ofz#29691 revert throw SvStreamEOFException

reasonably sane code like s.ReadUInt32(a).ReadUInt32(b).ReadUInt32(c).ReadUInt32(d); if (s.good()) // use a, b, c d; stopped working. FWIW on a short read we retain whatever was in the variable before the read, rather than overwrite it with new random data, so sal_uInt32 a(0xdead); s.ReadUInt32(a); assert(s.good() || a == 0xdead); the msoffice ppt/escher/xls/doc filters especially speculatively parse and rely on a variables preinit value in the case of a short read. commit b345a2bab0d6f981049951a86b172ce49ce7d4c2 cid#1470786 Uncaught exception commit 71aec4726a94dcde1169fd293dbecfeb0e840e6d ofz#29528 uncaught exception commit bed03603f6cae264abb9e5b58aa2ab00448d92ff ofz#29414 uncaught exception commit 684885a99a1eb7ad943e9736166d4bb1468663be ofz#29443 uncaught exception commit 93574ac7768d247ed754ecda322e54e4bd447e43 ofz#29251 Abrt commit 413db68d95bd39d34e6a6b81a7c5c9478ced0514 ofz#29152 short read commit f400e883044143f999c460375a293647b4a57244 ofz#29151 short read commit 96ea80a725dfe4ef38993f78917c243f13e3beb5 ofz#29129 Abrt on uncaught exception commit 646a635efe6eecbc3d1dd3a7cbb02a278c6f3be5 ofz#28931 Indirect-leak commit b0e573f18629d28fe3179c12d0d434653f92fc93 ofz#29030 Abrt in xlsfuzzer commit 95407c39168d186ee44e67b1a6a4bcf592c58b84 ofz#28902 uncaught exception commit 45175d655ad3773df1c006182108cf25e87b1091 oss-fuzz: tgafuzzer doesn't pass sanity check commit b82fc702bae9d6190bda1b4818a47cfa197df6d8 oss-fuzz: psdfuzzer doesn't pass sanity check commit e7c76d604a4694e6568bf10c2a06a786f1096319 oss-fuzz: epsfuzzer doesn't pass sanity check commit 901e5e7c9170184e286ea3e46fce406136aa9572 oss-fuzz: xlsfuzzer doesn't pass sanity check commit 127bfab61c297df06fd8e71e709bc4362cb89d21 oss-fuzz: pngfuzzer doesn't pass sanity check commit 77387ae00ae27e3f8bcdf7bccf97fb2db8f196b7 oss-fuzz: mtpfuzzer doesn't pass sanity check commit 974ffa79b0fef4ca76558bb8b16bce84af3aaf6c oss-fuzz: xlsxfuzzer doesn't pass sanity check commit 6d6d104cbb382d0045e1f04b12d268992fa5c624 oss-fuzz: bmpfuzzer doesn't pass sanity check commit a7d1d107ec58d3b00b4019c89edddcff71ca6ff3 oss-fuzz: qpwfuzzer doesn't pass sanity check commit 898993aa62276f59480df8af1da4bad530829b56 oss-fuzz: pcxfuzzer doesn't pass sanity check throw/catch parts of commit 8c9a4ff511a3b1d84a7a6d08a1b153c07f164abb throw exception in SvStream when reading past end of file Change-Id: Ic49c249768b17b64d8e868655dbc05b31906c2e6 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109621 Tested-by: Jenkins Tested-by: Caolán McNamara <caolanm@redhat.com> Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk> Reviewed-by: Caolán McNamara <caolanm@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2021-01-18 16:19:10 +0000
committer: Caolán McNamara <caolanm@redhat.com> 2021-01-20 16:20:25 +0100
commit: 4e639c37b4dcdc27d46111d0d0cbca966544c2cb (patch)
tree: e2ba04b8df148d863a2c2ab6a4410f297aed47b9 /sw/source/filter/html/htmlreqifreader.cxx
parent: ab85732e1c6a1b52cf95fd9fb50b9ccb7cac2137 (diff)
1 files changed, 41 insertions, 48 deletions
diff --git a/sw/source/filter/html/htmlreqifreader.cxx b/sw/source/filter/html/htmlreqifreader.cxx
index 09ba240c13ff..d656f51bc0cb 100644
--- a/sw/source/filter/html/htmlreqifreader.cxx
+++ b/sw/source/filter/html/htmlreqifreader.cxx
@@ -99,56 +99,49 @@ bool ParseOLE2Presentation(SvStream& rOle2, sal_uInt32& nWidth, sal_uInt32& nHei
 {
     // See [MS-OLEDS] 2.3.4, OLEPresentationStream
     rOle2.Seek(0);
-    try
-    {
-        tools::SvRef<SotStorage> pStorage = new SotStorage(rOle2);
-        tools::SvRef<SotStorageStream> xOle2Presentation
-            = pStorage->OpenSotStream("\002OlePres000", StreamMode::STD_READ);
-
-        // Read AnsiClipboardFormat.
-        sal_uInt32 nMarkerOrLength = 0;
-        xOle2Presentation->ReadUInt32(nMarkerOrLength);
-        if (nMarkerOrLength != 0xffffffff)
-            // FormatOrAnsiString is not present
-            return false;
-        sal_uInt32 nFormatOrAnsiLength = 0;
-        xOle2Presentation->ReadUInt32(nFormatOrAnsiLength);
-        if (nFormatOrAnsiLength != 0x00000003) // CF_METAFILEPICT
-            return false;
-
-        // Read TargetDeviceSize.
-        sal_uInt32 nTargetDeviceSize = 0;
-        xOle2Presentation->ReadUInt32(nTargetDeviceSize);
-        if (nTargetDeviceSize != 0x00000004)
-            // TargetDevice is present
-            return false;
-
-        sal_uInt32 nAspect = 0;
-        xOle2Presentation->ReadUInt32(nAspect);
-        sal_uInt32 nLindex = 0;
-        xOle2Presentation->ReadUInt32(nLindex);
-        sal_uInt32 nAdvf = 0;
-        xOle2Presentation->ReadUInt32(nAdvf);
-        sal_uInt32 nReserved1 = 0;
-        xOle2Presentation->ReadUInt32(nReserved1);
-        xOle2Presentation->ReadUInt32(nWidth);
-        xOle2Presentation->ReadUInt32(nHeight);
-        sal_uInt32 nSize = 0;
-        xOle2Presentation->ReadUInt32(nSize);
-
-        // Read Data.
-        if (nSize > xOle2Presentation->remainingSize())
-            return false;
-        std::vector<char> aBuffer(nSize);
-        xOle2Presentation->ReadBytes(aBuffer.data(), aBuffer.size());
-        rPresentationData.WriteBytes(aBuffer.data(), aBuffer.size());
+    tools::SvRef<SotStorage> pStorage = new SotStorage(rOle2);
+    tools::SvRef<SotStorageStream> xOle2Presentation
+        = pStorage->OpenSotStream("\002OlePres000", StreamMode::STD_READ);
+
+    // Read AnsiClipboardFormat.
+    sal_uInt32 nMarkerOrLength = 0;
+    xOle2Presentation->ReadUInt32(nMarkerOrLength);
+    if (nMarkerOrLength != 0xffffffff)
+        // FormatOrAnsiString is not present
+        return false;
+    sal_uInt32 nFormatOrAnsiLength = 0;
+    xOle2Presentation->ReadUInt32(nFormatOrAnsiLength);
+    if (nFormatOrAnsiLength != 0x00000003) // CF_METAFILEPICT
+        return false;
 
-        return true;
-    }
-    catch (SvStreamEOFException&)
-    {
+    // Read TargetDeviceSize.
+    sal_uInt32 nTargetDeviceSize = 0;
+    xOle2Presentation->ReadUInt32(nTargetDeviceSize);
+    if (nTargetDeviceSize != 0x00000004)
+        // TargetDevice is present
         return false;
-    }
+
+    sal_uInt32 nAspect = 0;
+    xOle2Presentation->ReadUInt32(nAspect);
+    sal_uInt32 nLindex = 0;
+    xOle2Presentation->ReadUInt32(nLindex);
+    sal_uInt32 nAdvf = 0;
+    xOle2Presentation->ReadUInt32(nAdvf);
+    sal_uInt32 nReserved1 = 0;
+    xOle2Presentation->ReadUInt32(nReserved1);
+    xOle2Presentation->ReadUInt32(nWidth);
+    xOle2Presentation->ReadUInt32(nHeight);
+    sal_uInt32 nSize = 0;
+    xOle2Presentation->ReadUInt32(nSize);
+
+    // Read Data.
+    if (nSize > xOle2Presentation->remainingSize())
+        return false;
+    std::vector<char> aBuffer(nSize);
+    xOle2Presentation->ReadBytes(aBuffer.data(), aBuffer.size());
+    rPresentationData.WriteBytes(aBuffer.data(), aBuffer.size());
+
+    return true;
 }
 
 /**
author	Caolán McNamara <caolanm@redhat.com>	2021-01-18 16:19:10 +0000
committer	Caolán McNamara <caolanm@redhat.com>	2021-01-20 16:20:25 +0100
commit	4e639c37b4dcdc27d46111d0d0cbca966544c2cb (patch)
tree	e2ba04b8df148d863a2c2ab6a4410f297aed47b9 /sw/source/filter/html/htmlreqifreader.cxx
parent	ab85732e1c6a1b52cf95fd9fb50b9ccb7cac2137 (diff)