diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2022-06-22 20:37:34 +0200 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2022-06-24 13:42:29 +0200 |
| commit | 932af81916bd36605e689598f5bad2130e5eebf0 (patch) | |
| tree | 4c35d7137fee5a7f5b43f0f5359cb4ea8bfcff4c /sc/source | |
| parent | 84d57c3efd1048c72510c162982fa6713f169b27 (diff) | |
Pump XInputStream into an SvMemoryStream rather than an OStringBuffer
...to avoid overflow with streams >= 2^31 bytes. This should fix
<https://crashreport.libreoffice.org/stats/crash_details/d9613c81-de37-4de2-8c64-e36634d10ddc>
which I could reproduce with a recent master Linux build with
> $ truncate -s 3G test.xml
> $ instdir/program/soffice test.xml
causing a SIGSEGV at
> #0 0x00007ffff7f193a0 in rtl::str::stringbuffer_insert<_rtl_String, char>(_rtl_String**, int*, int, char const*, int) (ppThis=0x7fffffffb330, capacity=<optimized out>, offset=2147479552, pStr=0x20a92e8 "", len=4096) at sal/rtl/strtmpl.hxx:1424
> #1 0x00007fffb6af04e5 in rtl::OStringBuffer::append(char const*, int) (len=4096, str=<optimized out>, this=0x7fffffffb330) at include/rtl/strbuf.hxx:594
> #2 (anonymous namespace)::OrcusFormatDetect::detect(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&) (this=<optimized out>, rMediaDescSeq=<optimized out>) at sc/source/filter/orcus/filterdetect.cxx:80
[...]
(Ideally, orcus::detect would only need a short prefix of the stream's content,
but the implementation in
workdir/UnpackedTarball/liborcus/src/liborcus/format_detection.cpp delegates to
functions like orcus_ods::detect in
workdir/UnpackedTarball/liborcus/src/liborcus/orcus_ods.cpp, which passes the
content through some zip_archive that presumably needs the full content.)
Change-Id: Ifaa37ee887d8296cbcf971313bde347ddfb17c12
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136297
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
(cherry picked from commit a95c585433246813096e8890b7ed6ef4fe30c621)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136253
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Diffstat (limited to 'sc/source')
| -rw-r--r-- | sc/source/filter/orcus/filterdetect.cxx | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sc/source/filter/orcus/filterdetect.cxx b/sc/source/filter/orcus/filterdetect.cxx index 4e299f1d9371..21eb1d492440 100644 --- a/sc/source/filter/orcus/filterdetect.cxx +++ b/sc/source/filter/orcus/filterdetect.cxx @@ -14,7 +14,7 @@ #include <unotools/mediadescriptor.hxx> -#include <rtl/strbuf.hxx> +#include <tools/stream.hxx> #include <orcus/format_detection.hpp> @@ -68,7 +68,7 @@ OUString OrcusFormatDetect::detect(css::uno::Sequence<css::beans::PropertyValue> return OUString(); css::uno::Reference<css::io::XInputStream> xInputStream(aMediaDescriptor[utl::MediaDescriptor::PROP_INPUTSTREAM], css::uno::UNO_QUERY ); - OStringBuffer aContent(xInputStream->available()); + SvMemoryStream aContent(xInputStream->available()); static const sal_Int32 nBytes = 4096; css::uno::Sequence<sal_Int8> aSeq(nBytes); @@ -77,10 +77,10 @@ OUString OrcusFormatDetect::detect(css::uno::Sequence<css::beans::PropertyValue> { sal_Int32 nReadBytes = xInputStream->readBytes(aSeq, nBytes); bEnd = (nReadBytes != nBytes); - aContent.append(reinterpret_cast<const char*>(aSeq.getConstArray()), nReadBytes); + aContent.WriteBytes(aSeq.getConstArray(), nReadBytes); } - orcus::format_t eFormat = orcus::detect(reinterpret_cast<const unsigned char*>(aContent.getStr()), aContent.getLength()); + orcus::format_t eFormat = orcus::detect(static_cast<const unsigned char*>(aContent.GetData()), aContent.GetSize()); switch (eFormat) { |