lwptablelayout.hxx @@ -141,7 +141,7 @@ private: sal_uInt8 nEndCol, sal_uInt16 nRowID); void ConvertColumn(rtl::Reference<XFTable> const & pXFTable, sal_uInt8 nStartCol, sal_uInt8 nEndCol); sal_uInt16 ConvertHeadingRow(rtl::Reference<XFTable> const & pXFTable,sal_uInt16 nStartHeadRow,sal_uInt16 nEndHeadRow); - static bool FindSplitColMark(XFTable* pXFTable,sal_uInt8* pCellMark,sal_uInt8& nMaxColSpan); + static bool FindSplitColMark(XFTable* pXFTable, std::vector<sal_uInt8>& rCellMark, sal_uInt8& nMaxColSpan); void SplitRowToCells(XFTable* pTmpTable, rtl::Reference<XFTable> const & pXFTable, sal_uInt8 nFirstColSpann, const sal_uInt8* pCellMark); commit 1d9587cb21559fabc0c3b2c99ff03b5bd77cabe5 Author: Caolán McNamara <[email protected]> AuthorDate: Sun Jan 5 20:37:20 2020 +0000 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:57 2021 +0100 ofz#19803 check for negative values Change-Id: I30036a16cf1651a7e27c7aefa086b3725d58933a Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86250 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit 0ab8ae4d98122f7de50365a062675d001ef0ca6a) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/86340 Reviewed-by: Mike Kaganski <[email protected]> (cherry picked from commit a1c678bbb2d6b981b4c9ae346dba85d414c11c47) diff --git a/filter/source/graphicfilter/icgm/class7.cxx b/filter/source/graphicfilter/icgm/class7.cxx index f5341da51dc9..78af9f5f98fb 100644 --- a/filter/source/graphicfilter/icgm/class7.cxx +++ b/filter/source/graphicfilter/icgm/class7.cxx @@ -80,7 +80,7 @@ void CGM::ImplDoClass7() mpChart->mDataNode[ 0 ] = *reinterpret_cast<DataNode*>( pAppData ); sal_Int8 nZoneEnum = mpChart->mDataNode[ 0 ].nZoneEnum; - if ( nZoneEnum && ( nZoneEnum <= 6 ) ) + if (nZoneEnum > 0 && nZoneEnum <= 6) mpChart->mDataNode[ nZoneEnum ] = *reinterpret_cast<DataNode*>( pAppData ); } break; commit 359cdf66bf43a4e8cd1a103507b22d15d72aad32 Author: Caolán McNamara <[email protected]> AuthorDate: Mon Dec 2 13:03:48 2019 +0000 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:57 2021 +0100 ofz#19207 check max strlen possible Change-Id: I5fe9fde240ef375d9de097dda47953320ecc758d Reviewed-on: https://gerrit.libreoffice.org/84253 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit 3fa8ee239b9d2455c0d5dcc016ce973b7f6acf8d) diff --git a/filter/source/graphicfilter/icgm/class7.cxx b/filter/source/graphicfilter/icgm/class7.cxx index 54cebd4bdf2b..f5341da51dc9 100644 --- a/filter/source/graphicfilter/icgm/class7.cxx +++ b/filter/source/graphicfilter/icgm/class7.cxx @@ -127,9 +127,11 @@ void CGM::ImplDoClass7() nAttributes >>= 12; pTextEntry->nAttributes = nAttributes; pAppData += 8; - sal_uInt32 nLen = strlen( reinterpret_cast<char*>( pAppData ) ) + 1; - pTextEntry->pText = new char[ nLen ]; + auto nMaxLen = mpEndValidSource - pAppData; + sal_uInt32 nLen = strnlen(reinterpret_cast<char*>(pAppData), nMaxLen); + pTextEntry->pText = new char[nLen + 1]; memcpy( pTextEntry->pText, pAppData, nLen ); + pTextEntry->pText[nLen] = 0; pAppData += nLen; mpChart->InsertTextEntry( pTextEntry ); commit 0abcc2e68512d182a685d3179ab638c30e5db862 Author: Caolán McNamara <[email protected]> AuthorDate: Wed Nov 20 09:22:14 2019 +0000 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:56 2021 +0100 ofz#19010 wrong start of range Change-Id: Ibf97a830932d3f153b99031abc8c4a00b54cedab Reviewed-on: https://gerrit.libreoffice.org/83266 Reviewed-by: Stephan Bergmann <[email protected]> Tested-by: Jenkins (cherry picked from commit a83c4e295cd364bee949d776229f3cf17369d1cf) diff --git a/sal/textenc/tcvtkr6.tab b/sal/textenc/tcvtkr6.tab index 61d87c930b5b..874040396645 100644 --- a/sal/textenc/tcvtkr6.tab +++ b/sal/textenc/tcvtkr6.tab @@ -381,7 +381,7 @@ static ImplUniToDBCSHighTab const aKSC5601DBCSHighTab[256] = { 0x06, 0xFA, aImplUniToDBCSTab_KSC5601_56 }, /* 0x56 */ { 0x03, 0xFC, aImplUniToDBCSTab_KSC5601_57 }, /* 0x57 */ { 0x00, 0xFD, aImplUniToDBCSTab_KSC5601_58 }, /* 0x58 */ - { 0x07, 0xFF, aImplUniToDBCSTab_KSC5601_59 }, /* 0x59 */ + { 0x0F, 0xFF, aImplUniToDBCSTab_KSC5601_59 }, /* 0x59 */ { 0x01, 0xE9, aImplUniToDBCSTab_KSC5601_5A }, /* 0x5A */ { 0x05, 0xFA, aImplUniToDBCSTab_KSC5601_5B }, /* 0x5B */ { 0x01, 0xFD, aImplUniToDBCSTab_KSC5601_5C }, /* 0x5C */ commit f9004937e416b99afd10f87cc2ecb884120fcbac Author: Caolán McNamara <[email protected]> AuthorDate: Fri Nov 1 17:29:56 2019 +0000 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:56 2021 +0100 ofz#18646 ensure we are inside valid range Change-Id: Ide4d4bfad5b365a42790454cca709d175054c933 Reviewed-on: https://gerrit.libreoffice.org/81908 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit dc144f115eb2ef0945837d66fd5ebb1e5a1fa2eb) diff --git a/filter/source/graphicfilter/icgm/cgm.cxx b/filter/source/graphicfilter/icgm/cgm.cxx index f3c1ee5d7f72..d326a69d32e0 100644 --- a/filter/source/graphicfilter/icgm/cgm.cxx +++ b/filter/source/graphicfilter/icgm/cgm.cxx @@ -96,7 +96,7 @@ sal_uInt8 CGM::ImplGetByte( sal_uInt32 nSource, sal_uInt32 nPrecision ) sal_Int32 CGM::ImplGetI( sal_uInt32 nPrecision ) { sal_uInt8* pSource = mpSource + mnParaSize; - if (static_cast<sal_uIntPtr>(mpEndValidSource - pSource) < nPrecision) + if (pSource > mpEndValidSource || static_cast<sal_uIntPtr>(mpEndValidSource - pSource) < nPrecision) throw css::uno::Exception("attempt to read past end of input", nullptr); mnParaSize += nPrecision; switch( nPrecision ) @@ -128,7 +128,7 @@ sal_Int32 CGM::ImplGetI( sal_uInt32 nPrecision ) sal_uInt32 CGM::ImplGetUI( sal_uInt32 nPrecision ) { sal_uInt8* pSource = mpSource + mnParaSize; - if (static_cast<sal_uIntPtr>(mpEndValidSource - pSource) < nPrecision) + if (pSource > mpEndValidSource || static_cast<sal_uIntPtr>(mpEndValidSource - pSource) < nPrecision) throw css::uno::Exception("attempt to read past end of input", nullptr); mnParaSize += nPrecision; switch( nPrecision ) commit 856a45f21eaea5645837401e35f9c84c8f7cac4b Author: Caolán McNamara <[email protected]> AuthorDate: Thu Oct 24 09:52:44 2019 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:56 2021 +0100 Resolves: ofz#18414 drop apo anchor if it will be deleted Change-Id: Ic9dc053582055cae717df6244873cee14f6e44c6 Reviewed-on: https://gerrit.libreoffice.org/81433 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit 808da2c918e662c19618c9f4035e8c9a802bb887) diff --git a/sw/qa/core/data/ww8/pass/ofz18414-1.doc b/sw/qa/core/data/ww8/pass/ofz18414-1.doc new file mode 100644 index 000000000000..84204d197b70 Binary files /dev/null and b/sw/qa/core/data/ww8/pass/ofz18414-1.doc differ diff --git a/sw/source/filter/ww8/ww8par6.cxx b/sw/source/filter/ww8/ww8par6.cxx index 9b9998081fca..c7dc9724a4b3 100644 --- a/sw/source/filter/ww8/ww8par6.cxx +++ b/sw/source/filter/ww8/ww8par6.cxx @@ -2423,7 +2423,7 @@ bool SwWW8ImplReader::JoinNode(SwPaM &rPam, bool bStealAttr) if (bStealAttr) m_xCtrlStck->StealAttr(rPam.GetPoint()->nNode); - if (m_pLastAnchorPos || m_pPreviousNode) + if (m_pLastAnchorPos || m_pPreviousNode || (m_xSFlyPara && m_xSFlyPara->xMainTextPos)) { SwNodeIndex aToBeJoined(aPref, 1); @@ -2448,6 +2448,15 @@ bool SwWW8ImplReader::JoinNode(SwPaM &rPam, bool bStealAttr) if (aDropCharPos == aToBeJoined) m_pPreviousNode = nullptr; } + + if (m_xSFlyPara) + { + // If an open apo pos is here, then clear it before + // JoinNext destroys it + SwNodeIndex aOpenApoPos(m_xSFlyPara->xMainTextPos->nNode); + if (aOpenApoPos == aToBeJoined) + m_xSFlyPara->xMainTextPos.reset(); + } } pNode->JoinNext(); commit 7b69009c0aa1dc7de4be66ec1801a98e0dc25d28 Author: Caolán McNamara <[email protected]> AuthorDate: Wed Oct 23 10:47:30 2019 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:55 2021 +0100 ofz#18467 check against end of buffer Change-Id: Ibeed87e2e3af90219e7bbbd773d369c90f78a364 Reviewed-on: https://gerrit.libreoffice.org/81371 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit 36a1942bccdf63f26ea3a4497688f367083d2f0e) diff --git a/filter/source/graphicfilter/icgm/bitmap.cxx b/filter/source/graphicfilter/icgm/bitmap.cxx index f74ba6fb5d5b..260f7697ba99 100644 --- a/filter/source/graphicfilter/icgm/bitmap.cxx +++ b/filter/source/graphicfilter/icgm/bitmap.cxx @@ -79,6 +79,7 @@ void CGMBitmap::ImplGetBitmap( CGMBitmapDescriptor& rDesc ) switch ( rDesc.mnDstBitsPerPixel ) { case 1 : { + bool bOk = true; std::vector<Color> palette(2); if ( rDesc.mnLocalColorPrecision == 1 ) palette = ImplGeneratePalette( rDesc ); @@ -88,11 +89,18 @@ void CGMBitmap::ImplGetBitmap( CGMBitmapDescriptor& rDesc ) ? BMCOL( mpCGM->pElement->pFillBundle->GetColor() ) : BMCOL( mpCGM->pElement->aFillBundle.GetColor() ); }; - for ( ny = 0; --nyCount ; ny++, rDesc.mpBuf += rDesc.mnScanSize ) { + for (ny = 0; bOk && --nyCount; ny++, rDesc.mpBuf += rDesc.mnScanSize) { nxC = nxCount; for ( nx = 0; --nxC; nx++ ) { // this is not fast, but a one bit/pixel format is rarely used - sal_uInt8 colorIndex = static_cast<sal_uInt8>( (*( rDesc.mpBuf + (nx >> 3)) >> ((nx & 7)^7))) & 1; + const sal_uInt8* pPos = rDesc.mpBuf + (nx >> 3); + if (pPos >= rDesc.mpEndBuf) + { + SAL_WARN("filter.icgm", "buffer is too small"); + bOk = false; + break; + } + sal_uInt8 colorIndex = static_cast<sal_uInt8>((*pPos >> ((nx & 7)^7))) & 1; aBitmap.SetPixel(ny, nx, palette[colorIndex]); } } @@ -100,23 +108,40 @@ void CGMBitmap::ImplGetBitmap( CGMBitmapDescriptor& rDesc ) break; case 2 : { + bool bOk = true; auto palette = ImplGeneratePalette( rDesc ); - for ( ny = 0; --nyCount; ny++, rDesc.mpBuf += rDesc.mnScanSize ) { + for (ny = 0; bOk && --nyCount; ny++, rDesc.mpBuf += rDesc.mnScanSize) { nxC = nxCount; for ( nx = 0; --nxC; nx++ ) { // this is not fast, but a two bits/pixel format is rarely used - aBitmap.SetPixel(ny, nx, palette[static_cast<sal_uInt8>( (*(rDesc.mpBuf + (nx >> 2)) >> (((nx & 3)^3) << 1))) & 3]); + const sal_uInt8* pPos = rDesc.mpBuf + (nx >> 2); + if (pPos >= rDesc.mpEndBuf) + { + SAL_WARN("filter.icgm", "buffer is too small"); + bOk = false; + break; + } + aBitmap.SetPixel(ny, nx, palette[static_cast<sal_uInt8>( (*pPos >> (((nx & 3)^3) << 1))) & 3]); } } } break; case 4 : { + bool bOk = true; auto palette = ImplGeneratePalette( rDesc ); - for ( ny = 0; --nyCount; ny++, rDesc.mpBuf += rDesc.mnScanSize ) { + for (ny = 0; bOk && --nyCount; ny++, rDesc.mpBuf += rDesc.mnScanSize) { nxC = nxCount; sal_uInt8* pTemp = rDesc.mpBuf; for ( nx = 0; --nxC; nx++ ) { + + if (pTemp >= rDesc.mpEndBuf) + { + SAL_WARN("filter.icgm", "buffer is too small"); + bOk = false; + break; + } + sal_uInt8 nDat = *pTemp++; aBitmap.SetPixel(ny, nx, palette[static_cast<sal_uInt8>(nDat >> 4)]); @@ -131,11 +156,20 @@ void CGMBitmap::ImplGetBitmap( CGMBitmapDescriptor& rDesc ) break; case 8 : { + bool bOk = true; auto palette = ImplGeneratePalette( rDesc ); - for ( ny = 0; --nyCount; ny++, rDesc.mpBuf += rDesc.mnScanSize ) { + for (ny = 0; bOk && --nyCount; ny++, rDesc.mpBuf += rDesc.mnScanSize) { sal_uInt8* pTemp = rDesc.mpBuf; nxC = nxCount; for ( nx = 0; --nxC; nx++ ) { + + if (pTemp >= rDesc.mpEndBuf) + { + SAL_WARN("filter.icgm", "buffer is too small"); + bOk = false; + break; + } + aBitmap.SetPixel(ny, nx, palette[*(pTemp++)]); } } @@ -143,11 +177,20 @@ void CGMBitmap::ImplGetBitmap( CGMBitmapDescriptor& rDesc ) break; case 24 : { + bool bOk = true; Color aBitmapColor; - for ( ny = 0; --nyCount; ny++, rDesc.mpBuf += rDesc.mnScanSize ) { + for (ny = 0; bOk && --nyCount; ny++, rDesc.mpBuf += rDesc.mnScanSize) { sal_uInt8* pTemp = rDesc.mpBuf; nxC = nxCount; for ( nx = 0; --nxC; nx++ ) { + + if (pTemp + 2 >= rDesc.mpEndBuf) + { + SAL_WARN("filter.icgm", "buffer is too small"); + bOk = false; + break; + } + aBitmapColor.SetRed( *pTemp++ ); aBitmapColor.SetGreen( *pTemp++ ); aBitmapColor.SetBlue( *pTemp++ ); @@ -300,6 +343,7 @@ bool CGMBitmap::ImplGetDimensions( CGMBitmapDescriptor& rDesc ) if ( rDesc.mbStatus ) { rDesc.mpBuf = mpCGM->mpSource + mpCGM->mnParaSize; // mpBuf now points to the first scanline + rDesc.mpEndBuf = mpCGM->mpEndValidSource; mpCGM->mnParaSize += rDesc.mnScanSize * rDesc.mnY; } return rDesc.mbStatus; diff --git a/filter/source/graphicfilter/icgm/bitmap.hxx b/filter/source/graphicfilter/icgm/bitmap.hxx index 2d2c12fd64fd..971a33cf071b 100644 --- a/filter/source/graphicfilter/icgm/bitmap.hxx +++ b/filter/source/graphicfilter/icgm/bitmap.hxx @@ -30,6 +30,7 @@ class CGMBitmapDescriptor { public: sal_uInt8* mpBuf; + sal_uInt8* mpEndBuf; BitmapEx mxBitmap; bool mbStatus; bool mbVMirror; @@ -47,6 +48,7 @@ class CGMBitmapDescriptor CGMBitmapDescriptor() : mpBuf(nullptr) + , mpEndBuf(nullptr) , mbStatus(false) , mbVMirror(false) , mnDstBitsPerPixel(0) commit 08e601eb05b616ef90cfacd8a18cced66927f1a2 Author: Stephan Bergmann <[email protected]> AuthorDate: Thu Oct 17 14:52:16 2019 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:55 2021 +0100 Don't use uninitialized memory when reading from the stream fails Flathub arm builds (but not other arches) had often (but not always) failed when processing sc/qa/unit/data/qpro/pass/ofz14090-1.wb2 in CppunitTest_sc_filters_test (e.g., <https://flathub.org/builds/#/builders/1/builds/724>: > Test name: ScFiltersTest::testCVEs > equality assertion failed > - Expected: 1 > - Actual : 0 > - file:///run/build/libreoffice/sc/qa/unit/data/qpro/pass/ofz14090-1.wb2 ) Valgrind revealed that this was due to using unintialized memory when the various maIn.Read... in QProToSc::Convert failed, starting with the use of uninitialized nFmla[i] after maIn.ReadUChar( nFmla[i] ); At least make things deterministic by setting the relevant variables to zero. (Another approach could be returning early with some ConvErr status.) Change-Id: I4c06aa8da5f777170cdc7bbe3ca1d61b23d3f326 Reviewed-on: https://gerrit.libreoffice.org/80947 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <[email protected]> (cherry picked from commit 2704b9e3783aae9d8372f2e3ad3253a2cb49ae87) diff --git a/sc/source/filter/qpro/qproform.cxx b/sc/source/filter/qpro/qproform.cxx index 3943cd0c0878..9f804904bf2d 100644 --- a/sc/source/filter/qpro/qproform.cxx +++ b/sc/source/filter/qpro/qproform.cxx @@ -194,15 +194,14 @@ do { \ ConvErr QProToSc::Convert( const ScTokenArray*& pArray ) { - sal_uInt8 nFmla[ nBufSize ], nArg; + sal_uInt8 nFmla[ nBufSize ]; sal_uInt8 nArgArray[ nBufSize ] = {0}; sal_Int8 nCol, nPage; - sal_uInt16 nInt, nIntCount = 0, nStringCount = 0, nFloatCount = 0, nDLLCount = 0, nArgCount = 0; + sal_uInt16 nIntCount = 0, nStringCount = 0, nFloatCount = 0, nDLLCount = 0, nArgCount = 0; sal_uInt16 nIntArray[ nBufSize ] = {0}; OUString sStringArray[ nBufSize ]; - sal_uInt16 nDummy, nDLLId; sal_uInt16 nDLLArray[ nBufSize ] = {0}; - sal_uInt16 nNote, nRef, nRelBits; + sal_uInt16 nNote, nRelBits; TokenId nPush; ScComplexRefData aCRD; ScSingleRefData aSRD; @@ -213,16 +212,19 @@ ConvErr QProToSc::Convert( const ScTokenArray*& pArray ) aCRD.InitFlags(); aSRD.InitFlags(); + sal_uInt16 nRef = 0; maIn.ReadUInt16( nRef ); if( nRef < nBufSize ) { for( sal_uInt16 i=0; i < nRef; i++) { + nFmla[i] = 0; maIn.ReadUChar( nFmla[i] ); if( nFmla[ i ] == 0x05 ) { + sal_uInt16 nInt = 0; maIn.ReadUInt16( nInt ); nIntArray[ nIntCount ] = nInt; SAFEDEC_OR_RET(nRef, 2, ConvErr::Count); @@ -231,7 +233,7 @@ ConvErr QProToSc::Convert( const ScTokenArray*& pArray ) if( nFmla[ i ] == 0x00 ) { - double nFloat; + double nFloat = 0; maIn.ReadDouble( nFloat ); nFloatArray[ nFloatCount ] = nFloat; SAFEDEC_OR_RET(nRef, 8, ConvErr::Count); @@ -240,6 +242,8 @@ ConvErr QProToSc::Convert( const ScTokenArray*& pArray ) if( nFmla[ i ] == 0x1a ) { + sal_uInt8 nArg = 0; + sal_uInt16 nDummy, nDLLId = 0; maIn.ReadUChar( nArg ).ReadUInt16( nDummy ).ReadUInt16( nDLLId ); nArgArray[ nArgCount ] = nArg; nDLLArray[ nDLLCount ] = nDLLId; commit d13ff08fd9966bc52da772e7e469f067f73fc9f2 Author: Caolán McNamara <[email protected]> AuthorDate: Sat Mar 23 15:24:35 2019 +0000 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:54 2021 +0100 ofz#13881 Integer OverfloW Change-Id: I90dc8be47cff080bc4e8242c2ae0961c2bc92aba Reviewed-on: https://gerrit.libreoffice.org/69588 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit 44c63c0ba1eb491a9a2d8842badd1a5fc49376fd) diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx index 16cc14b4132d..85ef44ee3e3b 100644 --- a/sw/source/filter/ww8/ww8scan.cxx +++ b/sw/source/filter/ww8/ww8scan.cxx @@ -2011,7 +2011,11 @@ static bool WW8GetFieldPara(WW8PLCFspecial& rPLCF, WW8FieldDesc& rF) goto Err; } rF.nLRes -= rF.nSRes; // now: nLRes = length - rF.nSRes++; // Endpos including Markers + if (o3tl::checked_add<WW8_CP>(rF.nSRes, 1, rF.nSRes)) // Endpos including Markers + { + rF.nLen = 0; + goto Err; + } rF.nLRes--; }else{ rF.nLRes = 0; // no result found commit 8932afd8a1db281c11e8dab2325783707a3d4ed2 Author: Caolán McNamara <[email protected]> AuthorDate: Thu Jan 24 15:52:30 2019 +0000 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:54 2021 +0100 ofz#12660 remove flys before removing trailing paras Change-Id: I6c706e5a2066b4fcd4546a22de0aa6327515a0a8 Reviewed-on: https://gerrit.libreoffice.org/66877 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit 9b76295d03ee8d1eb19a62c55ff45804efe40f38) diff --git a/sw/qa/core/data/ww6/pass/ofz-trailingpara.doc b/sw/qa/core/data/ww6/pass/ofz-trailingpara.doc new file mode 100644 index 000000000000..40c574759b03 Binary files /dev/null and b/sw/qa/core/data/ww6/pass/ofz-trailingpara.doc differ diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx index 9a38f548d05c..097e1f8d273d 100644 --- a/sw/source/filter/ww8/ww8par.cxx +++ b/sw/source/filter/ww8/ww8par.cxx @@ -5323,13 +5323,14 @@ ErrCode SwWW8ImplReader::CoreLoad(WW8Glossary const *pGloss) DeleteAnchorStack(); DeleteRefStacks(); m_pLastAnchorPos.reset();//ensure this is deleted before UpdatePageDescs + // ofz#10994 remove any trailing fly paras before processing redlines + m_xWFlyPara.reset(); + // ofz#12660 remove any trailing fly paras before deleting extra paras + m_xSFlyPara.reset(); // remove extra paragraphs after attribute ctrl // stacks etc. are destroyed, and before fields // are updated m_aExtraneousParas.delete_all_from_doc(); - // ofz#10994 remove any trailing fly paras before processing redlines - m_xWFlyPara.reset(); - m_xSFlyPara.reset(); m_xRedlineStack->closeall(*m_pPaM->GetPoint()); while (!m_aFrameRedlines.empty()) m_aFrameRedlines.pop(); commit 2e163669a84eda5e310820c256879065dfbb893a Author: Caolán McNamara <[email protected]> AuthorDate: Mon Aug 13 12:55:45 2018 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:53 2021 +0100 ofz#9858 Bad-cast use a SwUnoCursor for the LastAnchorPos around here Change-Id: I9b2b18e88aa0816e3386d7b95b4fd386d13af77f Reviewed-on: https://gerrit.libreoffice.org/58927 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> (cherry picked from commit 8e7620584ff81813f97d24192d01830834fece4d) diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx index 91b2f6c3d733..487e98791c32 100644 --- a/sw/source/filter/ww8/ww8par2.cxx +++ b/sw/source/filter/ww8/ww8par2.cxx @@ -70,6 +70,7 @@ #include <frmatr.hxx> #include <itabenum.hxx> +#include <unocrsr.hxx> #include <iostream> #include <memory> @@ -197,8 +198,12 @@ sal_uInt16 SwWW8ImplReader::End_Footnote() sChar += OUStringLiteral1(pText->GetText()[--nPos]); m_pPaM->SetMark(); --m_pPaM->GetMark()->nContent; + std::shared_ptr<SwUnoCursor> xLastAnchorCursor(m_pLastAnchorPos ? m_rDoc.CreateUnoCursor(*m_pLastAnchorPos) : nullptr); + m_pLastAnchorPos.reset(); m_rDoc.getIDocumentContentOperations().DeleteRange( *m_pPaM ); m_pPaM->DeleteMark(); + if (xLastAnchorCursor) + m_pLastAnchorPos.reset(new SwPosition(*xLastAnchorCursor->GetPoint())); SwFormatFootnote aFootnote(rDesc.meType == MAN_EDN); pFN = pText->InsertItem(aFootnote, nPos, nPos); } commit 898919ecd6c3e9d6244b3eee6837efd7ae272cd9 Author: Stephan Bergmann <[email protected]> AuthorDate: Sat Sep 26 11:38:51 2020 +0200 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:53 2021 +0100 Avoid -Werror=nonnull with glibc-headers-x86-2.32-1.fc33.noarch ...on Fedora 33: > ~/lo/core/vcl/unx/generic/app/i18n_cb.cxx: In function ‘void Preedit_InsertText(preedit_text_t*, XIMText*, int)’: > ~/lo/core/vcl/unx/generic/app/i18n_cb.cxx:149:34: error: argument 1 is null but the corresponding size argument 3 value is 1024 [-Werror=nonnull] > 149 | size_t nBytes = wcstombs ( nullptr, pWCString, 1024 /* don't care */); > | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > In file included from ~/gcc/trunk/inst/include/c++/11.0.0/cstdlib:75, > from ~/lo/core/include/sal/log.hxx:15, > from ~/lo/core/vcl/unx/generic/app/i18n_cb.cxx:25: > /usr/include/stdlib.h:937:15: note: in a call to function ‘size_t wcstombs(char*, const wchar_t*, size_t)’ declared with attribute ‘access (write_only, 1, 3)’ > 937 | extern size_t wcstombs (char *__restrict __s, > | ^~~~~~~~ (Allowing the first argument to wcstombs to be null, and in which case the third argument is ignored, is a POSIX extension.) Change-Id: Ic078623643010b7539bc5bc1b498f18977ae77ca Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103473 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <[email protected]> (cherry picked from commit 782d160458d319c6c77fffa4c003c519afffaa17) diff --git a/vcl/unx/generic/app/i18n_cb.cxx b/vcl/unx/generic/app/i18n_cb.cxx index b62f5306de04..f940f937cb7d 100644 --- a/vcl/unx/generic/app/i18n_cb.cxx +++ b/vcl/unx/generic/app/i18n_cb.cxx @@ -149,7 +149,7 @@ Preedit_InsertText(preedit_text_t *pText, XIMText *pInsertText, int where) if (pInsertText->encoding_is_wchar) { wchar_t *pWCString = pInsertText->string.wide_char; - size_t nBytes = wcstombs ( nullptr, pWCString, 1024 /* don't care */); + size_t nBytes = wcstombs ( nullptr, pWCString, 0 /* don't care */); pMBString = static_cast<char*>(alloca( nBytes + 1 )); nMBLength = wcstombs ( pMBString, pWCString, nBytes + 1); } @@ -483,7 +483,7 @@ StatusDrawCallback (XIC, XPointer, XIMStatusDrawCallbackStruct *call_data) if( call_data->data.text->string.wide_char ) { wchar_t* pWString = call_data->data.text->string.wide_char; - size_t nBytes = wcstombs( nullptr, pWString, 1024 ); + size_t nBytes = wcstombs( nullptr, pWString, 0 /*don't care*/ ); pMBString = static_cast<sal_Char*>(alloca( nBytes+1 )); nLength = wcstombs( pMBString, pWString, nBytes+1 ); } commit 4ae4c3be3defad659cd485c29fbc02b4549762a0 Author: Michael Stahl <[email protected]> AuthorDate: Sun Nov 1 15:34:52 2020 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:52 2021 +0100 check-elf-dynamic-objects: allow libgsttag-1.0.so.0 It's linked in Fedora 33 and apparently exists in gst-plugins-base since 1.0.0. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105140 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 4ebb3eae7b4abb7ecc37df73c6f80e3fd2069ed7) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109766 Tested-by: Michael Stahl <[email protected]> Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 4138d724ebb9150e053f9fcdfcf47ac621672618) Change-Id: Ifc5d6a6b06e05ef4e250ac26a8588a242f21a034 diff --git a/bin/check-elf-dynamic-objects b/bin/check-elf-dynamic-objects index 1a11e6dca223..20d8bc0aba2c 100755 --- a/bin/check-elf-dynamic-objects +++ b/bin/check-elf-dynamic-objects @@ -67,7 +67,7 @@ x11whitelist="libX11.so.6 libXext.so.6 libSM.so.6 libICE.so.6 libXinerama.so.1 l openglwhitelist="libGL.so.1" giowhitelist="libgio-2.0.so.0 libgobject-2.0.so.0 libgmodule-2.0.so.0 libgthread-2.0.so.0 libglib-2.0.so.0 libdbus-glib-1.so.2 libdbus-1.so.3" gstreamer010whitelist="libgstpbutils-0.10.so.0 libgstinterfaces-0.10.so.0 libgstreamer-0.10.so.0" -gstreamerwhitelist="libgstpbutils-1.0.so.0 libgstvideo-1.0.so.0 libgstbase-1.0.so.0 libgstreamer-1.0.so.0" +gstreamerwhitelist="libgsttag-1.0.so.0 libgstaudio-1.0.so.0 libgstpbutils-1.0.so.0 libgstvideo-1.0.so.0 libgstbase-1.0.so.0 libgstreamer-1.0.so.0" gtk2whitelist="libgtk-x11-2.0.so.0 libgdk-x11-2.0.so.0 libpangocairo-1.0.so.0 libfribidi.so.0 libatk-1.0.so.0 libcairo.so.2 libgio-2.0.so.0 libpangoft2-1.0.so.0 libpango-1.0.so.0 libfontconfig.so.1 libfreetype.so.6 libgdk_pixbuf-2.0.so.0 libgobject-2.0.so.0 libglib-2.0.so.0 libgmodule-2.0.so.0 libgthread-2.0.so.0 libdbus-glib-1.so.2 libdbus-1.so.3" gtk3whitelist="libgtk-3.so.0 libgdk-3.so.0 libcairo-gobject.so.2 libpangocairo-1.0.so.0 libfribidi.so.0 libatk-1.0.so.0 libcairo.so.2 libgio-2.0.so.0 libpangoft2-1.0.so.0 libpango-1.0.so.0 libfontconfig.so.1 libfreetype.so.6 libgdk_pixbuf-2.0.so.0 libgobject-2.0.so.0 libglib-2.0.so.0 libgmodule-2.0.so.0 libgthread-2.0.so.0 libdbus-glib-1.so.2 libdbus-1.so.3" kde4whitelist="libkio.so.5 libkfile.so.4 libkdeui.so.5 libkdecore.so.5 libQtNetwork.so.4 libQtGui.so.4 libQtCore.so.4 libglib-2.0.so.0" commit db8ee3ad6e4ae14c4af1c61a1edc99a9a8c68e94 Author: Michael Stahl <[email protected]> AuthorDate: Tue Jan 19 11:28:41 2021 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:52 2021 +0100 nss: fix parallel build race in nsinstall.py File "/home/tdf/lode/jenkins/workspace/android_aarch64/external/nss/nsinstall.py", line 112, in nsinstall os.makedirs(args[0]) File "/opt/rh/rh-python38/root/usr/lib64/python3.8/os.py", line 223, in makedirs mkdir(name, mode) FileExistsError: [Errno 17] File exists: '../../../../dist/public/dbm' ../../../coreconf/rules.mk:119: recipe for target '../../../../dist/public/dbm/d' failed Change-Id: I4273e6d3d5fa520353fff8738823ef281fe237ed Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109619 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 6f5186a94dcd1989cdd819e35163af0542912559) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109587 Reviewed-by: Thorsten Behrens <[email protected]> (cherry picked from commit 01fffa977e28b2a671f195daa3a1aaa4cbe3b258) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109765 Tested-by: Michael Stahl <[email protected]> (cherry picked from commit 5b809908b45b3253a1f879069410d7ca30e1cb0a) diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk index b334b7b8f8cf..4e17c1d4d04f 100644 --- a/external/nss/ExternalProject_nss.mk +++ b/external/nss/ExternalProject_nss.mk @@ -16,7 +16,9 @@ $(eval $(call gb_ExternalProject_register_targets,nss,\ )) ifeq ($(OS),WNT) -$(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalExecutable_get_dependencies,python) +$(call gb_ExternalProject_get_state_target,nss,build): \ + $(call gb_ExternalExecutable_get_dependencies,python) \ + $(SRCDIR)/external/nss/nsinstall.py $(call gb_ExternalProject_run,build,\ $(if $(MSVC_USE_DEBUG_RUNTIME),USE_DEBUG_RTL=1,BUILD_OPT=1) \ OS_TARGET=WIN95 \ @@ -30,7 +32,9 @@ $(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalExecuta else # OS!=WNT # make sure to specify NSPR_CONFIGURE_OPTS as env (before make command), so nss can append it's own defaults # OTOH specify e.g. CC and NSINSTALL as arguments (after make command), so they will overrule nss makefile values -$(call gb_ExternalProject_get_state_target,nss,build): $(call gb_ExternalExecutable_get_dependencies,python) +$(call gb_ExternalProject_get_state_target,nss,build): \ + $(call gb_ExternalExecutable_get_dependencies,python) \ + $(SRCDIR)/external/nss/nsinstall.py $(call gb_ExternalProject_run,build,\ $(if $(filter FREEBSD LINUX MACOSX,$(OS)),$(if $(filter X86_64,$(CPUNAME)),USE_64=1)) \ $(if $(filter IOS,$(OS)),\ diff --git a/external/nss/nsinstall.py b/external/nss/nsinstall.py index 80e9c1679373..d90a85e6c540 100644 --- a/external/nss/nsinstall.py +++ b/external/nss/nsinstall.py @@ -99,17 +99,17 @@ def nsinstall(argv): if options.D: if len(args) != 1: return 1 - if os.path.exists(args[0]): + try: + if options.m: + os.makedirs(args[0], options.m) + else: + os.makedirs(args[0]) + except FileExistsError: if not os.path.isdir(args[0]): sys.stderr.write('nsinstall: ' + args[0] + ' is not a directory\n') sys.exit(1) if options.m: os.chmod(args[0], options.m) - sys.exit() - if options.m: - os.makedirs(args[0], options.m) - else: - os.makedirs(args[0]) return 0 # nsinstall arg1 [...] directory commit e26eb908bdb2dee1f6610732ee92ee0b12ea5f35 Author: Thorsten Behrens <[email protected]> AuthorDate: Thu Nov 19 14:00:57 2020 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Mon Jan 25 14:41:51 2021 +0100 fix tdf#138335 guard sidebar uno methods with SolarMutex Wasn't threadsafe before; using vcl/gui code, so we need the SolarMutex. Conflicts: sfx2/source/sidebar/SidebarController.cxx Change-Id: I3d4407f095837d03ad492fcdf9a08746cf911d25 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106169 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <[email protected]> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/106211 Tested-by: Thorsten Behrens <[email protected]> Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107137 diff --git a/sfx2/source/sidebar/SidebarController.cxx b/sfx2/source/sidebar/SidebarController.cxx index 516648f145e0..dbde2724589d 100644 --- a/sfx2/source/sidebar/SidebarController.cxx +++ b/sfx2/source/sidebar/SidebarController.cxx @@ -202,6 +202,8 @@ void SidebarController::disposeDecks() void SAL_CALL SidebarController::disposing() { + SolarMutexGuard aSolarMutexGuard; + mpCloseIndicator.disposeAndClear(); maFocusManager.Clear(); @@ -259,6 +261,8 @@ void SAL_CALL SidebarController::disposing() void SAL_CALL SidebarController::notifyContextChangeEvent (const css::ui::ContextChangeEventObject& rEvent) { + SolarMutexGuard aSolarMutexGuard; + // Update to the requested new context asynchronously to avoid // subtle errors caused by SFX2 which in rare cases can not // properly handle a synchronous update. @@ -271,7 +275,9 @@ void SAL_CALL SidebarController::notifyContextChangeEvent (const css::ui::Contex { mxCurrentController.set(rEvent.Source, css::uno::UNO_QUERY); maAsynchronousDeckSwitch.CancelRequest(); - maContextChangeUpdate.RequestCall(); + maContextChangeUpdate.RequestCall(); // async call, not a prob + // calling with held + // solarmutex // TODO: this call is redundant but mandatory for unit test to update context on document loading UpdateConfigurations(); } @@ -279,16 +285,24 @@ void SAL_CALL SidebarController::notifyContextChangeEvent (const css::ui::Contex void SAL_CALL SidebarController::disposing (const css::lang::EventObject& ) { + SolarMutexGuard aSolarMutexGuard; + dispose(); } void SAL_CALL SidebarController::propertyChange (const css::beans::PropertyChangeEvent& ) { - maPropertyChangeForwarder.RequestCall(); + SolarMutexGuard aSolarMutexGuard; + + maPropertyChangeForwarder.RequestCall(); // async call, not a prob + // to call with held + // solarmutex } void SAL_CALL SidebarController::statusChanged (const css::frame::FeatureStateEvent& rEvent) { + SolarMutexGuard aSolarMutexGuard; + bool bIsReadWrite (true); if (rEvent.IsEnabled) rEvent.State >>= bIsReadWrite; @@ -303,12 +317,15 @@ void SAL_CALL SidebarController::statusChanged (const css::frame::FeatureStateEv mnRequestedForceFlags |= SwitchFlag_ForceSwitch; maAsynchronousDeckSwitch.CancelRequest(); - maContextChangeUpdate.RequestCall(); + maContextChangeUpdate.RequestCall(); // async call, ok to call + // with held solarmutex } } void SAL_CALL SidebarController::requestLayout() { + SolarMutexGuard aSolarMutexGuard; + sal_Int32 nMinimalWidth = 0; if (mpCurrentDeck && !mpCurrentDeck->isDisposed()) { diff --git a/sfx2/source/sidebar/SidebarPanelBase.cxx b/sfx2/source/sidebar/SidebarPanelBase.cxx index 7d0687462122..ea5c0497aa8e 100644 --- a/sfx2/source/sidebar/SidebarPanelBase.cxx +++ b/sfx2/source/sidebar/SidebarPanelBase.cxx @@ -79,6 +79,8 @@ SidebarPanelBase::~SidebarPanelBase() void SAL_CALL SidebarPanelBase::disposing() { + SolarMutexGuard aGuard; + mpControl.disposeAndClear(); if (mxFrame.is()) @@ -95,6 +97,8 @@ void SAL_CALL SidebarPanelBase::disposing() void SAL_CALL SidebarPanelBase::notifyContextChangeEvent ( const ui::ContextChangeEventObject& rEvent) { + SolarMutexGuard aGuard; + IContextChangeReceiver* pContextChangeReceiver = dynamic_cast<IContextChangeReceiver*>(mpControl.get()); if (pContextChangeReceiver != nullptr) @@ -109,6 +113,8 @@ void SAL_CALL SidebarPanelBase::notifyContextChangeEvent ( void SAL_CALL SidebarPanelBase::disposing ( const css::lang::EventObject&) { + SolarMutexGuard aGuard; + mxFrame = nullptr; mpControl = nullptr; } @@ -142,6 +148,8 @@ Reference<accessibility::XAccessible> SAL_CALL SidebarPanelBase::createAccessibl Reference<awt::XWindow> SAL_CALL SidebarPanelBase::getWindow() { + SolarMutexGuard aGuard; + if (mpControl != nullptr) return Reference<awt::XWindow>( mpControl->GetComponentInterface(), @@ -152,6 +160,8 @@ Reference<awt::XWindow> SAL_CALL SidebarPanelBase::getWindow() ui::LayoutSize SAL_CALL SidebarPanelBase::getHeightForWidth (const sal_Int32 nWidth) { + SolarMutexGuard aGuard; + if (maLayoutSize.Minimum >= 0) return maLayoutSize; else @@ -178,6 +188,8 @@ ui::LayoutSize SAL_CALL SidebarPanelBase::getHeightForWidth (const sal_Int32 nWi sal_Int32 SAL_CALL SidebarPanelBase::getMinimalWidth () { + SolarMutexGuard aGuard; + if (isLayoutEnabled(mpControl)) { // widget layout-based sidebar @@ -189,6 +201,8 @@ sal_Int32 SAL_CALL SidebarPanelBase::getMinimalWidth () void SAL_CALL SidebarPanelBase::updateModel(const css::uno::Reference<css::frame::XModel>& xModel) { + SolarMutexGuard aGuard; + SidebarModelUpdate* pModelUpdate = dynamic_cast<SidebarModelUpdate*>(mpControl.get()); if (!pModelUpdate) return; diff --git a/sfx2/source/sidebar/Theme.cxx b/sfx2/source/sidebar/Theme.cxx index e793c4c77e00..08c142e6ff4e 100644 --- a/sfx2/source/sidebar/Theme.cxx +++ b/sfx2/source/sidebar/Theme.cxx @@ -345,6 +345,8 @@ void Theme::UpdateTheme() void SAL_CALL Theme::disposing() { + SolarMutexGuard aGuard; + ChangeListeners aListeners; aListeners.swap(maChangeListeners); @@ -387,6 +389,8 @@ void SAL_CALL Theme::setPropertyValue ( const ::rtl::OUString& rsPropertyName, const css::uno::Any& rValue) { + SolarMutexGuard aGuard; + PropertyNameToIdMap::const_iterator iId (maPropertyNameToIdMap.find(rsPropertyName)); if (iId == maPropertyNameToIdMap.end()) throw beans::UnknownPropertyException(rsPropertyName); @@ -429,6 +433,8 @@ void SAL_CALL Theme::setPropertyValue ( Any SAL_CALL Theme::getPropertyValue ( const ::rtl::OUString& rsPropertyName) { + SolarMutexGuard aGuard; + PropertyNameToIdMap::const_iterator iId (maPropertyNameToIdMap.find(rsPropertyName)); if (iId == maPropertyNameToIdMap.end()) throw beans::UnknownPropertyException(); @@ -446,6 +452,8 @@ void SAL_CALL Theme::addPropertyChangeListener( const ::rtl::OUString& rsPropertyName, const css::uno::Reference<css::beans::XPropertyChangeListener>& rxListener) { + SolarMutexGuard aGuard; + ThemeItem eItem (AnyItem_); if (rsPropertyName.getLength() > 0) { @@ -468,6 +476,8 @@ void SAL_CALL Theme::removePropertyChangeListener( const ::rtl::OUString& rsPropertyName, const css::uno::Reference<css::beans::XPropertyChangeListener>& rxListener) { + SolarMutexGuard aGuard; + ThemeItem eItem (AnyItem_); if (rsPropertyName.getLength() > 0) { @@ -500,6 +510,8 @@ void SAL_CALL Theme::addVetoableChangeListener( const ::rtl::OUString& rsPropertyName, const css::uno::Reference<css::beans::XVetoableChangeListener>& rxListener) { + SolarMutexGuard aGuard; + ThemeItem eItem (AnyItem_); if (rsPropertyName.getLength() > 0) { @@ -522,6 +534,8 @@ void SAL_CALL Theme::removeVetoableChangeListener( const ::rtl::OUString& rsPropertyName, const css::uno::Reference<css::beans::XVetoableChangeListener>& rxListener) { + SolarMutexGuard aGuard; + ThemeItem eItem (AnyItem_); if (rsPropertyName.getLength() > 0) { @@ -551,6 +565,8 @@ void SAL_CALL Theme::removeVetoableChangeListener( css::uno::Sequence<css::beans::Property> SAL_CALL Theme::getProperties() { + SolarMutexGuard aGuard; + ::std::vector<beans::Property> aProperties; sal_Int32 const nEnd(End_); @@ -576,6 +592,8 @@ css::uno::Sequence<css::beans::Property> SAL_CALL Theme::getProperties() beans::Property SAL_CALL Theme::getPropertyByName (const ::rtl::OUString& rsPropertyName) { + SolarMutexGuard aGuard; + PropertyNameToIdMap::const_iterator iId (maPropertyNameToIdMap.find(rsPropertyName)); if (iId == maPropertyNameToIdMap.end()) throw beans::UnknownPropertyException(); @@ -595,6 +613,8 @@ beans::Property SAL_CALL Theme::getPropertyByName (const ::rtl::OUString& rsProp sal_Bool SAL_CALL Theme::hasPropertyByName (const ::rtl::OUString& rsPropertyName) { + SolarMutexGuard aGuard; + PropertyNameToIdMap::const_iterator iId (maPropertyNameToIdMap.find(rsPropertyName)); if (iId == maPropertyNameToIdMap.end()) return false; commit 4bcd5c31904550af2fc78f9863980494cfccd52d Author: Michael Stahl <[email protected]> AuthorDate: Tue Jan 19 15:38:05 2021 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Fri Jan 22 16:17:17 2021 +0100 postgresql: upgrade to release 13.1 Fixes CVE-2020-25694, plus a bunch more CVE that don't look relevant. * --with-krb5 no longer exists, neither does --disable-shared * remove internal-zlib.patch.1: zlib is only used by pg_* tools / contrib/pgcrypto * remove postgresql-libs-leak.patch: some relic from pre-gbuild times, not clear what the point is for static libs * remove postgresql-9.2.1-libreoffice.patch: another dmake .mk file relic, and the win32 nmake build system was removed * add postgres-msvc-build.patch.1 to fix Cygwin perl and openssl * on WNT, libpq.dll is now built, no longer static lib postgresql: fix mistake in RepositoryExternal.mk Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109640 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 234833f7823a1424b62c93e145f0cfe2c6b6efd5) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109698 Reviewed-by: Thorsten Behrens <[email protected]> (cherry picked from commit 1362bf7fa2957d34a7cef18dd95ede22cc42787f) Change-Id: Ic0232a28801b2f604d9f4e33d5621ae3362defaa diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk index a06f2ec41198..e029f3f32026 100644 --- a/RepositoryExternal.mk +++ b/RepositoryExternal.mk @@ -3072,9 +3072,15 @@ endef else # !SYSTEM_POSTGRESQL +ifeq ($(OS),WNT) +$(eval $(call gb_Helper_register_packages_for_install,postgresqlsdbc,\ + postgresql \ +)) +endif # WNT + define gb_LinkTarget__use_postgresql -$(call gb_LinkTarget_use_external_project,$(1),postgresql) +$(call gb_LinkTarget_use_external_project,$(1),postgresql,full) $(call gb_LinkTarget_set_include,$(1),\ -I$(call gb_UnpackedTarball_get_dir,postgresql)/src/include \ @@ -3082,19 +3088,21 @@ $(call gb_LinkTarget_set_include,$(1),\ $$(INCLUDE) \ ) +ifeq ($(OS),WNT) + $(call gb_LinkTarget_add_libs,$(1),\ - $(call gb_UnpackedTarball_get_dir,postgresql)/src/interfaces/libpq/libpq$(gb_StaticLibrary_PLAINEXT) \ + $(call gb_UnpackedTarball_get_dir,postgresql)/$(if $(MSVC_USE_DEBUG_RUNTIME),Debug,Release)/libpq/libpq.lib \ ) -ifeq ($(OS),WNT) -$(call gb_LinkTarget_use_external,$(1),openssl) +else # WNT -$(call gb_LinkTarget_use_system_win32_libs,$(1),\ - secur32 \ - ws2_32 \ +$(call gb_LinkTarget_add_libs,$(1),\ + $(call gb_UnpackedTarball_get_dir,postgresql)/src/interfaces/libpq/libpq$(gb_StaticLibrary_PLAINEXT) \ + $(call gb_UnpackedTarball_get_dir,postgresql)/src/common/libpgcommon$(gb_StaticLibrary_PLAINEXT) \ + $(call gb_UnpackedTarball_get_dir,postgresql)/src/port/libpgport$(gb_StaticLibrary_PLAINEXT) \ ) -endif +endif # WNT endef diff --git a/download.lst b/download.lst index 9da3fa3c1192..175d1400c8ef 100644 --- a/download.lst +++ b/download.lst @@ -208,8 +208,8 @@ export LIBPNG_SHA256SUM := 505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201f export LIBPNG_TARBALL := libpng-1.6.37.tar.xz export POPPLER_SHA256SUM := 016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3 export POPPLER_TARBALL := poppler-21.01.0.tar.xz -export POSTGRESQL_SHA256SUM := db61d498105a7d5fe46185e67ac830c878cdd7dc1f82a87f06b842217924c461 -export POSTGRESQL_TARBALL := c0b4799ea9850eae3ead14f0a60e9418-postgresql-9.2.1.tar.bz2 +export POSTGRESQL_SHA256SUM := 12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f +export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2 export PYTHON_SHA256SUM := c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049 export PYTHON_TARBALL := Python-3.5.9.tar.xz export QXP_SHA256SUM := 8c257f6184ff94aefa7c9fa1cfae82083d55a49247266905c71c53e013f95c73 diff --git a/external/postgresql/ExternalPackage_postgresql.mk b/external/postgresql/ExternalPackage_postgresql.mk new file mode 100644 index 000000000000..f6c9a9bb6deb --- /dev/null +++ b/external/postgresql/ExternalPackage_postgresql.mk @@ -0,0 +1,16 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- +# +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +$(eval $(call gb_ExternalPackage_ExternalPackage,postgresql,postgresql)) + +$(eval $(call gb_ExternalPackage_use_external_project,postgresql,postgresql)) + +$(eval $(call gb_ExternalPackage_add_file,postgresql,$(LIBO_LIB_FOLDER)/libpq.dll,$(if $(MSVC_USE_DEBUG_RUNTIME),Debug,Release)/libpq/libpq.dll)) + +# vim: set noet sw=4 ts=4: diff --git a/external/postgresql/ExternalProject_postgresql.mk b/external/postgresql/ExternalProject_postgresql.mk index f6617e52fcd8..1e0c7d848047 100644 --- a/external/postgresql/ExternalProject_postgresql.mk +++ b/external/postgresql/ExternalProject_postgresql.mk @@ -12,7 +12,6 @@ $(eval $(call gb_ExternalProject_ExternalProject,postgresql)) $(eval $(call gb_ExternalProject_use_externals,postgresql,\ openldap \ openssl \ - zlib \ )) $(eval $(call gb_ExternalProject_register_targets,postgresql,\ @@ -25,8 +24,9 @@ $(eval $(call gb_ExternalProject_use_nmake,postgresql,build)) $(call gb_ExternalProject_get_state_target,postgresql,build) : $(call gb_ExternalProject_run,build,\ - nmake -f win32.mak USE_SSL=1 USE_LDAP=1 \ - ,src) + MSBFLAGS=/p:Platform=$(if $(filter X86_64,$(CPUNAME)),x64,Win32) \ + $(PERL) build.pl $(if $(MSVC_USE_DEBUG_RUNTIME),Debug,Release) libpq \ + ,src/tools/msvc) else @@ -55,20 +55,24 @@ postgresql_LDFLAGS += \ endif +# note: as of 13.1, zlib is not needed by libpq +# passing MAKELEVEL=0 is required to find internal headers $(call gb_ExternalProject_get_state_target,postgresql,build) : $(call gb_ExternalProject_run,build,\ ./configure \ - --without-readline --disable-shared --with-ldap \ + --without-readline \ + --without-zlib \ + --with-ldap \ $(if $(CROSS_COMPILING),--build=$(BUILD_PLATFORM) --host=$(HOST_PLATFORM)) \ $(if $(DISABLE_OPENSSL),,--with-openssl \ - $(if $(WITH_KRB5), --with-krb5) \ $(if $(WITH_GSSAPI),--with-gssapi)) \ + CFLAGS="-fPIC" \ CPPFLAGS="$(postgresql_CPPFLAGS)" \ LDFLAGS="$(postgresql_LDFLAGS)" \ EXTRA_LDAP_LIBS="-llber -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4" \ && cd src/interfaces/libpq \ - && MAKEFLAGS= && $(MAKE) all-static-lib) + && MAKEFLAGS= && $(MAKE) MAKELEVEL=0 all-static-lib) endif diff --git a/external/postgresql/Module_postgresql.mk b/external/postgresql/Module_postgresql.mk index 1f655c6e5034..7ea89dad3b39 100644 --- a/external/postgresql/Module_postgresql.mk +++ b/external/postgresql/Module_postgresql.mk @@ -14,4 +14,10 @@ $(eval $(call gb_Module_add_targets,postgresql,\ UnpackedTarball_postgresql \ )) +ifeq ($(OS),WNT) +$(eval $(call gb_Module_add_targets,postgresql,\ + ExternalPackage_postgresql \ +)) +endif # WNT + # vim: set noet sw=4 ts=4: diff --git a/external/postgresql/UnpackedTarball_postgresql.mk b/external/postgresql/UnpackedTarball_postgresql.mk index 2e41bf66d806..c95aef25f663 100644 --- a/external/postgresql/UnpackedTarball_postgresql.mk +++ b/external/postgresql/UnpackedTarball_postgresql.mk @@ -11,18 +11,10 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,postgresql)) $(eval $(call gb_UnpackedTarball_set_tarball,postgresql,$(POSTGRESQL_TARBALL),,postgresql)) -$(eval $(call gb_UnpackedTarball_set_patchlevel,postgresql,3)) - $(eval $(call gb_UnpackedTarball_add_patches,postgresql, \ - external/postgresql/postgresql-libs-leak.patch \ - external/postgresql/postgresql-9.2.1-autoreconf.patch \ - external/postgresql/postgresql-9.2.1-libreoffice.patch \ + external/postgresql/postgres-msvc-build.patch.1 \ )) -ifeq ($(SYSTEM_ZLIB),) -$(eval $(call gb_UnpackedTarball_add_patches,postgresql, \ - external/postgresql/internal-zlib.patch.1 \ -)) -endif +$(eval $(call gb_UnpackedTarball_add_file,postgresql,src/tools/msvc/config.pl,external/postgresql/config.pl)) # vim: set noet sw=4 ts=4: diff --git a/external/postgresql/config.pl b/external/postgresql/config.pl new file mode 100644 index 000000000000..ae163ebbd166 --- /dev/null +++ b/external/postgresql/config.pl @@ -0,0 +1 @@ +$config->{openssl} = "$ENV{WORKDIR}/UnpackedTarball/openssl"; diff --git a/external/postgresql/internal-zlib.patch.1 b/external/postgresql/internal-zlib.patch.1 deleted file mode 100644 index ac2b728e1314..000000000000 --- a/external/postgresql/internal-zlib.patch.1 +++ /dev/null @@ -1,29 +0,0 @@ -diff -up postgresql/configure.dt postgresql/configure ---- postgresql/configure.dt 2016-11-03 17:34:17.282388226 +0100 -+++ postgresql/configure 2016-11-03 17:34:35.004202484 +0100 -@@ -8566,13 +8566,13 @@ fi - - if test "$with_zlib" = yes; then - --{ $as_echo "$as_me:$LINENO: checking for inflate in -lz" >&5 --$as_echo_n "checking for inflate in -lz... " >&6; } -+{ $as_echo "$as_me:$LINENO: checking for inflate in -lzlib" >&5 -+$as_echo_n "checking for inflate in -lzlib... " >&6; } - if test "${ac_cv_lib_z_inflate+set}" = set; then - $as_echo_n "(cached) " >&6 - else - ac_check_lib_save_LIBS=$LIBS --LIBS="-lz $LIBS" -+LIBS="-lzlib $LIBS" - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ - _ACEOF -@@ -8636,7 +8636,7 @@ if test "x$ac_cv_lib_z_inflate" = x""yes - #define HAVE_LIBZ 1 - _ACEOF - -- LIBS="-lz $LIBS" -+ LIBS="-lzlib $LIBS" - - else - { { $as_echo "$as_me:$LINENO: error: zlib library not found ... etc. - the rest is truncated _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
