filter/source/msfilter/msdffimp.cxx | 38 ++++++++++++++++++++++++++++++++++- include/filter/msfilter/msdffimp.hxx | 2 + 2 files changed, 39 insertions(+), 1 deletion(-)
New commits: commit d968061f008b954f55ab9a4dd51efd5d0844b543 Author: Caolán McNamara <[email protected]> AuthorDate: Mon Dec 19 11:04:59 2022 +0000 Commit: Caolán McNamara <[email protected]> CommitDate: Mon Dec 19 16:37:15 2022 +0000 crashtesting: asserts with outsized object positions seen during import of: forums/forum-mso-en4-187408.xls forums/forum-mso-en4-187900.xls forums/forum-mso-en4-187890.xls Change-Id: Id15e9c1ea98d761225d41850b9b2aa58d9c9e407 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144466 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> diff --git a/filter/source/msfilter/msdffimp.cxx b/filter/source/msfilter/msdffimp.cxx index fe5cd766811b..cdcad2778f6f 100644 --- a/filter/source/msfilter/msdffimp.cxx +++ b/filter/source/msfilter/msdffimp.cxx @@ -54,8 +54,9 @@ // SvxItem-Mapping. Is needed to successfully include the SvxItem-Header #include <editeng/eeitem.hxx> #include <editeng/editdata.hxx> -#include <tools/stream.hxx> +#include <tools/bigint.hxx> #include <tools/debug.hxx> +#include <tools/stream.hxx> #include <tools/zcodec.hxx> #include <filter/msfilter/escherex.hxx> #include <basegfx/numeric/ftools.hxx> @@ -3152,7 +3153,22 @@ bool CompareSvxMSDffShapeInfoByTxBxComp::operator() ( void SvxMSDffManager::Scale( sal_Int32& rVal ) const { if ( bNeedMap ) + { + if (rVal > nMaxAllowedVal) + { + SAL_WARN("filter.ms", "Cannot scale value: " << rVal); + rVal = SAL_MAX_INT32; + return; + } + else if (rVal < nMinAllowedVal) + { + SAL_WARN("filter.ms", "Cannot scale value: " << rVal); + rVal = SAL_MAX_INT32; + return; + } + rVal = BigMulDiv( rVal, nMapMul, nMapDiv ); + } } void SvxMSDffManager::Scale( Point& rPos ) const @@ -3235,6 +3251,26 @@ void SvxMSDffManager::SetModel(SdrModel* pModel, tools::Long nApplicationScale) nMapMul = nMapDiv = nMapXOfs = nMapYOfs = nEmuMul = nEmuDiv = nPntMul = nPntDiv = 0; bNeedMap = false; } + + if (bNeedMap) + { + assert(nMapMul > nMapDiv); + + BigInt aMinVal(SAL_MIN_INT32); + aMinVal /= nMapMul; + aMinVal *= nMapDiv; + nMinAllowedVal = aMinVal; + + BigInt aMaxVal(SAL_MAX_INT32); + aMaxVal /= nMapMul; + aMaxVal *= nMapDiv; + nMaxAllowedVal = aMaxVal; + } + else + { + nMinAllowedVal = SAL_MIN_INT32; + nMaxAllowedVal = SAL_MAX_INT32; + } } bool SvxMSDffManager::SeekToShape( SvStream& rSt, SvxMSDffClientData* /* pClientData */, sal_uInt32 nId ) const diff --git a/include/filter/msfilter/msdffimp.hxx b/include/filter/msfilter/msdffimp.hxx index da1dc29fe442..7f2c5a2763d0 100644 --- a/include/filter/msfilter/msdffimp.hxx +++ b/include/filter/msfilter/msdffimp.hxx @@ -455,6 +455,8 @@ protected: tools::Long nPntMul; tools::Long nPntDiv; bool bNeedMap; + sal_Int32 nMinAllowedVal; + sal_Int32 nMaxAllowedVal; sal_uInt32 nSvxMSDffSettings; sal_uInt32 nSvxMSDffOLEConvFlags;
