[Libreoffice-commits] core.git: external/liborcus

Thu, 24 Mar 2022 02:29:26 -0700 

 external/liborcus/UnpackedTarball_liborcus.mk |    3 ++
 external/liborcus/forcepoint-84.patch.1       |   38 ++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

New commits:
commit d6a02a99eaa3690c0aa5c33fea3a4c710813a0de
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Mar 23 20:08:19 2022 +0000
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Thu Mar 24 10:28:43 2022 +0100

    forcepoint#84 Invalid read of size 1
    
    Change-Id: I1d0d74940cfa78a3c88cee737c9535acf03e0f19
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131991
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/external/liborcus/UnpackedTarball_liborcus.mk 
b/external/liborcus/UnpackedTarball_liborcus.mk
index a87da7edb88d..8f41fdbf9173 100644
--- a/external/liborcus/UnpackedTarball_liborcus.mk
+++ b/external/liborcus/UnpackedTarball_liborcus.mk
@@ -17,6 +17,8 @@ $(eval $(call 
gb_UnpackedTarball_update_autoconf_configs,liborcus))
 
 # forcepoint-83.patch.1 submitted as
 # https://gitlab.com/orcus/orcus/-/merge_requests/117
+# forcepoint-84.patch.1 submitted as
+# https://gitlab.com/orcus/orcus/-/merge_requests/118
 
 $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
        external/liborcus/rpath.patch.0 \
@@ -26,6 +28,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
        external/liborcus/liborcus_newline.patch.1 \
        external/liborcus/std-get-busted.patch.1 \
        external/liborcus/forcepoint-83.patch.1 \
+       external/liborcus/forcepoint-84.patch.1 \
 ))
 
 ifeq ($(OS),WNT)
diff --git a/external/liborcus/forcepoint-84.patch.1 
b/external/liborcus/forcepoint-84.patch.1
new file mode 100644
index 000000000000..99aa0b9623b5
--- /dev/null
+++ b/external/liborcus/forcepoint-84.patch.1
@@ -0,0 +1,38 @@
+From 0fee6c0e3074be11874f1911a76f10eef5f59985 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caol...@redhat.com>
+Date: Wed, 23 Mar 2022 20:04:31 +0000
+Subject: [PATCH] forcepoint#84 Invalid read of size 1
+
+==356879== Invalid read of size 1
+==356879==    at 0x11EC50B0: orcus::parser_base::cur_char() const 
(parser_base.hpp:79)
+==356879==    by 0x11EDD736: 
orcus::sax::parser_base::value(std::basic_string_view<char, 
std::char_traits<char> >&, bool) (sax_parser_base.cpp:303)
+==356879==    by 0x11B7C3D5: 
orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper,
 orcus::sax_parser_default_config>::attribute() (sax_parser.hpp:563)
+==356879==    by 0x11B7B35E: 
orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper,
 orcus::sax_parser_default_config>::element_open(long) (sax_parser.hpp:292)
+==356879==    by 0x11B7A2F7: 
orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper,
 orcus::sax_parser_default_config>::element() (sax_parser.hpp:246)
+==356879==    by 0x11B7A1C7: 
orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper,
 orcus::sax_parser_default_config>::body() (sax_parser.hpp:214)
+==356879==    by 0x11B7A009: 
orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper,
 orcus::sax_parser_default_config>::parse() (sax_parser.hpp:182)
+==356879==    by 0x11B79FBB: 
orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::parse()
 (sax_ns_parser.hpp:277)
+==356879==    by 0x11B79798: 
orcus::sax_token_parser<orcus::xml_stream_handler>::parse() 
(sax_token_parser.hpp:215)
+==356879==    by 0x11B79436: orcus::xml_stream_parser::parse() 
(xml_stream_parser.cpp:68)
+==356879==    by 0x11BE3855: orcus::orcus_xlsx::detect(unsigned char const*, 
unsigned long) (orcus_xlsx.cpp:188)
+==356879==    by 0x11AB2492: orcus::detect(unsigned char const*, unsigned 
long) (format_detection.cpp:60)
+---
+ src/parser/sax_parser_base.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/parser/sax_parser_base.cpp b/src/parser/sax_parser_base.cpp
+index 46acb81d..11791edc 100644
+--- a/src/parser/sax_parser_base.cpp
++++ b/src/parser/sax_parser_base.cpp
+@@ -300,6 +300,8 @@ void parser_base::value_with_encoded_char(cell_buffer& 
buf, std::string_view& st
+ 
+ bool parser_base::value(std::string_view& str, bool decode)
+ {
++    if (!has_char())
++        throw malformed_xml_error("value must be quoted", offset());
+     char c = cur_char();
+     if (c != '"' && c != '\'')
+         throw malformed_xml_error("value must be quoted", offset());
+-- 
+2.35.1
+

Reply via email to