diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2015-08-26 12:35:01 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2015-08-26 12:43:59 +0100 |
| commit | cadac8400a018c8c566379f7767ea5edff78523d (patch) | |
| tree | a0a52df4519388a10222629a9446fbc7861f7752 | |
| parent | 94a52f9ffafdf9c6e64ddf1a3587f21a272f2e62 (diff) | |
don't hang on unreachable record ends
Change-Id: I288f7ff0327831603eda6e827c8acbae678dfaff
| -rw-r--r-- | filter/source/msfilter/svdfppt.cxx | 14 | ||||
| -rw-r--r-- | sd/qa/unit/data/ppt/pass/hang-1.ppt | bin | 0 -> 7680 bytes | |||
| -rw-r--r-- | sd/source/filter/ppt/pptin.cxx | 7 |
3 files changed, 18 insertions, 3 deletions
diff --git a/filter/source/msfilter/svdfppt.cxx b/filter/source/msfilter/svdfppt.cxx index f5b79315cc29..8199766ec1dd 100644 --- a/filter/source/msfilter/svdfppt.cxx +++ b/filter/source/msfilter/svdfppt.cxx @@ -4061,8 +4061,18 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader& rSlideHd, SvStream& rIn, Sd } rSlideHd.SeekToContent( rIn ); + + auto nEndRecPos = rSlideHd.GetRecEndFilePos(); + auto nStreamLen = rIn.Tell() + rIn.remainingSize(); + if (nEndRecPos > nStreamLen) + { + SAL_WARN("filter.ms", "Parsing error: " << nStreamLen << + " max end pos, but " << nEndRecPos << " claimed, truncating"); + nEndRecPos = nStreamLen; + } + DffRecordHeader aTxMasterStyleHd; - while ( rIn.Tell() < rSlideHd.GetRecEndFilePos() ) + while (rIn.Tell() < nEndRecPos) { ReadDffRecordHeader( rIn, aTxMasterStyleHd ); if ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom ) @@ -4070,7 +4080,7 @@ PPTStyleSheet::PPTStyleSheet( const DffRecordHeader& rSlideHd, SvStream& rIn, Sd else aTxMasterStyleHd.SeekToEndOfRecord( rIn ); } - while ( ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom ) && ( rIn.Tell() < rSlideHd.GetRecEndFilePos() ) ) //TODO: aTxMasterStyleHd may be used without having been properly initialized + while ( ( aTxMasterStyleHd.nRecType == PPT_PST_TxMasterStyleAtom ) && ( rIn.Tell() < nEndRecPos ) ) //TODO: aTxMasterStyleHd may be used without having been properly initialized { sal_uInt32 nInstance = aTxMasterStyleHd.nRecInstance; if ( ( nInstance < PPT_STYLESHEETENTRYS ) && diff --git a/sd/qa/unit/data/ppt/pass/hang-1.ppt b/sd/qa/unit/data/ppt/pass/hang-1.ppt Binary files differnew file mode 100644 index 000000000000..d30cb8472ee9 --- /dev/null +++ b/sd/qa/unit/data/ppt/pass/hang-1.ppt diff --git a/sd/source/filter/ppt/pptin.cxx b/sd/source/filter/ppt/pptin.cxx index af1588f6bcf7..5f92ae82aa10 100644 --- a/sd/source/filter/ppt/pptin.cxx +++ b/sd/source/filter/ppt/pptin.cxx @@ -821,7 +821,12 @@ bool ImplSdPPTImport::Import() } break; } - aHd.SeekToEndOfRecord( rStCtrl ); + bool bSuccess = aHd.SeekToEndOfRecord(rStCtrl); + if (!bSuccess) + { + SAL_WARN("filter.ms", "Count not seek to end of record"); + break; + } } } rStCtrl.Seek( nFPosMerk ); |