diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2015-08-24 12:36:41 +0100 |
|---|---|---|
| committer | David Tardon <dtardon@redhat.com> | 2015-08-25 07:56:07 +0000 |
| commit | 76bd64a9d09e06a38747c25f9ad93dff5376aeaf (patch) | |
| tree | 9f400c8d95dea1f6dedb2ff51b2db49df3d8552a | |
| parent | df3b4a1604339eadab2f320eaf0e79ba8f4b6806 (diff) | |
guard against hangs with bogus unsorted plcfs
This reverts commit 6d21cbd1238556535ec1bb1adf35b25bc8eb898b.
(cherry picked from commit 74c0f74422671f8005f2cfc0ae94e5656bcea31e)
Change-Id: I309302ab5357b8404ee4c75bd0bfcb4f816e0588
Reviewed-on: https://gerrit.libreoffice.org/17953
Reviewed-by: David Tardon <dtardon@redhat.com>
Tested-by: David Tardon <dtardon@redhat.com>
| -rw-r--r-- | sw/qa/core/data/ww5/pass/hang-1.doc | bin | 0 -> 4290 bytes | |||
| -rw-r--r-- | sw/source/filter/ww8/ww8scan.cxx | 19 | ||||
| -rw-r--r-- | sw/source/filter/ww8/ww8scan.hxx | 1 |
3 files changed, 19 insertions, 1 deletions
diff --git a/sw/qa/core/data/ww5/pass/hang-1.doc b/sw/qa/core/data/ww5/pass/hang-1.doc Binary files differnew file mode 100644 index 000000000000..603372406e18 --- /dev/null +++ b/sw/qa/core/data/ww5/pass/hang-1.doc diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx index 7b65eb6e4612..03394954ed23 100644 --- a/sw/source/filter/ww8/ww8scan.cxx +++ b/sw/source/filter/ww8/ww8scan.cxx @@ -2121,7 +2121,9 @@ void WW8PLCF::ReadPLCF(SvStream& rSt, WW8_FC nFilePos, sal_uInt32 nPLCF) nIdx = 0; #endif // OSL_BIGENDIAN // Pointer to content array - pPLCF_Contents = (sal_uInt8*)&pPLCF_PosArray[nIMax + 1]; + pPLCF_Contents = reinterpret_cast<sal_uInt8*>(&pPLCF_PosArray[nIMax + 1]); + + TruncToSortedRange(); } OSL_ENSURE(bValid, "Document has corrupt PLCF, ignoring it"); @@ -2141,6 +2143,21 @@ void WW8PLCF::MakeFailedPLCF() pPLCF_Contents = (sal_uInt8*)&pPLCF_PosArray[nIMax + 1]; } +void WW8PLCF::TruncToSortedRange() +{ + //Docs state that: ... all Plcs ... are sorted in ascending order. + //So ensure that here for broken documents. + for (auto nI = 0; nI < nIMax; ++nI) + { + if (pPLCF_PosArray[nI] > pPLCF_PosArray[nI+1]) + { + SAL_WARN("sw.ww8", "Document has unsorted PLCF, truncated to sorted portion"); + nIMax = nI; + break; + } + } +} + void WW8PLCF::GeneratePLCF(SvStream& rSt, sal_Int32 nPN, sal_Int32 ncpN) { OSL_ENSURE( nIMax < ncpN, "Pcl.Fkp: Why is PLCF too big?" ); diff --git a/sw/source/filter/ww8/ww8scan.hxx b/sw/source/filter/ww8/ww8scan.hxx index 57e53e9133a7..d931e1ca23fc 100644 --- a/sw/source/filter/ww8/ww8scan.hxx +++ b/sw/source/filter/ww8/ww8scan.hxx @@ -292,6 +292,7 @@ private: void MakeFailedPLCF(); + void TruncToSortedRange(); public: WW8PLCF(SvStream& rSt, WW8_FC nFilePos, sal_Int32 nPLCF, int nStruct, WW8_CP nStartPos = -1); |