diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2020-12-22 10:13:33 +0000 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2020-12-22 13:56:02 +0100 |
| commit | 77387ae00ae27e3f8bcdf7bccf97fb2db8f196b7 (patch) | |
| tree | d2b8f9bfd88925af9d177815f69dd994c2286afc | |
| parent | 974ffa79b0fef4ca76558bb8b16bce84af3aaf6c (diff) | |
oss-fuzz: mtpfuzzer doesn't pass sanity check
Step #5: #6 0x6b5998f in __cxa_throw (/tmp/not-out/mtpfuzzer+0x6b5998f)
Step #5: #7 0x21a5bfa in SvStream::ReadUInt16(unsigned short&) (/tmp/not-out/mtpfuzzer+0x21a5bfa)
Step #5: #8 0x51f2ef in EQNOLEFILEHDR::Read(SvStream*) (/tmp/not-out/mtpfuzzer+0x51f2ef)
Step #5: #9 0x51ef53 in MathType::Parse(SvStream*) (/tmp/not-out/mtpfuzzer+0x51ef53)
Change-Id: I6ae5905930376f9424f5d2eb3660ae177c7dc6f9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108153
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
| -rw-r--r-- | starmath/source/mathtype.cxx | 50 |
1 files changed, 29 insertions, 21 deletions
diff --git a/starmath/source/mathtype.cxx b/starmath/source/mathtype.cxx index 43602a491d03..72c3bed94edb 100644 --- a/starmath/source/mathtype.cxx +++ b/starmath/source/mathtype.cxx @@ -558,28 +558,36 @@ bool MathType::Parse(SvStream* pStream) pS = pStream; pS->SetEndian( SvStreamEndian::LITTLE ); - EQNOLEFILEHDR aHdr; - aHdr.Read(pS); - sal_uInt8 nProdVersion; - sal_uInt8 nProdSubVersion; - sal_uInt8 nPlatform; - sal_uInt8 nProduct; - pS->ReadUChar( nVersion ); - pS->ReadUChar( nPlatform ); - pS->ReadUChar( nProduct ); - pS->ReadUChar( nProdVersion ); - pS->ReadUChar( nProdSubVersion ); - - if (nVersion > 3) // allow only supported versions of MathType to be parsed - return false; - - bool bRet = HandleRecords(0); - //little crude hack to close occasionally open expressions - //a sophisticated system to determine what expressions are - //opened is required, but this is as much work as rewriting - //starmaths internals. - rRet.append("{}"); + bool bRet; + try + { + EQNOLEFILEHDR aHdr; + aHdr.Read(pS); + sal_uInt8 nProdVersion; + sal_uInt8 nProdSubVersion; + sal_uInt8 nPlatform; + sal_uInt8 nProduct; + pS->ReadUChar( nVersion ); + pS->ReadUChar( nPlatform ); + pS->ReadUChar( nProduct ); + pS->ReadUChar( nProdVersion ); + pS->ReadUChar( nProdSubVersion ); + + if (nVersion > 3) // allow only supported versions of MathType to be parsed + return false; + bRet = HandleRecords(0); + //little crude hack to close occasionally open expressions + //a sophisticated system to determine what expressions are + //opened is required, but this is as much work as rewriting + //starmaths internals. + rRet.append("{}"); + } + catch (const SvStreamEOFException&) + { + SAL_WARN("starmath", "EOF"); + bRet = false; + } return bRet; } |