summaryrefslogtreecommitdiff
path: root/sot/source/sdstor/stgelem.cxx
diff options
context:
space:
mode:
authorMikhail Voytenko <mav@openoffice.org>2012-08-02 12:04:04 +0200
committerPetr Mladek <pmladek@suse.cz>2012-08-02 15:38:28 +0200
commitd5345bfb40d6e33087fd053cc220308a2bc2945e (patch)
treee9d655b697f521b3ae7bab6bcbb344954f533502 /sot/source/sdstor/stgelem.cxx
parent15e0baca9183aa5ad8414b12140abbd536ab2e3b (diff)
sot: prevent some null pointer crashes
Signed-off-by: Petr Mladek <pmladek@suse.cz>
Diffstat (limited to 'sot/source/sdstor/stgelem.cxx')
-rw-r--r--sot/source/sdstor/stgelem.cxx76
1 files changed, 65 insertions, 11 deletions
diff --git a/sot/source/sdstor/stgelem.cxx b/sot/source/sdstor/stgelem.cxx
index e8eb0e59db45..d63398cfa67d 100644
--- a/sot/source/sdstor/stgelem.cxx
+++ b/sot/source/sdstor/stgelem.cxx
@@ -79,21 +79,44 @@ SvStream& operator <<( SvStream& r, const ClsId& rId )
///////////////////////////// class StgHeader ////////////////////////////
StgHeader::StgHeader()
+: nVersion( 0 )
+, nByteOrder( 0 )
+, nPageSize( 0 )
+, nDataPageSize( 0 )
+, bDirty( 0 )
+, nFATSize( 0 )
+, nTOCstrm( 0 )
+, nReserved( 0 )
+, nThreshold( 0 )
+, nDataFAT( 0 )
+, nDataFATSize( 0 )
+, nMasterChain( 0 )
+, nMaster( 0 )
{
- memset( this, 0, sizeof( StgHeader ) );
+ memset( cSignature, 0, sizeof( cSignature ) );
+ memset( &aClsId, 0, sizeof( ClsId ) );
+ memset( cReserved, 0, sizeof( cReserved ) );
+ memset( nMasterFAT, 0, sizeof( nMasterFAT ) );
}
void StgHeader::Init()
{
- memset( this, 0, sizeof( StgHeader ) );
memcpy( cSignature, cStgSignature, 8 );
+ memset( &aClsId, 0, sizeof( ClsId ) );
nVersion = 0x0003003B;
nByteOrder = 0xFFFE;
nPageSize = 9; // 512 bytes
nDataPageSize = 6; // 64 bytes
+ bDirty = 0;
+ memset( cReserved, 0, sizeof( cReserved ) );
+ nFATSize = 0;
+ nTOCstrm = 0;
+ nReserved = 0;
nThreshold = 4096;
+ nDataFAT = 0;
nDataFATSize = 0;
nMasterChain = STG_EOF;
+
SetTOCStart( STG_EOF );
SetDataFATStart( STG_EOF );
for( short i = 0; i < 109; i++ )
@@ -102,9 +125,15 @@ void StgHeader::Init()
sal_Bool StgHeader::Load( StgIo& rIo )
{
- SvStream& r = *rIo.GetStrm();
- Load( r );
- return rIo.Good();
+ sal_Bool bResult = sal_False;
+ if ( rIo.GetStrm() )
+ {
+ SvStream& r = *rIo.GetStrm();
+ bResult = Load( r );
+ bResult = ( bResult && rIo.Good() );
+ }
+
+ return bResult;
}
sal_Bool StgHeader::Load( SvStream& r )
@@ -127,7 +156,8 @@ sal_Bool StgHeader::Load( SvStream& r )
>> nMaster; // 48 # of additional master blocks
for( short i = 0; i < 109; i++ )
r >> nMasterFAT[ i ];
- return r.GetErrorCode() == ERRCODE_NONE;
+
+ return ( r.GetErrorCode() == ERRCODE_NONE && Check() );
}
sal_Bool StgHeader::Store( StgIo& rIo )
@@ -166,8 +196,15 @@ sal_Bool StgHeader::Check()
{
return sal_Bool( memcmp( cSignature, cStgSignature, 8 ) == 0
&& (short) ( nVersion >> 16 ) == 3 )
+ && nPageSize == 9
&& lcl_wontoverflow(nPageSize)
- && lcl_wontoverflow(nDataPageSize);
+ && lcl_wontoverflow(nDataPageSize)
+ && nFATSize > 0
+ && nTOCstrm >= 0
+ && nThreshold > 0
+ && ( nDataFAT == -2 || ( nDataFAT >= 0 && nDataFATSize > 0 ) )
+ && ( nMasterChain == -2 || ( nMasterChain >=0 && nMaster > 109 ) )
+ && nMaster >= 0;
}
sal_Int32 StgHeader::GetFATPage( short n ) const
@@ -222,7 +259,21 @@ void StgHeader::SetMasters( sal_Int32 n )
sal_Bool StgEntry::Init()
{
- memset( this, 0, sizeof (StgEntry) - sizeof( String ) );
+ memset( nName, 0, sizeof( nName ) );
+ nNameLen = 0;
+ cType = 0;
+ cFlags = 0;
+ nLeft = 0;
+ nRight = 0;
+ nChild = 0;
+ memset( &aClsId, 0, sizeof( aClsId ) );
+ nFlags = 0;
+ nMtime[0] = 0; nMtime[1] = 0;
+ nAtime[0] = 0; nAtime[1] = 0;
+ nPage1 = 0;
+ nSize = 0;
+ nUnknown = 0;
+
SetLeaf( STG_LEFT, STG_FREE );
SetLeaf( STG_RIGHT, STG_FREE );
SetLeaf( STG_CHILD, STG_FREE );
@@ -315,9 +366,12 @@ short StgEntry::Compare( const StgEntry& r ) const
// These load/store operations are a bit more complicated,
// since they have to copy their contents into a packed structure.
-sal_Bool StgEntry::Load( const void* pFrom )
+sal_Bool StgEntry::Load( const void* pFrom, sal_uInt32 nBufSize )
{
- SvMemoryStream r( (sal_Char*) pFrom, 128, STREAM_READ );
+ if ( nBufSize < 128 )
+ return sal_False;
+
+ SvMemoryStream r( (sal_Char*) pFrom, nBufSize, STREAM_READ );
for( short i = 0; i < 32; i++ )
r >> nName[ i ]; // 00 name as WCHAR
r >> nNameLen // 40 size of name in bytes including 00H
@@ -343,7 +397,7 @@ sal_Bool StgEntry::Load( const void* pFrom )
if (n > nMaxLegalStr)
return sal_False;
- if (nSize < 0 && cType != STG_STORAGE)
+ if ((nSize < 0 && cType != STG_STORAGE) || (nPage1 < 0 && nPage1 != -2))
{
// the size makes no sense for the substorage
// TODO/LATER: actually the size should be an unsigned value, but in this case it would mean a stream of more than 2Gb