core.git: Branch 'distro/collabora/co-25.04' - oox/source xmloff/source

Wed, 03 Dec 2025 02:23:40 -0800 

 oox/source/export/ThemeExport.cxx |    1 +
 oox/source/export/drawingml.cxx   |    3 +++
 xmloff/source/style/xmlbahdl.cxx  |   10 ++++++++--
 3 files changed, 12 insertions(+), 2 deletions(-)

New commits:
commit 80c58f15baf79f19b954b1199cbca9c2f3dcf8bf
Author:     Noel Grandin <[email protected]>
AuthorDate: Wed Dec 3 10:29:50 2025 +0200
Commit:     Noel Grandin <[email protected]>
CommitDate: Wed Dec 3 11:23:10 2025 +0100

    mso-test: import data has bad percentage value
    
    found by converting tdf34406-1.odp to pptx and running officeotron on the 
output
    
    INFO - Validating part "/ppt/slides/slide4.xml" using schema 
"29500T/pml.xsd" ...
    ERROR      - (slides/slide4.xml:2 col:24,296) cvc-datatype-valid.1.2.3:
    '-4900000' is not a valid value of union type 'ST_PositiveFixedPercentage'.
    
    The import data in content.xml looks like:
    
      <style:style style:name="ce8" style:family="table-cell">
        <style:graphic-properties draw:fill="solid" draw:fill-color="#808080"
          draw:opacity="-4900%"
    
    where the opacity value is wildly out of range. So validate on input.
    
    Change-Id: I1d9146a3f38f975a5e229f63e17fca6fb435439b
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/194950
    Tested-by: Jenkins CollaboraOffice <[email protected]>
    Reviewed-by: Michael Stahl <[email protected]>

diff --git a/oox/source/export/ThemeExport.cxx 
b/oox/source/export/ThemeExport.cxx
index 14f313cb2eb3..069b38b090dd 100644
--- a/oox/source/export/ThemeExport.cxx
+++ b/oox/source/export/ThemeExport.cxx
@@ -899,6 +899,7 @@ bool ThemeExport::writeColorSet(model::Theme const& rTheme)
 
                 // drawingML alpha is a percentage on a 0..100000 scale.
                 sal_Int32 nAlpha = aColor.GetAlpha() * 
oox::drawingml::MAX_PERCENT / 255;
+                assert(nAlpha >= 0);
                 mpFS->singleElementNS(XML_a, XML_alpha, XML_val, 
OUString::number(nAlpha));
 
                 mpFS->endElementNS(XML_a, XML_srgbClr);
diff --git a/oox/source/export/drawingml.cxx b/oox/source/export/drawingml.cxx
index eccc00c3faa6..e8f9bff158ea 100644
--- a/oox/source/export/drawingml.cxx
+++ b/oox/source/export/drawingml.cxx
@@ -362,6 +362,7 @@ void DrawingML::WriteColor( ::Color nColor, sal_Int32 
nAlpha )
     if( nAlpha < MAX_PERCENT )
     {
         mpFS->startElementNS(XML_a, XML_srgbClr, XML_val, sColor);
+        assert(nAlpha >= 0);
         mpFS->singleElementNS(XML_a, XML_alpha, XML_val, 
OString::number(nAlpha));
         mpFS->endElementNS( XML_a, XML_srgbClr );
 
@@ -408,6 +409,7 @@ void DrawingML::WriteColor( const ::Color nColor, const 
Sequence< PropertyValue
     else if(nAlpha < MAX_PERCENT)
     {
         mpFS->startElementNS(XML_a, XML_srgbClr, XML_val, sColor);
+        assert(nAlpha >= 0);
         mpFS->singleElementNS(XML_a, XML_alpha, XML_val, 
OString::number(nAlpha));
         mpFS->endElementNS(XML_a, XML_srgbClr);
     }
@@ -426,6 +428,7 @@ void DrawingML::WriteColorTransformations( const Sequence< 
PropertyValue >& aTra
         {
             if(nToken == XML_alpha && nAlpha < MAX_PERCENT)
             {
+                assert(nAlpha >= 0);
                 mpFS->singleElementNS(XML_a, nToken, XML_val, 
OString::number(nAlpha));
             }
             else
diff --git a/xmloff/source/style/xmlbahdl.cxx b/xmloff/source/style/xmlbahdl.cxx
index a59abbdeed04..2749cff5356b 100644
--- a/xmloff/source/style/xmlbahdl.cxx
+++ b/xmloff/source/style/xmlbahdl.cxx
@@ -455,8 +455,14 @@ bool XMLNegPercentPropHdl::importXML( const OUString& 
rStrImpValue, Any& rValue,
 {
     sal_Int32 nValue = 0;
     bool bRet = ::sax::Converter::convertPercent( nValue, rStrImpValue );
-    if (bRet)
-        bRet = !o3tl::checked_sub<sal_Int32>(100, nValue, nValue);
+    if (!bRet)
+        return false;
+    if (nValue < 0 || nValue > 100)
+    {
+        SAL_WARN("xmloff", "Percentage property out of range, ignoring");
+        return false;
+    }
+    bRet = !o3tl::checked_sub<sal_Int32>(100, nValue, nValue);
     if (bRet)
         lcl_xmloff_setAny( rValue, nValue, nBytes );
     return bRet;

Reply via email to