filter/source/graphicfilter/itiff/lzwdecom.cxx | 42 +++++++++++++++++++------
tools/source/generic/poly.cxx | 4 +-
vcl/source/gdi/metaact.cxx | 41 +++++++++++++-----------
3 files changed, 57 insertions(+), 30 deletions(-)
New commits:
commit 799f9805b761ff1930a9864a0d7f44966328906b
Author: Caolán McNamara <caol...@redhat.com>
Date: Wed Apr 2 09:33:03 2014 +0100
init a few more stream-read svm elements
(cherry picked from commit 67c6ea0c426c2796fc1b80cbe2cb0347686db90d)
Conflicts:
vcl/source/gdi/metaact.cxx
Change-Id: I3dfa2485afbe66131b86764374d53181b55c2346
(cherry picked from commit 21212a65c5653bdc38cea426710e68ed40c66eb8)
diff --git a/tools/source/generic/poly.cxx b/tools/source/generic/poly.cxx
index 73a93e3..585e915 100644
--- a/tools/source/generic/poly.cxx
+++ b/tools/source/generic/poly.cxx
@@ -1553,7 +1553,7 @@ SvStream& operator>>( SvStream& rIStream, Polygon& rPoly )
DBG_ASSERTWARNING( rIStream.GetVersion(), "Polygon::>> - Solar-Version not
set on rIStream" );
sal_uInt16 i;
- sal_uInt16 nPoints;
+ sal_uInt16 nPoints(0);
// read all points and create array
rIStream >> nPoints;
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index c349061..5be33a9 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -982,7 +982,7 @@ void MetaPolyLineAction::Read( SvStream& rIStm,
ImplMetaReadData* )
rIStm >> maLineInfo;
if ( aCompat.GetVersion() >= 3 )
{
- sal_uInt8 bHasPolyFlags;
+ sal_uInt8 bHasPolyFlags(0);
rIStm >> bHasPolyFlags;
if ( bHasPolyFlags )
maPoly.Read( rIStm );
@@ -1164,10 +1164,11 @@ void MetaPolyPolygonAction::Read( SvStream& rIStm,
ImplMetaReadData* )
if ( aCompat.GetVersion() >= 2 ) // Version 2
{
- sal_uInt16 i, nIndex, nNumberOfComplexPolygons;
+ sal_uInt16 nNumberOfComplexPolygons(0);
rIStm >> nNumberOfComplexPolygons;
- for ( i = 0; i < nNumberOfComplexPolygons; i++ )
+ for (sal_uInt16 i = 0; i < nNumberOfComplexPolygons; ++i)
{
+ sal_uInt16 nIndex(0);
rIStm >> nIndex;
Polygon aPoly;
aPoly.Read( rIStm );
@@ -1697,18 +1698,20 @@ void MetaTextLineAction::Read( SvStream& rIStm,
ImplMetaReadData* )
COMPAT( rIStm );
//#fdo39428 SvStream no longer supports operator>>(long&)
- sal_uInt32 nTemp;
- sal_Int32 nTemp2;
rIStm >> maPos;
- rIStm >> nTemp2;
- mnWidth = nTemp2;
- rIStm >> nTemp;
- meStrikeout = (FontStrikeout)nTemp;
- rIStm >> nTemp;
- meUnderline = (FontUnderline)nTemp;
+ sal_Int32 nTempWidth(0);
+ rIStm >> nTempWidth;
+ mnWidth = nTempWidth;
+ sal_uInt32 nTempStrikeout(0);
+ rIStm >> nTempStrikeout;
+ meStrikeout = (FontStrikeout)nTempStrikeout;
+ sal_uInt32 nTempUnderline(0);
+ rIStm >> nTempUnderline;
+ meUnderline = (FontUnderline)nTempUnderline;
if ( aCompat.GetVersion() >= 2 ) {
- rIStm >> nTemp;
- meUnderline = (FontUnderline)nTemp;
+ sal_uInt32 nTempUnderline2(0);
+ rIStm >> nTempUnderline2;
+ meUnderline = (FontUnderline)nTempUnderline2;
}
}
@@ -3357,7 +3360,7 @@ void MetaTextAlignAction::Write( SvStream& rOStm,
ImplMetaWriteData* pData )
void MetaTextAlignAction::Read( SvStream& rIStm, ImplMetaReadData* )
{
- sal_uInt16 nTmp16;
+ sal_uInt16 nTmp16(0);
COMPAT( rIStm );
rIStm >> nTmp16; maAlign = (TextAlign) nTmp16;
@@ -3632,7 +3635,7 @@ void MetaRasterOpAction::Write( SvStream& rOStm,
ImplMetaWriteData* pData )
void MetaRasterOpAction::Read( SvStream& rIStm, ImplMetaReadData* )
{
- sal_uInt16 nTmp16;
+ sal_uInt16 nTmp16(0);
COMPAT( rIStm );
rIStm >> nTmp16; meRasterOp = (RasterOp) nTmp16;
@@ -4088,9 +4091,9 @@ void MetaCommentAction::Scale( double fXScale, double
fYScale )
SvMemoryStream aMemStm( (void*)mpData, mnDataSize,
STREAM_READ );
SvMemoryStream aDest;
- sal_Int32 nLeft, nRight, nTop, nBottom;
- sal_Int32 nPixX, nPixY, nMillX, nMillY;
- float m11, m12, m21, m22, mdx, mdy;
+ sal_Int32 nLeft(0), nRight(0), nTop(0), nBottom(0);
+ sal_Int32 nPixX(0), nPixY(0), nMillX(0), nMillY(0);
+ float m11(0), m12(0), m21(0), m22(0), mdx(0), mdy(0);
// read data
aMemStm >> nLeft >> nTop >> nRight >> nBottom;
commit 1720d588fb5e5cba55560066cfe9602e7df2a1e5
Author: Caolán McNamara <caol...@redhat.com>
Date: Wed Apr 2 09:13:37 2014 +0100
valgrind: Conditional jump or move depends on uninitialised value
Change-Id: I1939d376afe5dd5c67f378ffb2520a066dc99077
(cherry picked from commit 6efbc4598aea1e87c1569c7beef13d44b1a4202c)
(cherry picked from commit 1742008dd0d83f3e69b6e09d9e3223d0c5d28096)
diff --git a/tools/source/generic/poly.cxx b/tools/source/generic/poly.cxx
index 9f66f90..73a93e3 100644
--- a/tools/source/generic/poly.cxx
+++ b/tools/source/generic/poly.cxx
@@ -1636,7 +1636,7 @@ SvStream& operator<<( SvStream& rOStream, const Polygon&
rPoly )
void Polygon::ImplRead( SvStream& rIStream )
{
- sal_uInt8 bHasPolyFlags;
+ sal_uInt8 bHasPolyFlags(0);
rIStream >> *this
>> bHasPolyFlags;
commit c97d6351d6695b340f51880d0105fc522ae324db
Author: Caolán McNamara <caol...@redhat.com>
Date: Wed Apr 2 09:02:19 2014 +0100
detect add to table beyond MAX_TABLE_SIZE
Change-Id: I9b1357e583620c59898cd7a649a5b39a6d7e3739
(cherry picked from commit e326b5e06d74685b1853d61c465e5be0b5bf1595)
(cherry picked from commit 4e2c5ffa89b77e4d6b0a1dc964d330d2ae3636d6)
diff --git a/filter/source/graphicfilter/itiff/lzwdecom.cxx
b/filter/source/graphicfilter/itiff/lzwdecom.cxx
index 2fdb054..4ac9d4c 100644
--- a/filter/source/graphicfilter/itiff/lzwdecom.cxx
+++ b/filter/source/graphicfilter/itiff/lzwdecom.cxx
@@ -20,14 +20,16 @@
#include "lzwdecom.hxx"
+#define MAX_TABLE_SIZE 4096
+
LZWDecompressor::LZWDecompressor()
: pOutBufData(NULL)
{
sal_uInt16 i;
- pTable=new LZWTableEntry[4096];
- pOutBuf=new sal_uInt8[4096];
- for (i=0; i<4096; i++)
+ pTable=new LZWTableEntry[MAX_TABLE_SIZE];
+ pOutBuf=new sal_uInt8[MAX_TABLE_SIZE];
+ for (i=0; i<MAX_TABLE_SIZE; i++)
{
pTable[i].nPrevCode=0;
pTable[i].nDataCount=1;
@@ -144,6 +146,15 @@ sal_uInt16 LZWDecompressor::GetNextCode()
void LZWDecompressor::AddToTable(sal_uInt16 nPrevCode, sal_uInt16
nCodeFirstData)
{
+ if (nTableSize >= MAX_TABLE_SIZE)
+ {
+ //It might be possible to force emit a 256 to flush the buffer and try
+ //to continue later?
+ SAL_WARN("filter.tiff", "Too much data at scanline");
+ bEOIFound = sal_True;
+ return;
+ }
+
while (pTable[nCodeFirstData].nDataCount>1)
nCodeFirstData=pTable[nCodeFirstData].nPrevCode;
@@ -160,20 +171,33 @@ void LZWDecompressor::DecompressSome()
sal_uInt16 i,nCode;
nCode=GetNextCode();
- if (nCode==256) {
+ if (nCode==256)
+ {
nTableSize=258;
nCode=GetNextCode();
- if (nCode==257) { bEOIFound=sal_True; return; }
+ if (nCode==257)
+ {
+ bEOIFound=sal_True;
+ }
+ }
+ else if (nCode<nTableSize)
+ AddToTable(nOldCode,nCode);
+ else if (nCode==nTableSize)
+ AddToTable(nOldCode,nOldCode);
+ else
+ {
+ bEOIFound=sal_True;
}
- else if (nCode<nTableSize) AddToTable(nOldCode,nCode);
- else if (nCode==nTableSize) AddToTable(nOldCode,nOldCode);
- else { bEOIFound=sal_True; return; }
+
+ if (bEOIFound)
+ return;
nOldCode=nCode;
nOutBufDataLen=pTable[nCode].nDataCount;
pOutBufData=pOutBuf+nOutBufDataLen;
- for (i=0; i<nOutBufDataLen; i++) {
+ for (i=0; i<nOutBufDataLen; i++)
+ {
*(--pOutBufData)=pTable[nCode].nData;
nCode=pTable[nCode].nPrevCode;
}
commit e6f94436d6737da3849260d750277035544ddb1c
Author: Caolán McNamara <caol...@redhat.com>
Date: Tue Apr 1 16:52:21 2014 +0100
valgrind: Conditional jump or move depends on uninitialised value
(cherry picked from commit e3dad060929de9beeeed2978f1b1427a91152073)
Conflicts:
vcl/source/gdi/metaact.cxx
Change-Id: Ia0b22f7c394d1c2387d1cad7e3d99c79eaeca81a
(cherry picked from commit a37f474a2272c505778774cd1d92897d8a744863)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 448d420..c349061 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1064,7 +1064,7 @@ void MetaPolygonAction::Read( SvStream& rIStm,
ImplMetaReadData* )
if( aCompat.GetVersion() >= 2 ) // Version 2
{
- sal_uInt8 bHasPolyFlags;
+ sal_uInt8 bHasPolyFlags(0);
rIStm >> bHasPolyFlags;
if ( bHasPolyFlags )
maPoly.Read( rIStm );
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
