download.lst | 4 -
external/libtiff/UnpackedTarball_libtiff.mk | 4 +
external/libtiff/ofz65182.patch | 23 +++++++
external/libtiff/ofz68840.patch | 17 +++++
hwpfilter/source/hbox.cxx | 8 +-
hwpfilter/source/hwpreader.cxx | 2
package/source/zipapi/XUnbufferedStream.cxx | 9 ++-
sc/source/filter/rtf/eeimpars.cxx | 2
sw/qa/core/data/ww8/pass/ofz53457-1.doc |binary
sw/qa/extras/layout/data/ofz64109-1.fodt |binary
sw/qa/extras/layout/layout.cxx | 6 ++
sw/source/core/text/porfld.cxx | 10 +++
sw/source/filter/html/htmlftn.cxx | 4 -
sw/source/filter/html/swhtml.hxx | 21 ++++++-
sw/source/filter/ww8/ww8par5.cxx | 18 +++++-
vcl/source/gdi/metaact.cxx | 83 ++++++++++++++++++++++++++--
16 files changed, 193 insertions(+), 18 deletions(-)
New commits:
commit c91d329ed47230f574b64944d893d009350c41dd
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri May 24 20:43:42 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:37:35 2024 +0200
ofz#68840 another putcontig8bitYCbCr22tile issue
Change-Id: I6e119cf1b3bec609f94784eb0c439835875d6112
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168031
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 034b68eb3a015553254c7238b13db8f94514080d)
diff --git a/external/libtiff/UnpackedTarball_libtiff.mk
b/external/libtiff/UnpackedTarball_libtiff.mk
index 5738b2aa0411..e2d0cbdb40a6 100644
--- a/external/libtiff/UnpackedTarball_libtiff.mk
+++ b/external/libtiff/UnpackedTarball_libtiff.mk
@@ -16,6 +16,7 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,libtiff,1))
$(eval $(call gb_UnpackedTarball_add_patches,libtiff,\
external/libtiff/libtiff.linknolibs.patch \
external/libtiff/ofz65182.patch \
+ external/libtiff/ofz68840.patch \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/libtiff/ofz68840.patch b/external/libtiff/ofz68840.patch
new file mode 100644
index 000000000000..0a8721ebe012
--- /dev/null
+++ b/external/libtiff/ofz68840.patch
@@ -0,0 +1,17 @@
+--- a/libtiff/tif_tile.c
++++ b/libtiff/tif_tile.c
+@@ -233,7 +233,13 @@
+ _TIFFMultiply64(tif, samplingrow_size, samplingblocks_ver,
module));
+ }
+ else
+- return (_TIFFMultiply64(tif, nrows, TIFFTileRowSize64(tif), module));
++ {
++ uint64_t row_size = TIFFTileRowSize64(tif);
++ /* I think the way this works the expectation is there are always
even num of samples */
++ if (td->td_photometric == PHOTOMETRIC_YCBCR)
++ row_size = TIFFroundup_64(row_size, 2);
++ return (_TIFFMultiply64(tif, nrows, row_size, module));
++ }
+ }
+ tmsize_t TIFFVTileSize(TIFF *tif, uint32_t nrows)
+ {
commit c34c79465d63a0954f98ddcc321f7bd2921e2d51
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Dec 19 17:37:00 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:37:35 2024 +0200
ofz#65182 putcontig8bitYCbCr22tile issue
Change-Id: I0242059b17d07c0ab4ec83aabd073ee31c4631d2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161031
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit f78a9d7d86af7d513ec7020ccfa96f6051d45fdc)
diff --git a/external/libtiff/UnpackedTarball_libtiff.mk
b/external/libtiff/UnpackedTarball_libtiff.mk
index 38920840d648..5738b2aa0411 100644
--- a/external/libtiff/UnpackedTarball_libtiff.mk
+++ b/external/libtiff/UnpackedTarball_libtiff.mk
@@ -15,6 +15,7 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,libtiff,1))
$(eval $(call gb_UnpackedTarball_add_patches,libtiff,\
external/libtiff/libtiff.linknolibs.patch \
+ external/libtiff/ofz65182.patch \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/libtiff/ofz65182.patch b/external/libtiff/ofz65182.patch
new file mode 100644
index 000000000000..d4b18e4ade3e
--- /dev/null
+++ b/external/libtiff/ofz65182.patch
@@ -0,0 +1,23 @@
+diff --git a/libtiff/tif_strip.c b/libtiff/tif_strip.c
+index 820a2544..afd7cb6e 100644
+--- a/libtiff/tif_strip.c
++++ b/libtiff/tif_strip.c
+@@ -287,7 +287,17 @@ uint64_t TIFFScanlineSize64(TIFF *tif)
+ else
+ {
+ uint64_t scanline_samples;
+- scanline_samples = _TIFFMultiply64(tif, td->td_imagewidth,
++ uint32_t scanlinewidth = td->td_imagewidth;
++
++ if (td->td_photometric == PHOTOMETRIC_YCBCR)
++ {
++ uint16_t SubsamplingHor, SubsamplingVer;
++ TIFFGetFieldDefaulted(tif, TIFFTAG_YCBCRSUBSAMPLING,
&SubsamplingHor, &SubsamplingVer);
++ if (SubsamplingHor > 1) // roundup width for YCbCr
++ scanlinewidth = TIFFroundup_32(scanlinewidth,
SubsamplingHor);
++ }
++
++ scanline_samples = _TIFFMultiply64(tif, scanlinewidth,
+ td->td_samplesperpixel,
module);
+ scanline_size =
+ TIFFhowmany_64(_TIFFMultiply64(tif, scanline_samples,
commit 07092f97945ffeceab19875a4b631e385e096e27
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sat Oct 28 17:16:27 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:37:35 2024 +0200
upgrade libtiff to 4.6.0
Change-Id: I839f78e5431caac378ce936aa5e34357144ae6b1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158593
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 4273ebd28b9d3f50797f9e2dede0d9e8ce26e6f0)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158541
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 3640b7e807dc7bf34e598e94c327b6d6a3fd8b04)
diff --git a/download.lst b/download.lst
index 2c2b82e2e3b8..1e12feef8d67 100644
--- a/download.lst
+++ b/download.lst
@@ -469,8 +469,8 @@ LIBPNG_TARBALL := libpng-1.6.39.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
-LIBTIFF_SHA256SUM :=
3c080867114c26edab3129644a63b708028a90514b7fe3126e38e11d24f9f88a
-LIBTIFF_TARBALL := tiff-4.5.1.tar.xz
+LIBTIFF_SHA256SUM :=
e178649607d1e22b51cf361dd20a3753f244f022eefab1f2f218fc62ebaf87d2
+LIBTIFF_TARBALL := tiff-4.6.0.tar.xz
# three static lines
# so that git cherry-pick
# will not run into conflicts
diff --git a/external/libtiff/UnpackedTarball_libtiff.mk
b/external/libtiff/UnpackedTarball_libtiff.mk
index ce5a3a53d36a..38920840d648 100644
--- a/external/libtiff/UnpackedTarball_libtiff.mk
+++ b/external/libtiff/UnpackedTarball_libtiff.mk
@@ -11,7 +11,7 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,libtiff))
$(eval $(call gb_UnpackedTarball_set_tarball,libtiff,$(LIBTIFF_TARBALL)))
-$(eval $(call gb_UnpackedTarball_set_patchlevel,libtiff,0))
+$(eval $(call gb_UnpackedTarball_set_patchlevel,libtiff,1))
$(eval $(call gb_UnpackedTarball_add_patches,libtiff,\
external/libtiff/libtiff.linknolibs.patch \
commit c5ed053ffc7a3c0aa0337757839c4ab08f0c63a7
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Apr 5 10:46:40 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:37:35 2024 +0200
ofz#67765 Integer-overflow
Change-Id: I49b1a5024352575a3867500c15f542863c273e93
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165814
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 8379aaee531e469687aaceba27f5afd697a0d86d)
diff --git a/sc/source/filter/rtf/eeimpars.cxx
b/sc/source/filter/rtf/eeimpars.cxx
index 8d768efa5f9f..461a47fdf326 100644
--- a/sc/source/filter/rtf/eeimpars.cxx
+++ b/sc/source/filter/rtf/eeimpars.cxx
@@ -308,7 +308,7 @@ void ScEEImport::WriteToDocument( bool bSizeColsRows,
double nOutputFactor, SvNu
ScMF::Hor );
if ( pE->nRowOverlap > 1 )
{
- nRO = nRow + pE->nRowOverlap - 1;
+ nRO = o3tl::saturating_add(nRow, pE->nRowOverlap - 1);
mpDoc->ApplyFlagsTab( nCol, nRow+1,
nCol, nRO , nTab,
ScMF::Ver );
commit 74b6592431f51080433680eed5b2eb9994f48b66
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sat Nov 18 21:56:51 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:37:35 2024 +0200
ofz#64109 crash in CharClass::isLetterNumeric
there appears to be an extra portion created, because HookChar is
set, but there doesn't seem to be a reason for the HookChar so we
get an unwanted trailing portion.
It seems that the HookChar is set when processing the field, presumably
when we restore the SwTextFormatInfo text, idx and len we should also
restore its original HookChar state.
At least for this ruby text case there the field contents are drawn over
the body text, unlike others where the contents are drawn inline with
the body text, where we appear to need to keep the hook char.
Change-Id: Id48a3ef09cd10dcc91048f8c08207d2d105839d9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159642
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 72928fa459f8e67c30a2e2357424ab75d3105a26)
diff --git a/sw/qa/extras/layout/data/ofz64109-1.fodt
b/sw/qa/extras/layout/data/ofz64109-1.fodt
new file mode 100644
index 000000000000..26a4bbbf63cf
Binary files /dev/null and b/sw/qa/extras/layout/data/ofz64109-1.fodt differ
diff --git a/sw/qa/extras/layout/layout.cxx b/sw/qa/extras/layout/layout.cxx
index 9747fd022e30..5ce3eb3ecc6c 100644
--- a/sw/qa/extras/layout/layout.cxx
+++ b/sw/qa/extras/layout/layout.cxx
@@ -288,6 +288,12 @@ CPPUNIT_TEST_FIXTURE(SwLayoutWriter, TestTdf136588)
"effectively by modern-day small to ");
}
+CPPUNIT_TEST_FIXTURE(SwLayoutWriter, testOfz64109)
+{
+ //just care it doesn't assert
+ createSwDoc(DATA_DIRECTORY, "ofz64109-1.fodt");
+}
+
CPPUNIT_TEST_FIXTURE(SwLayoutWriter, testRedlineFlysInBody)
{
loadURL("private:factory/swriter", nullptr);
diff --git a/sw/source/core/text/porfld.cxx b/sw/source/core/text/porfld.cxx
index 444313cc2533..a2eaeb6a28a4 100644
--- a/sw/source/core/text/porfld.cxx
+++ b/sw/source/core/text/porfld.cxx
@@ -142,6 +142,7 @@ class SwFieldSlot
OUString aText;
TextFrameIndex nIdx;
TextFrameIndex nLen;
+ sal_Unicode nOrigHookChar;
SwTextFormatInfo *pInf;
bool bOn;
public:
@@ -155,6 +156,7 @@ SwFieldSlot::SwFieldSlot( const SwTextFormatInfo* pNew,
const SwFieldPortion *pP
: pOldText(nullptr)
, nIdx(0)
, nLen(0)
+ , nOrigHookChar(0)
, pInf(nullptr)
{
bOn = pPor->GetExpText( *pNew, aText );
@@ -167,6 +169,7 @@ SwFieldSlot::SwFieldSlot( const SwTextFormatInfo* pNew,
const SwFieldPortion *pP
nIdx = pInf->GetIdx();
nLen = pInf->GetLen();
pOldText = &(pInf->GetText());
+ nOrigHookChar = pInf->GetHookChar();
m_pOldCachedVclData = pInf->GetCachedVclData();
pInf->SetLen(TextFrameIndex(aText.getLength()));
pInf->SetCachedVclData(nullptr);
@@ -197,6 +200,13 @@ SwFieldSlot::~SwFieldSlot()
{
pInf->SetCachedVclData(m_pOldCachedVclData);
pInf->SetText( *pOldText );
+ // ofz#64109 at last for ruby-text when we restore the original text to
+ // continue laying out the 'body' text of the ruby, then a tab or other
+ // 'hook char' in the text drawn above it shouldn't affect the 'body'
+ // While there are other cases, such as tdf#148360, where the tab in an
+ // inline expanded field, that should affect the body.
+ if (pInf->IsRuby())
+ pInf->SetHookChar(nOrigHookChar);
pInf->SetIdx( nIdx );
pInf->SetLen( nLen );
pInf->SetFakeLineStart( false );
commit 7d50d80ac6e9019f279c22a8861ad283946dd065
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 30 21:03:01 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:17 2024 +0200
ofz#57529 Integer-overflow
Change-Id: I93775299aa340e2e645a04be5d0bc36a9caea103
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149773
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 397e2d5118dcc5ebd8dedfe731de02fb4277960f)
diff --git a/package/source/zipapi/XUnbufferedStream.cxx
b/package/source/zipapi/XUnbufferedStream.cxx
index 56f864a2df05..8e15e61526d5 100644
--- a/package/source/zipapi/XUnbufferedStream.cxx
+++ b/package/source/zipapi/XUnbufferedStream.cxx
@@ -28,6 +28,7 @@
#include <algorithm>
#include <string.h>
+#include <o3tl/safeint.hxx>
#include <osl/diagnose.h>
#include <osl/mutex.hxx>
#include <tools/diagnose_ex.h>
@@ -64,20 +65,24 @@ XUnbufferedStream::XUnbufferedStream(
, mbCheckCRC(!bRecoveryMode)
{
mnZipCurrent = maEntry.nOffset;
+ sal_Int64 nSize;
if ( mbRawStream )
{
mnZipSize = maEntry.nMethod == DEFLATED ? maEntry.nCompressedSize :
maEntry.nSize;
- mnZipEnd = maEntry.nOffset + mnZipSize;
+ nSize = mnZipSize;
}
else
{
mnZipSize = maEntry.nSize;
- mnZipEnd = maEntry.nMethod == DEFLATED ? maEntry.nOffset +
maEntry.nCompressedSize : maEntry.nOffset + maEntry.nSize;
+ nSize = maEntry.nMethod == DEFLATED ? maEntry.nCompressedSize :
maEntry.nSize;
}
if (mnZipSize < 0)
throw ZipIOException("The stream seems to be broken!");
+ if (o3tl::checked_add(maEntry.nOffset, nSize, mnZipEnd))
+ throw ZipIOException("Integer-overflow");
+
bool bHaveEncryptData = rData.is() && rData->m_aInitVector.hasElements() &&
((rData->m_aSalt.hasElements() && rData->m_nIterationCount != 0)
||
commit b18f57b883225bc50654fc440871492a1bbf397e
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sun May 26 12:39:51 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:17 2024 +0200
ofz#69256 Integer-overflow
Change-Id: I564635a52282ee632a0c028199ec86dd4bff99a8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168044
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Tested-by: Jenkins
(cherry picked from commit 560f0f10a137f98ed2204bf8e00f892333d2dae8)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 6f7f8e8d9aef..4464a1e3262a 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -346,6 +346,9 @@ MetaArcAction::MetaArcAction( const tools::Rectangle& rRect,
void MetaArcAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(maRect)))
+ return;
+
pOut->DrawArc( maRect, maStartPt, maEndPt );
}
commit 55c0d6705615a14ccd5e6f129c8a07c802275eff
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sat May 4 15:26:54 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:17 2024 +0200
ofz#68504 Integer-overflow
Change-Id: I38a5f6550e57875cea3d667a650e165b9d606fbe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167131
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit a401e72370133403f81492c31bdc45bddaba6d49)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 4dfc5db9f67e..6f7f8e8d9aef 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -385,6 +385,9 @@ MetaPieAction::MetaPieAction( const tools::Rectangle& rRect,
void MetaPieAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(maRect)))
+ return;
+
pOut->DrawPie( maRect, maStartPt, maEndPt );
}
commit b2b35e066e6b4e4d1098526248328853296a3057
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Mar 29 08:57:46 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:17 2024 +0200
ofz#67699 Integer-overflow
Change-Id: Ifb949cb4816c21587f337827fe50f993a64a3f60
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165509
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 64fa566e659112b46d063dc0e0a89fe8f8065235)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 66403d851e5a..4dfc5db9f67e 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -668,6 +668,9 @@ MetaTextArrayAction::~MetaTextArrayAction()
void MetaTextArrayAction::Execute( OutputDevice* pOut )
{
+ if (!AllowPoint(pOut->LogicToPixel(maStartPt)))
+ return;
+
pOut->DrawTextArray( maStartPt, maStr, maDXAry, mnIndex, mnLen );
}
commit 5ef2017c3b78f847be6d2e324ea174f03a05108d
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Dec 4 10:58:35 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:17 2024 +0200
ofz#64680 Integer-overflow
Change-Id: Ic125ef6faf136a9821efc717214dd49ae24d6059
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160288
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 8bf16dc47e518e3cd2a6611b1c768ae589ea206e)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 81c5d8070f5a..66403d851e5a 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1086,6 +1086,9 @@ MetaBmpExScalePartAction::MetaBmpExScalePartAction( const
Point& rDstPt, const S
void MetaBmpExScalePartAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(tools::Rectangle(maDstPt, maDstSz))))
+ return;
+
pOut->DrawBitmapEx( maDstPt, maDstSz, maSrcPt, maSrcSz, maBmpEx );
}
commit 4787e14f0e941ce4ddcfc22a254471efa753acd6
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Sep 12 11:49:23 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:16 2024 +0200
ofz#62155 skip line with negative width
Change-Id: I5549ac15a179051f6fb02786c53469479b0a2e67
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/156839
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 6a77594f380b596371a0a036a1e229e02e8666b9)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index b678130762b8..81c5d8070f5a 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -805,6 +805,11 @@ MetaTextLineAction::MetaTextLineAction( const Point& rPos,
tools::Long nWidth,
void MetaTextLineAction::Execute( OutputDevice* pOut )
{
+ if (mnWidth < 0)
+ {
+ SAL_WARN("vcl", "skipping line with negative width: " << mnWidth);
+ return;
+ }
pOut->DrawTextLine( maPos, mnWidth, meStrikeout, meUnderline, meOverline );
}
commit fac96975bc372e0a0f5a03dbe97fffb26b546ced
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sun Jun 18 21:02:43 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:16 2024 +0200
ofz#59902 Integer-overflow
Change-Id: Iedb4ca9aef44ef8ead9b021075c4808001e9ae5b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/153237
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 1128a505a1637cce4c35871432ac902ca2335c64)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 3dbfed236fd2..b678130762b8 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1202,7 +1202,7 @@ MetaMaskScalePartAction::MetaMaskScalePartAction( const
Point& rDstPt, const Siz
void MetaMaskScalePartAction::Execute( OutputDevice* pOut )
{
- if (!AllowRect(tools::Rectangle(maDstPt, maDstSz)))
+ if (!AllowRect(pOut->LogicToPixel(tools::Rectangle(maDstPt, maDstSz))))
return;
pOut->DrawMask( maDstPt, maDstSz, maSrcPt, maSrcSz, maBmp, maColor,
MetaActionType::MASKSCALE );
commit bbac305f35e641674a1796e90deb414e18eba5b2
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue May 9 08:45:34 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:16 2024 +0200
ofz#58756 Integer-overflow
Change-Id: Ie2782c1d68f73e5e88cf868eb1ce106ec0c181b0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151558
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit b7ec54b7c6e85d507066442de3b7398f34bbb653)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 7033e06c17e3..3dbfed236fd2 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -961,6 +961,9 @@ MetaBmpScalePartAction::MetaBmpScalePartAction( const
Point& rDstPt, const Size&
void MetaBmpScalePartAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(tools::Rectangle(maDstPt, maDstSz))))
+ return;
+
pOut->DrawBitmap( maDstPt, maDstSz, maSrcPt, maSrcSz, maBmp );
}
commit 8dc2f4ec8c9a7f766b074a895da473d545cbcc88
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Apr 27 13:14:52 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:16 2024 +0200
ofz#58380 Integer-overflow
Change-Id: I88155f7f2abf42a11376d6f54aab28c233cf7e07
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151100
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit b9f78bec3558937d45b3a9d730c1c9d40a9c58d6)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 6a62549e2251..7033e06c17e3 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -913,8 +913,12 @@ static bool AllowScale(const Size& rSource, const Size&
rDest)
void MetaBmpScaleAction::Execute( OutputDevice* pOut )
{
- if (!AllowScale(maBmp.GetSizePixel(), pOut->LogicToPixel(maSz)))
+ Size aPixelSize(pOut->LogicToPixel(maSz));
+ if (!AllowRect(tools::Rectangle(pOut->LogicToPixel(maPt), aPixelSize)) ||
+ !AllowScale(maBmp.GetSizePixel(), aPixelSize))
+ {
return;
+ }
pOut->DrawBitmap( maPt, maSz, maBmp );
}
commit 971745446bb933c7cf90037417492364dd7bf591
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Apr 24 16:27:52 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:16 2024 +0200
ofz#58241 Integer-overflow
Change-Id: Ie5b82df4642c786e309022e3b5a436aef66d1137
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150945
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 26b7d00c24c4d85d004e3840fb9053e4c88c1fee)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 65e54f7d0547..6a62549e2251 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1306,6 +1306,8 @@ void MetaHatchAction::Execute( OutputDevice* pOut )
{
if (!AllowRect(pOut->LogicToPixel(maPolyPoly.GetBoundRect())))
return;
+ if (!AllowDim(pOut->LogicToPixel(Point(maHatch.GetDistance(), 0)).X()))
+ return;
pOut->DrawHatch( maPolyPoly, maHatch );
}
commit 69d194a7d9c1f4cda557af87af5b3213fff5ab4f
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Mar 25 19:46:28 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:16 2024 +0200
ofz#57444 Integer-overflow
Change-Id: I8e18854379c6ad71ebe316d60fbf586cbdc240ae
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149584
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit c76c805472ff07695d1b1de5e5ed567162c5f227)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 83ca14fd8695..65e54f7d0547 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1304,6 +1304,9 @@ MetaHatchAction::MetaHatchAction( const
tools::PolyPolygon& rPolyPoly, const Hat
void MetaHatchAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(maPolyPoly.GetBoundRect())))
+ return;
+
pOut->DrawHatch( maPolyPoly, maHatch );
}
commit 8518bc8a2c76bf64651673b41640bb56c548f632
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 23 16:31:04 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:16 2024 +0200
ofz#57146 Integer-overflow
Change-Id: Ic5a86254b5d969c8242c124fa0515e4f1537114f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149460
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit f2033b6623e13ad70f6648545571594a8cd848c7)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index c6b875f84cb5..83ca14fd8695 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -571,28 +571,33 @@ MetaTextAction::MetaTextAction( const Point& rPt, const
OUString& rStr,
mnLen ( nLen )
{}
-static bool AllowY(tools::Long nY)
+static bool AllowDim(tools::Long nDim)
{
static bool bFuzzing = utl::ConfigManager::IsFuzzing();
if (bFuzzing)
{
- if (nY > 0x20000000 || nY < -0x20000000)
+ if (nDim > 0x20000000 || nDim < -0x20000000)
{
- SAL_WARN("vcl", "skipping huge y: " << nY);
+ SAL_WARN("vcl", "skipping huge dimension: " << nDim);
return false;
}
}
return true;
}
+static bool AllowPoint(const Point& rPoint)
+{
+ return AllowDim(rPoint.X()) && AllowDim(rPoint.Y());
+}
+
static bool AllowRect(const tools::Rectangle& rRect)
{
- return AllowY(rRect.Top()) && AllowY(rRect.Bottom());
+ return AllowDim(rRect.Top()) && AllowDim(rRect.Bottom());
}
void MetaTextAction::Execute( OutputDevice* pOut )
{
- if (!AllowY(pOut->LogicToPixel(maPt).Y()))
+ if (!AllowDim(pOut->LogicToPixel(maPt).Y()))
return;
pOut->DrawText( maPt, maStr, mnIndex, mnLen );
@@ -715,7 +720,7 @@ MetaStretchTextAction::MetaStretchTextAction( const Point&
rPt, sal_uInt32 nWidt
void MetaStretchTextAction::Execute( OutputDevice* pOut )
{
- if (!AllowY(pOut->LogicToPixel(maPt).Y()))
+ if (!AllowDim(pOut->LogicToPixel(maPt).Y()))
return;
pOut->DrawStretchText( maPt, mnWidth, maStr, mnIndex, mnLen );
@@ -1474,7 +1479,7 @@ MetaMoveClipRegionAction::MetaMoveClipRegionAction(
tools::Long nHorzMove, tools
void MetaMoveClipRegionAction::Execute( OutputDevice* pOut )
{
- if (!AllowY(pOut->LogicToPixel(Point(mnHorzMove, mnVertMove)).Y()))
+ if (!AllowPoint(pOut->LogicToPixel(Point(mnHorzMove, mnVertMove))))
return;
pOut->MoveClipRegion( mnHorzMove, mnVertMove );
}
commit c752c657c8d592538d493acd2bf49f952a4ef461
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Mar 11 21:13:17 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:16 2024 +0200
ofz#56928 Integer-overflow
Change-Id: Ia20a42e16b50ab320e44405e60403c1d3b971bb5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/148692
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 668c44e841a10cec8932a446a941e6d7c386bf3b)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index dd57e42b9bcd..c6b875f84cb5 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1474,6 +1474,8 @@ MetaMoveClipRegionAction::MetaMoveClipRegionAction(
tools::Long nHorzMove, tools
void MetaMoveClipRegionAction::Execute( OutputDevice* pOut )
{
+ if (!AllowY(pOut->LogicToPixel(Point(mnHorzMove, mnVertMove)).Y()))
+ return;
pOut->MoveClipRegion( mnHorzMove, mnVertMove );
}
commit 7524da489c77d63fa68597137db688e1a392334b
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Feb 15 09:07:42 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:16 2024 +0200
ofz#55981 Integer-overflow
Change-Id: Id854f455f684c3eb11351da63dc173c1be8677bc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147044
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 2df61f1ea0cf85adf4c134ff98348e348e8c3d9a)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index b9024c7e49ec..dd57e42b9bcd 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1436,6 +1436,9 @@
MetaISectRegionClipRegionAction::MetaISectRegionClipRegionAction( const vcl::Reg
void MetaISectRegionClipRegionAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(maRegion.GetBoundRect())))
+ return;
+
pOut->IntersectClipRegion( maRegion );
}
commit abf625b1d393a6d2d2d4888df18999252f2b65aa
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Jan 25 19:35:44 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:16 2024 +0200
ofz#55389 Integer-overflow
Change-Id: I98bd62634ca054a668513df426fca408c78e7c95
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146145
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 71a04c248411988697727cfe1ee6717f707422e6)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 5b8eb0b1a432..b9024c7e49ec 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1025,6 +1025,8 @@ void MetaBmpExScaleAction::Execute( OutputDevice* pOut )
{
if (!AllowScale(maBmpEx.GetSizePixel(), pOut->LogicToPixel(maSz)))
return;
+ if (!AllowRect(pOut->LogicToPixel(tools::Rectangle(maPt, maSz))))
+ return;
pOut->DrawBitmapEx( maPt, maSz, maBmpEx );
}
commit 1b60c920f50d734f4b77f93741d8390686cc7d83
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Dec 2 10:54:46 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:15 2024 +0200
ofz#53868 Integer-overflow
Change-Id: I5d6da712d5db9e0b8b19fca2101626a2a7e2907e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143569
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit bbe530a238e68d7338c51532f0f7991ccae8ba17)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index bc219d141277..5b8eb0b1a432 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1188,6 +1188,9 @@ MetaMaskScalePartAction::MetaMaskScalePartAction( const
Point& rDstPt, const Siz
void MetaMaskScalePartAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(tools::Rectangle(maDstPt, maDstSz)))
+ return;
+
pOut->DrawMask( maDstPt, maDstSz, maSrcPt, maSrcSz, maBmp, maColor,
MetaActionType::MASKSCALE );
}
commit 14cb485f28a69075999cd50370c7a1f5243f4524
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Dec 7 20:58:06 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:15 2024 +0200
ofz#53824 Out-of-memory
Change-Id: Ia90527f97a4febf3bbdf1919e8db3d8ab5375ac6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143803
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 5d77fe6e7a386efda32a19d3bca587b1ad12715d)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index b4fa18a0110e..bc219d141277 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -908,7 +908,7 @@ static bool AllowScale(const Size& rSource, const Size&
rDest)
void MetaBmpScaleAction::Execute( OutputDevice* pOut )
{
- if (!AllowScale(maBmp.GetSizePixel(), maSz))
+ if (!AllowScale(maBmp.GetSizePixel(), pOut->LogicToPixel(maSz)))
return;
pOut->DrawBitmap( maPt, maSz, maBmp );
@@ -1023,7 +1023,7 @@ MetaBmpExScaleAction::MetaBmpExScaleAction( const Point&
rPt, const Size& rSz,
void MetaBmpExScaleAction::Execute( OutputDevice* pOut )
{
- if (!AllowScale(maBmpEx.GetSizePixel(), maSz))
+ if (!AllowScale(maBmpEx.GetSizePixel(), pOut->LogicToPixel(maSz)))
return;
pOut->DrawBitmapEx( maPt, maSz, maBmpEx );
commit de8ef72354254f0316b0c11a348a32af68643026
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Jan 6 20:27:01 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:15 2024 +0200
ofz#54707 Integer-overflow
Change-Id: I3b448ed2752bfbffa2f38db3fe0d4099b9f83b2a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145164
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 8ddb962846020d1534454fdeea628bb72d92ba40)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index a29c0d393367..b4fa18a0110e 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1143,6 +1143,8 @@ MetaMaskScaleAction::MetaMaskScaleAction( const Point&
rPt, const Size& rSz,
void MetaMaskScaleAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(tools::Rectangle(maPt, maSz))))
+ return;
pOut->DrawMask( maPt, maSz, maBmp, maColor );
}
commit c6d8e640e0f609e1b2e76f7f4f85c063c598f508
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Dec 19 10:33:18 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:15 2024 +0200
ofz#54240 Integer-overflow
Change-Id: I50c8f9579a9fb07431ad0d6eebc5f0df8e40ebd4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144463
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit ea7db3b0828f16d424910892f10a3b979dbf2ed3)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 9d2dd3ade236..a29c0d393367 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -592,7 +592,7 @@ static bool AllowRect(const tools::Rectangle& rRect)
void MetaTextAction::Execute( OutputDevice* pOut )
{
- if (!AllowY(maPt.Y()))
+ if (!AllowY(pOut->LogicToPixel(maPt).Y()))
return;
pOut->DrawText( maPt, maStr, mnIndex, mnLen );
@@ -715,6 +715,9 @@ MetaStretchTextAction::MetaStretchTextAction( const Point&
rPt, sal_uInt32 nWidt
void MetaStretchTextAction::Execute( OutputDevice* pOut )
{
+ if (!AllowY(pOut->LogicToPixel(maPt).Y()))
+ return;
+
pOut->DrawStretchText( maPt, mnWidth, maStr, mnIndex, mnLen );
}
@@ -751,7 +754,7 @@ MetaTextRectAction::MetaTextRectAction( const
tools::Rectangle& rRect,
void MetaTextRectAction::Execute( OutputDevice* pOut )
{
- if (!AllowRect(maRect))
+ if (!AllowRect(pOut->LogicToPixel(maRect)))
return;
pOut->DrawText( maRect, maStr, mnStyle );
commit 7ab2da511d789cef6771b8d1bd40ad3a00d90901
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Dec 12 20:25:13 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:15 2024 +0200
ofz#54240 Integer-overflow
Change-Id: I78058fa65c496ae537942222cff242943e6114ef
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144010
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit b49904f92d1df12311330cf7e40163349d0e82e9)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index e84324d6f3ac..9d2dd3ade236 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -571,8 +571,30 @@ MetaTextAction::MetaTextAction( const Point& rPt, const
OUString& rStr,
mnLen ( nLen )
{}
+static bool AllowY(tools::Long nY)
+{
+ static bool bFuzzing = utl::ConfigManager::IsFuzzing();
+ if (bFuzzing)
+ {
+ if (nY > 0x20000000 || nY < -0x20000000)
+ {
+ SAL_WARN("vcl", "skipping huge y: " << nY);
+ return false;
+ }
+ }
+ return true;
+}
+
+static bool AllowRect(const tools::Rectangle& rRect)
+{
+ return AllowY(rRect.Top()) && AllowY(rRect.Bottom());
+}
+
void MetaTextAction::Execute( OutputDevice* pOut )
{
+ if (!AllowY(maPt.Y()))
+ return;
+
pOut->DrawText( maPt, maStr, mnIndex, mnLen );
}
@@ -727,25 +749,6 @@ MetaTextRectAction::MetaTextRectAction( const
tools::Rectangle& rRect,
mnStyle ( nStyle )
{}
-static bool AllowRect(const tools::Rectangle& rRect)
-{
- static bool bFuzzing = utl::ConfigManager::IsFuzzing();
- if (bFuzzing)
- {
- if (rRect.Top() > 0x20000000 || rRect.Top() < -0x20000000)
- {
- SAL_WARN("vcl", "skipping huge rect top: " << rRect.Top());
- return false;
- }
- if (rRect.Bottom() > 0x20000000 || rRect.Bottom() < -0x20000000)
- {
- SAL_WARN("vcl", "skipping huge rect bottom: " << rRect.Bottom());
- return false;
- }
- }
- return true;
-}
-
void MetaTextRectAction::Execute( OutputDevice* pOut )
{
if (!AllowRect(maRect))
commit 0721f7181406504c4926564fbd3882eb67e99c5c
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Dec 4 11:54:33 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:15 2024 +0200
ofz#53842 Timeout
Change-Id: I24e5bf30c93bfe2ebb27c2b01232dbc8a42964a3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143630
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 60dbf73c1f42f09d52dc8ef9fcf7d902cf2b1dd4)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index d5518d2ae5a6..e84324d6f3ac 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -737,6 +737,11 @@ static bool AllowRect(const tools::Rectangle& rRect)
SAL_WARN("vcl", "skipping huge rect top: " << rRect.Top());
return false;
}
+ if (rRect.Bottom() > 0x20000000 || rRect.Bottom() < -0x20000000)
+ {
+ SAL_WARN("vcl", "skipping huge rect bottom: " << rRect.Bottom());
+ return false;
+ }
}
return true;
}
commit e6db419612902341e9eeae423f970f21a8262743
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Nov 26 19:27:03 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:15 2024 +0200
ofz#53764 Integer-overflow
Change-Id: I0d0ec07801fd612fde3028d4aad2f154c27bc551
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143327
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 21b88575af9e11115a6b124d8d9cb4e0a95e9fea)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 9a85d805b41a..d5518d2ae5a6 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -76,6 +76,8 @@ void ImplScaleLineInfo( LineInfo& rLineInfo, double fScaleX,
double fScaleY )
} //anonymous namespace
+static bool AllowRect(const tools::Rectangle& rRect);
+
MetaAction::MetaAction() :
mnType( MetaActionType::NONE )
{
@@ -725,8 +727,25 @@ MetaTextRectAction::MetaTextRectAction( const
tools::Rectangle& rRect,
mnStyle ( nStyle )
{}
+static bool AllowRect(const tools::Rectangle& rRect)
+{
+ static bool bFuzzing = utl::ConfigManager::IsFuzzing();
+ if (bFuzzing)
+ {
+ if (rRect.Top() > 0x20000000 || rRect.Top() < -0x20000000)
+ {
+ SAL_WARN("vcl", "skipping huge rect top: " << rRect.Top());
+ return false;
+ }
+ }
+ return true;
+}
+
void MetaTextRectAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(maRect))
+ return;
+
pOut->DrawText( maRect, maStr, mnStyle );
}
@@ -839,7 +858,8 @@ MetaBmpScaleAction::MetaBmpScaleAction( const Point& rPt,
const Size& rSz,
static bool AllowScale(const Size& rSource, const Size& rDest)
{
- if (utl::ConfigManager::IsFuzzing())
+ static bool bFuzzing = utl::ConfigManager::IsFuzzing();
+ if (bFuzzing)
{
constexpr int nMaxScaleWhenFuzzing = 512;
commit 0f9f88447ed929d0ebab63a56598357375888859
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Dec 7 11:12:01 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:15 2024 +0200
ofz#54088 Use a DeleteListener rather than try to predict what gets deleted
Change-Id: I5e49e0904422ed513f302f05583ef8140b58ef72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143770
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 6e502de67a7a19d33dcb69cbd35366c4dd0850f9)
diff --git a/sw/source/filter/html/htmlftn.cxx
b/sw/source/filter/html/htmlftn.cxx
index e0e442de81ac..24ba509336cd 100644
--- a/sw/source/filter/html/htmlftn.cxx
+++ b/sw/source/filter/html/htmlftn.cxx
@@ -228,9 +228,9 @@ SwNodeIndex *SwHTMLParser::GetFootEndNoteSection( const
OUString& rName )
size_t nCount = m_pFootEndNoteImpl->aTextFootnotes.size();
for(size_t i = 0; i < nCount; ++i)
{
- if (m_pFootEndNoteImpl->aTextFootnotes[i].sName == aName)
+ if (m_pFootEndNoteImpl->aTextFootnotes[i].GetName() == aName)
{
- pStartNodeIdx =
m_pFootEndNoteImpl->aTextFootnotes[i].pTextFootnote->GetStartNode();
+ pStartNodeIdx =
m_pFootEndNoteImpl->aTextFootnotes[i].GetStartNode();
m_pFootEndNoteImpl->aTextFootnotes.erase(
m_pFootEndNoteImpl->aTextFootnotes.begin() + i );
if (m_pFootEndNoteImpl->aTextFootnotes.empty())
{
diff --git a/sw/source/filter/html/swhtml.hxx b/sw/source/filter/html/swhtml.hxx
index aa5e98d911e6..288484da68a0 100644
--- a/sw/source/filter/html/swhtml.hxx
+++ b/sw/source/filter/html/swhtml.hxx
@@ -28,8 +28,11 @@
#include <editeng/svxenum.hxx>
#include <rtl/ref.hxx>
#include <rtl/ustrbuf.hxx>
+#include <deletelistener.hxx>
+#include <fmtftn.hxx>
#include <fltshell.hxx>
#include <swtypes.hxx>
+#include <txtftn.hxx>
#include <com/sun/star/drawing/XShape.hpp>
#include <com/sun/star/form/XFormComponent.hpp>
#include <com/sun/star/beans/XPropertySet.hpp>
@@ -1026,14 +1029,30 @@ inline bool SwHTMLParser::HasStyleOptions(
std::u16string_view rStyle,
class SwTextFootnote;
-struct SwHTMLTextFootnote
+class SwHTMLTextFootnote
{
+private:
OUString sName;
+public:
SwTextFootnote* pTextFootnote;
+private:
+ std::unique_ptr<SvtDeleteListener> xDeleteListener;
+public:
SwHTMLTextFootnote(const OUString &rName, SwTextFootnote* pInTextFootnote)
: sName(rName)
, pTextFootnote(pInTextFootnote)
+ , xDeleteListener(new
SvtDeleteListener(static_cast<SwFormatFootnote&>(pInTextFootnote->GetAttr()).GetNotifier()))
+ {
+ }
+ const OUString& GetName() const
+ {
+ return sName;
+ }
+ SwNodeIndex* GetStartNode() const
{
+ if (xDeleteListener->WasDeleted())
+ return nullptr;
+ return pTextFootnote->GetStartNode();
}
};
commit 54707c6dc57d2f87edcf5207652284e3466c96f4
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Nov 17 13:15:27 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:36:15 2024 +0200
ofz#53457 sanity check the form field range
Change-Id: I2a1c82bb0590acf8f2399f2ea4b6b477600c7908
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/142840
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit f44f5f12605f32d92c2c1689e3e6888337eca2d9)
diff --git a/sw/qa/core/data/ww8/pass/ofz53457-1.doc
b/sw/qa/core/data/ww8/pass/ofz53457-1.doc
new file mode 100644
index 000000000000..b847eedbbdef
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/ofz53457-1.doc differ
diff --git a/sw/source/filter/ww8/ww8par5.cxx b/sw/source/filter/ww8/ww8par5.cxx
index 0de01678a4bd..213e9f641736 100644
--- a/sw/source/filter/ww8/ww8par5.cxx
+++ b/sw/source/filter/ww8/ww8par5.cxx
@@ -503,6 +503,20 @@ void SwWW8ImplReader::UpdateFields()
m_rDoc.SetInitDBFields(true); // Also update fields in the
database
}
+// Sanity check the PaM to see if it makes sense wrt sw::CalcBreaks
+static bool SanityCheck(const SwPaM& rFieldPam)
+{
+ SwNodeOffset const nEndNode(rFieldPam.End()->nNode.GetIndex());
+ SwNodes const& rNodes(rFieldPam.GetPoint()->nNode.GetNodes());
+ SwNode *const pFinalNode(rNodes[nEndNode]);
+ if (pFinalNode->IsTextNode())
+ {
+ SwTextNode & rTextNode(*pFinalNode->GetTextNode());
+ return (rTextNode.Len() >= rFieldPam.End()->nContent.GetIndex());
+ }
+ return true;
+}
+
sal_uInt16 SwWW8ImplReader::End_Field()
{
sal_uInt16 nRet = 0;
@@ -531,9 +545,9 @@ sal_uInt16 SwWW8ImplReader::End_Field()
SwPosition aEndPos = *m_pPaM->GetPoint();
SwPaM aFieldPam( m_aFieldStack.back().GetPtNode(),
m_aFieldStack.back().GetPtContent(), aEndPos.nNode,
aEndPos.nContent.GetIndex());
IDocumentMarkAccess* pMarksAccess = m_rDoc.getIDocumentMarkAccess(
);
- IFieldmark *pFieldmark = pMarksAccess->makeFieldBookmark(
+ IFieldmark *pFieldmark = SanityCheck(aFieldPam) ?
pMarksAccess->makeFieldBookmark(
aFieldPam, m_aFieldStack.back().GetBookmarkName(),
ODF_FORMTEXT,
- aFieldPam.Start() /*same pos as start!*/ );
+ aFieldPam.Start() /*same pos as start!*/ ) : nullptr;
OSL_ENSURE(pFieldmark!=nullptr, "hmmm; why was the bookmark not
created?");
if (pFieldmark!=nullptr) {
// adapt redline positions to inserted field mark start
commit 45f0ac624720c324525d6824238bdada72a837e6
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Oct 3 09:14:45 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:14:33 2024 +0200
ofz#62935 avoid negative numbers in olHanglJaso
Change-Id: I3898b95e9d2fe60690889ba259859ed9f66636d1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/157461
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 39454ba46cef98b59b012f791de77d1526ed2d13)
diff --git a/hwpfilter/source/hbox.cxx b/hwpfilter/source/hbox.cxx
index dd6ae6d57b04..8460f08e923a 100644
--- a/hwpfilter/source/hbox.cxx
+++ b/hwpfilter/source/hbox.cxx
@@ -428,7 +428,7 @@ hchar_string MailMerge::GetString()
#define OL_HANGL_JASO 0
#define OL_HANGL_KANATA 1
-static hchar olHanglJaso(int num, int type)
+static hchar olHanglJaso(unsigned int num, int type)
{
static const unsigned char han_init[] =
{ 0x88, 0x90, 0x94, 0x9c, 0xa0, 0xa4, 0xac, 0xb4, 0xb8, 0xc0, 0xc4,
0xc8, 0xcc, 0xd0 };
commit b2b427d9d2911824fd0b7c1e18e1bccea54ed862
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Feb 10 15:02:52 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:14:33 2024 +0200
ofz: Use-of-uninitialized-value
Change-Id: I033fab3ea016d3b57891a35602920b7de811ccb4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146784
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit d6b590feda1c61fd5ed14c0be66379b8e5de0c6a)
diff --git a/hwpfilter/source/hbox.cxx b/hwpfilter/source/hbox.cxx
index 52e5ab65369a..dd6ae6d57b04 100644
--- a/hwpfilter/source/hbox.cxx
+++ b/hwpfilter/source/hbox.cxx
@@ -576,11 +576,13 @@ OUString Outline::GetUnicode() const
case OLSTY_NUMS2:
{
char cur_num_str[10], buf[80];
- int i;
buf[0] = 0;
- for (i = 0; i <= level; i++)
+ for (unsigned int i = 0; i <= level; ++i)
{
+ if (i >= std::size(number))
+ break;
+
levelnum = ((number[i] < 1) ? 1 : number[i]);
if (shape == OLSTY_NUMS2 && i && i == level)
sprintf(cur_num_str, "%d%c", levelnum, 0);
commit 8eb4147de1b3bcb43ad779545a1c661b8d2236b6
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Jun 21 08:57:03 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 15:14:33 2024 +0200
ofz#48161 Container-overflow
Change-Id: I99a63c3cfa48344221dbe4a7400d313d875abd82
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136207
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 8fb6f3d894093c729e8ee304f8b6fb553a7ceac4)
diff --git a/hwpfilter/source/hwpreader.cxx b/hwpfilter/source/hwpreader.cxx
index 87c2e6412bd5..fe0eaffeae07 100644
--- a/hwpfilter/source/hwpreader.cxx
+++ b/hwpfilter/source/hwpreader.cxx
@@ -2817,7 +2817,7 @@ void HwpReader::make_text_p3(HWPPara * para,bool
bParaStart)
}
int n = 0;
- while (n < para->nch)
+ while (n < para->nch && o3tl::make_unsigned(n) < para->hhstr.size())
{
const auto& box = para->hhstr[n];
