diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2018-08-13 15:35:37 +0200 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2018-08-14 09:30:38 +0200 |
| commit | d9ca7ddc78cbf99db6fed23a783bc8ecb74eb82f (patch) | |
| tree | 10908c635e460867a54fbaef106f78d849a7624f /lotuswordpro | |
| parent | 9ce9872a665e09ce17959857a4b8872f8f383817 (diff) | |
Don't call LwpTools::QuickReadUnicode with negative, wrapped-around strlen
...as happens during CppunitTest_lotuswordpro_test_lotuswordpro (as found with
new Clang -fsanitize=implicit-conversion, see below). (The code was like that
ever since its introduction with cc316b39d9110c536e1758a4f814738ca209bb02 "Port
of Lotus Word Pro filter, by Fong Lin and Noel Power".)
> lotuswordpro/source/filter/lwpatomholder.cxx:83:49: runtime error: implicit conversion from type 'unsigned long' of value 18446744073709551615 (64-bit, unsigned) to type 'sal_uInt16' (aka 'unsigned short') changed the value to 65535 (16-bit, unsigned)
> #0 in LwpAtomHolder::Read(LwpObjectStream*) at lotuswordpro/source/filter/lwpatomholder.cxx:83:49 (instdir/program/liblwpftlo.so +0x705fd2)
> #1 in LwpFontTableEntry::Read(LwpObjectStream*) at lotuswordpro/source/filter/lwpfont.cxx:218:23 (instdir/program/liblwpftlo.so +0x834958)
> #2 in LwpFontTable::Read(LwpObjectStream*) at lotuswordpro/source/filter/lwpfont.cxx:260:31 (instdir/program/liblwpftlo.so +0x8351ce)
> #3 in LwpFontNameManager::Read(LwpObjectStream*) at lotuswordpro/source/filter/lwpfont.cxx:379:15 (instdir/program/liblwpftlo.so +0x836587)
> #4 in LwpFontManager::Read(LwpObjectStream*) at lotuswordpro/source/filter/lwpfont.cxx:433:13 (instdir/program/liblwpftlo.so +0x83767a)
> #5 in LwpFoundry::Read(LwpObjectStream*) at lotuswordpro/source/filter/lwpfoundry.cxx:123:15 (instdir/program/liblwpftlo.so +0x850f23)
> #6 in LwpFoundry::LwpFoundry(LwpObjectStream*, LwpDocument*) at lotuswordpro/source/filter/lwpfoundry.cxx:81:5 (instdir/program/liblwpftlo.so +0x850519)
> #7 in LwpDocument::Read() at lotuswordpro/source/filter/lwpdoc.cxx:116:31 (instdir/program/liblwpftlo.so +0x791ae6)
> #8 in LwpObject::QuickRead() at lotuswordpro/source/filter/lwpobj.cxx:81:5 (instdir/program/liblwpftlo.so +0x9d4989)
> #9 in LwpObjectFactory::CreateObject(unsigned int, LwpObjectHeader&) at lotuswordpro/source/filter/lwpobjfactory.cxx:661:17 (instdir/program/liblwpftlo.so +0x9df914)
> #10 in LwpObjectFactory::QueryObject(LwpObjectID const&) at lotuswordpro/source/filter/lwpobjfactory.cxx:704:15 (instdir/program/liblwpftlo.so +0x9e058f)
> #11 in LwpObjectID::obj(VO_TYPE) const at lotuswordpro/source/filter/lwpobjid.cxx:190:47 (instdir/program/liblwpftlo.so +0xa00b99)
> #12 in LwpDocument::GetFirstDivision() at lotuswordpro/source/filter/lwpdoc.cxx:621:68 (instdir/program/liblwpftlo.so +0x7a0e21)
> #13 in LwpDocument::ImplGetFirstDivisionWithContentsThatIsNotOLE() at lotuswordpro/source/filter/lwpdoc.cxx:653:30 (instdir/program/liblwpftlo.so +0x7a1532)
> #14 in LwpDocument::GetFirstDivisionWithContentsThatIsNotOLE() at lotuswordpro/source/filter/lwpdoc.hxx:159:29 (instdir/program/liblwpftlo.so +0x7a8bcc)
> #15 in LwpDocument::RegisterDefaultParaStyles() at lotuswordpro/source/filter/lwpdoc.cxx:398:34 (instdir/program/liblwpftlo.so +0x795aae)
> #16 in LwpDocument::RegisterStyle() at lotuswordpro/source/filter/lwpdoc.cxx:207:5 (instdir/program/liblwpftlo.so +0x795376)
> #17 in LwpObject::DoRegisterStyle() at lotuswordpro/inc/lwpobj.hxx:109:9 (instdir/program/liblwpftlo.so +0x70070a)
> #18 in Lwp9Reader::ParseDocument() at lotuswordpro/source/filter/lwp9reader.cxx:154:10 (instdir/program/liblwpftlo.so +0x6f5197)
> #19 in Lwp9Reader::Read() at lotuswordpro/source/filter/lwp9reader.cxx:90:20 (instdir/program/liblwpftlo.so +0x6f444c)
> #20 in ReadWordproFile(SvStream&, com::sun::star::uno::Reference<com::sun::star::xml::sax::XDocumentHandler> const&) at lotuswordpro/source/filter/lwpfilter.cxx:215:33 (instdir/program/liblwpftlo.so +0x82488d)
> #21 in LotusWordProImportFilter::importImpl(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at lotuswordpro/source/filter/LotusWordProImportFilter.cxx:75:14 (instdir/program/liblwpftlo.so +0x6e4f5a)
> #22 in LotusWordProImportFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at lotuswordpro/source/filter/LotusWordProImportFilter.cxx:87:12 (instdir/program/liblwpftlo.so +0x6e521a)
> #23 in (anonymous namespace)::LotusWordProTest::load(rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned int) at lotuswordpro/qa/cppunit/test_lotuswordpro.cxx:59:27 (workdir/LinkTarget/CppunitTest/libtest_lotuswordpro_test_lotuswordpro.so +0x14a52)
> #24 in test::FiltersTest::recursiveScan(test::filterStatus, rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned int, bool) at unotest/source/cpp/filters-test.cxx:130:20 (workdir/LinkTarget/CppunitTest/../Library/libunotest.so +0x5724c)
> #25 in test::FiltersTest::testDir(rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned int, bool) at unotest/source/cpp/filters-test.cxx:158:5 (workdir/LinkTarget/CppunitTest/../Library/libunotest.so +0x580e7)
> #26 in (anonymous namespace)::LotusWordProTest::test() at lotuswordpro/qa/cppunit/test_lotuswordpro.cxx:64:9 (workdir/LinkTarget/CppunitTest/libtest_lotuswordpro_test_lotuswordpro.so +0x153d4)
> #27 in void std::__invoke_impl<void, void ((anonymous namespace)::LotusWordProTest::*&)(), (anonymous namespace)::LotusWordProTest*&>(std::__invoke_memfun_deref, void ((anonymous namespace)::LotusWordProTest::*&)(), (anonymous namespace)::LotusWordProTest*&) at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/invoke.h:73:14 (workdir/LinkTarget/CppunitTest/libtest_lotuswordpro_test_lotuswordpro.so +0x17fcd)
> #28 in std::__invoke_result<void ((anonymous namespace)::LotusWordProTest::*&)(), (anonymous namespace)::LotusWordProTest*&>::type std::__invoke<void ((anonymous namespace)::LotusWordProTest::*&)(), (anonymous namespace)::LotusWordProTest*&>(void ((anonymous namespace)::LotusWordProTest::*&)(), (anonymous namespace)::LotusWordProTest*&) at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/invoke.h:95:14 (workdir/LinkTarget/CppunitTest/libtest_lotuswordpro_test_lotuswordpro.so +0x17c6b)
> #29 in void std::_Bind<void ((anonymous namespace)::LotusWordProTest::* ((anonymous namespace)::LotusWordProTest*))()>::__call<void, 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/functional:400:11 (workdir/LinkTarget/CppunitTest/libtest_lotuswordpro_test_lotuswordpro.so +0x17b28)
> #30 in void std::_Bind<void ((anonymous namespace)::LotusWordProTest::* ((anonymous namespace)::LotusWordProTest*))()>::operator()<void>() at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/functional:482:17 (workdir/LinkTarget/CppunitTest/libtest_lotuswordpro_test_lotuswordpro.so +0x178e5)
> #31 in std::_Function_handler<void (), std::_Bind<void ((anonymous namespace)::LotusWordProTest::* ((anonymous namespace)::LotusWordProTest*))()> >::_M_invoke(std::_Any_data const&) at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/std_function.h:297:2 (workdir/LinkTarget/CppunitTest/libtest_lotuswordpro_test_lotuswordpro.so +0x16bc6)
> #32 in std::function<void ()>::operator()() const at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/std_function.h:687:14 (workdir/LinkTarget/CppunitTest/libtest_lotuswordpro_test_lotuswordpro.so +0x23276)
> #33 in CppUnit::TestCaller<(anonymous namespace)::LotusWordProTest>::runTest() at workdir/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:175:7 (workdir/LinkTarget/CppunitTest/libtest_lotuswordpro_test_lotuswordpro.so +0x160c6)
> #34 in CppUnit::TestCaseMethodFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32:5 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x22c1f1)
> #35 in (anonymous namespace)::Protector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at test/source/vclbootstrapprotector.cxx:49:14 (workdir/LinkTarget/Library/libvclbootstrapprotector.so +0x159a)
> #36 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x20e64d)
> #37 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at unotest/source/cpp/unobootstrapprotector/unobootstrapprotector.cxx:88:12 (workdir/LinkTarget/Library/unobootstrapprotector.so +0x987a)
> #38 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x20e64d)
> #39 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at unotest/source/cpp/unoexceptionprotector/unoexceptionprotector.cxx:63:16 (workdir/LinkTarget/Library/unoexceptionprotector.so +0x5000)
> #40 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x20e64d)
> #41 in CppUnit::DefaultProtector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at workdir/UnpackedTarball/cppunit/src/cppunit/DefaultProtector.cpp:15:12 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x1c6c51)
> #42 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x20e64d)
> #43 in CppUnit::ProtectorChain::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:86:18 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x2096b8)
> #44 in CppUnit::TestResult::protect(CppUnit::Functor const&, CppUnit::Test*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) at workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:182:28 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x26c3e4)
> #45 in CppUnit::TestCase::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:91:13 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x22b1fb)
> #46 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x22db43)
> #47 in CppUnit::TestComposite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x22d119)
> #48 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x22db43)
> #49 in CppUnit::TestComposite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x22d119)
> #50 in CppUnit::TestRunner::WrappingSuite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:47:27 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x28b6c2)
> #51 in CppUnit::TestResult::runTest(CppUnit::Test*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:149:9 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x26b715)
> #52 in CppUnit::TestRunner::run(CppUnit::TestResult&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) at workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:96:14 (workdir/UnpackedTarball/cppunit/src/cppunit/.libs/libcppunit-1.14.so.0 +0x28c103)
> #53 in (anonymous namespace)::ProtectedFixtureFunctor::run() const at sal/cppunittester/cppunittester.cxx:316:20 (workdir/LinkTarget/Executable/cppunittester +0x440697)
> #54 in sal_main() at sal/cppunittester/cppunittester.cxx:466:20 (workdir/LinkTarget/Executable/cppunittester +0x43e2fc)
> #55 in main at sal/cppunittester/cppunittester.cxx:373:1 (workdir/LinkTarget/Executable/cppunittester +0x43d90e)
> #56 in __libc_start_main at /usr/src/debug/glibc-2.27-74-g68c1bf8097/csu/../csu/libc-start.c:308:16 (/lib64/libc.so.6 +0x2324a)
> #57 in _start at <null> (workdir/LinkTarget/Executable/cppunittester +0x4172a9)
Change-Id: If8fe6fac5fcd0853334f465bee0b6eedc8529e11
Reviewed-on: https://gerrit.libreoffice.org/58934
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'lotuswordpro')
| -rw-r--r-- | lotuswordpro/source/filter/lwpatomholder.cxx | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lotuswordpro/source/filter/lwpatomholder.cxx b/lotuswordpro/source/filter/lwpatomholder.cxx index 582d8fee2780..bd28e0b4d2a2 100644 --- a/lotuswordpro/source/filter/lwpatomholder.cxx +++ b/lotuswordpro/source/filter/lwpatomholder.cxx @@ -73,7 +73,7 @@ void LwpAtomHolder::Read(LwpObjectStream *pStrm) sal_uInt16 diskSize = pStrm->QuickReaduInt16(); sal_uInt16 len = pStrm->QuickReaduInt16(); - if (len == 0 || diskSize == 0) { + if (len == 0 || diskSize < sizeof diskSize) { m_nAtom = BAD_ATOM; m_nAssocAtom = BAD_ATOM; return; |