diff options
author | Caolán McNamara <caolanm@redhat.com> | 2018-03-12 14:13:23 +0000 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2018-03-12 22:07:45 +0100 |
commit | 079a17447d869fae97c0b1a6dde5fe6a25247685 (patch) | |
tree | 6adef153e7cbea4d0608e78e75e4861f1b40f99f | |
parent | 02cf066ee9b8a833a6f19c41489aadff3561a56b (diff) |
forcepoint #27 check region bands loaded from stream for consistency
Change-Id: I92376b5fb4208c78fa25a94d4dd394256793161c
Reviewed-on: https://gerrit.libreoffice.org/51144
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
-rw-r--r-- | vcl/inc/regionband.hxx | 3 | ||||
-rw-r--r-- | vcl/source/gdi/region.cxx | 8 | ||||
-rw-r--r-- | vcl/source/gdi/regionband.cxx | 27 |
3 files changed, 32 insertions, 6 deletions
diff --git a/vcl/inc/regionband.hxx b/vcl/inc/regionband.hxx index 1fb5db93a410..b227226353d1 100644 --- a/vcl/inc/regionband.hxx +++ b/vcl/inc/regionband.hxx @@ -36,6 +36,7 @@ private: ImplRegionBand* mpLastCheckedBand; void implReset(); + SAL_WARN_UNUSED_RESULT bool CheckConsistency() const; public: RegionBand(); @@ -46,7 +47,7 @@ public: bool operator==( const RegionBand& rRegionBand ) const; - void load(SvStream& rIStrm); + SAL_WARN_UNUSED_RESULT bool load(SvStream& rIStrm); void save(SvStream& rIStrm) const; bool isSingleRectangle() const; diff --git a/vcl/source/gdi/region.cxx b/vcl/source/gdi/region.cxx index bcc8a0c96e9a..ab711c245c3d 100644 --- a/vcl/source/gdi/region.cxx +++ b/vcl/source/gdi/region.cxx @@ -1586,7 +1586,7 @@ SvStream& ReadRegion(SvStream& rIStrm, vcl::Region& rRegion) default: { RegionBand* pNewRegionBand = new RegionBand(); - pNewRegionBand->load(rIStrm); + bool bSuccess = pNewRegionBand->load(rIStrm); rRegion.mpRegionBand.reset(pNewRegionBand); if(aCompat.GetVersion() >= 2) @@ -1603,6 +1603,12 @@ SvStream& ReadRegion(SvStream& rIStrm, vcl::Region& rRegion) } } + if (!bSuccess) + { + SAL_WARN("vcl.gdi", "bad region band"); + rRegion.SetNull(); + } + break; } } diff --git a/vcl/source/gdi/regionband.cxx b/vcl/source/gdi/regionband.cxx index c93fc4c73d26..77eb2f4a7782 100644 --- a/vcl/source/gdi/regionband.cxx +++ b/vcl/source/gdi/regionband.cxx @@ -190,7 +190,7 @@ bool RegionBand::operator==( const RegionBand& rRegionBand ) const enum StreamEntryType { STREAMENTRY_BANDHEADER, STREAMENTRY_SEPARATION, STREAMENTRY_END }; -void RegionBand::load(SvStream& rIStrm) +bool RegionBand::load(SvStream& rIStrm) { // clear this instance data implReset(); @@ -203,14 +203,14 @@ void RegionBand::load(SvStream& rIStrm) rIStrm.ReadUInt16(nTmp16); if (STREAMENTRY_END == static_cast<StreamEntryType>(nTmp16)) - return; + return false; size_t nRecordsPossible = rIStrm.remainingSize() / (2*sizeof(sal_Int32)); if (!nRecordsPossible) { OSL_ENSURE(false, "premature end of region stream" ); implReset(); - return; + return false; } do @@ -259,13 +259,19 @@ void RegionBand::load(SvStream& rIStrm) { OSL_ENSURE(false, "premature end of region stream" ); implReset(); - return; + return false; } // get next header rIStrm.ReadUInt16( nTmp16 ); } while (STREAMENTRY_END != static_cast<StreamEntryType>(nTmp16) && rIStrm.good()); + if (!CheckConsistency()) + { + implReset(); + return false; + } + return true; } void RegionBand::save(SvStream& rOStrm) const @@ -1155,6 +1161,19 @@ bool RegionBand::Exclude(const RegionBand& rSource) return true; } +bool RegionBand::CheckConsistency() const +{ + // look in the band list (don't test first band again!) + const ImplRegionBand* pBand = mpFirstBand->mpNextBand; + while (pBand) + { + if (!pBand->mpFirstSep) + return false; + pBand = pBand->mpNextBand; + } + return true; +} + tools::Rectangle RegionBand::GetBoundRect() const { |