diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2017-11-04 16:53:20 +0000 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2017-11-04 21:58:36 +0100 |
| commit | f1c790ca3613a43dac84e2a9b6a99d1338176325 (patch) | |
| tree | af26a6ac72c62860e513cdc577f7675ea3d2fcd0 /drawinglayer | |
| parent | 969531f53696417c80f9823e89eda2d5d594898e (diff) | |
ofz short read considered as a successful full block read
i.e StgDataStrm::Read takes the bool of no error and
multiplies it by the block size to report the length
read. A short read isn't an error so full buffer is
considered valid.
To keep #i73846# working and get deterministic fuzzing
results, zero out the trailing space of a successful but
short read. Changing this to return the truthful
number of bytes read makes #i73846# stop working.
There's wonderful nonsense here calculating nPg2,
determining nBytes to read derived from this,
reading nBytes into the buffer and then considering
it an error if nPg2 is not 1 after the presumably
potentially fatal buffer overflow if nPg2 wasn't initially
1, but this doesn't seem possible in practice
Change-Id: I2bac6066deb8a2902677e04696367ba2c351b325
Reviewed-on: https://gerrit.libreoffice.org/44310
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'drawinglayer')
0 files changed, 0 insertions, 0 deletions