From 079a17447d869fae97c0b1a6dde5fe6a25247685 Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Mon, 12 Mar 2018 14:13:23 +0000 Subject: forcepoint #27 check region bands loaded from stream for consistency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I92376b5fb4208c78fa25a94d4dd394256793161c Reviewed-on: https://gerrit.libreoffice.org/51144 Tested-by: Jenkins Reviewed-by: Caolán McNamara Tested-by: Caolán McNamara --- vcl/inc/regionband.hxx | 3 ++- vcl/source/gdi/region.cxx | 8 +++++++- vcl/source/gdi/regionband.cxx | 27 +++++++++++++++++++++++---- 3 files changed, 32 insertions(+), 6 deletions(-) diff --git a/vcl/inc/regionband.hxx b/vcl/inc/regionband.hxx index 1fb5db93a410..b227226353d1 100644 --- a/vcl/inc/regionband.hxx +++ b/vcl/inc/regionband.hxx @@ -36,6 +36,7 @@ private: ImplRegionBand* mpLastCheckedBand; void implReset(); + SAL_WARN_UNUSED_RESULT bool CheckConsistency() const; public: RegionBand(); @@ -46,7 +47,7 @@ public: bool operator==( const RegionBand& rRegionBand ) const; - void load(SvStream& rIStrm); + SAL_WARN_UNUSED_RESULT bool load(SvStream& rIStrm); void save(SvStream& rIStrm) const; bool isSingleRectangle() const; diff --git a/vcl/source/gdi/region.cxx b/vcl/source/gdi/region.cxx index bcc8a0c96e9a..ab711c245c3d 100644 --- a/vcl/source/gdi/region.cxx +++ b/vcl/source/gdi/region.cxx @@ -1586,7 +1586,7 @@ SvStream& ReadRegion(SvStream& rIStrm, vcl::Region& rRegion) default: { RegionBand* pNewRegionBand = new RegionBand(); - pNewRegionBand->load(rIStrm); + bool bSuccess = pNewRegionBand->load(rIStrm); rRegion.mpRegionBand.reset(pNewRegionBand); if(aCompat.GetVersion() >= 2) @@ -1603,6 +1603,12 @@ SvStream& ReadRegion(SvStream& rIStrm, vcl::Region& rRegion) } } + if (!bSuccess) + { + SAL_WARN("vcl.gdi", "bad region band"); + rRegion.SetNull(); + } + break; } } diff --git a/vcl/source/gdi/regionband.cxx b/vcl/source/gdi/regionband.cxx index c93fc4c73d26..77eb2f4a7782 100644 --- a/vcl/source/gdi/regionband.cxx +++ b/vcl/source/gdi/regionband.cxx @@ -190,7 +190,7 @@ bool RegionBand::operator==( const RegionBand& rRegionBand ) const enum StreamEntryType { STREAMENTRY_BANDHEADER, STREAMENTRY_SEPARATION, STREAMENTRY_END }; -void RegionBand::load(SvStream& rIStrm) +bool RegionBand::load(SvStream& rIStrm) { // clear this instance data implReset(); @@ -203,14 +203,14 @@ void RegionBand::load(SvStream& rIStrm) rIStrm.ReadUInt16(nTmp16); if (STREAMENTRY_END == static_cast(nTmp16)) - return; + return false; size_t nRecordsPossible = rIStrm.remainingSize() / (2*sizeof(sal_Int32)); if (!nRecordsPossible) { OSL_ENSURE(false, "premature end of region stream" ); implReset(); - return; + return false; } do @@ -259,13 +259,19 @@ void RegionBand::load(SvStream& rIStrm) { OSL_ENSURE(false, "premature end of region stream" ); implReset(); - return; + return false; } // get next header rIStrm.ReadUInt16( nTmp16 ); } while (STREAMENTRY_END != static_cast(nTmp16) && rIStrm.good()); + if (!CheckConsistency()) + { + implReset(); + return false; + } + return true; } void RegionBand::save(SvStream& rOStrm) const @@ -1155,6 +1161,19 @@ bool RegionBand::Exclude(const RegionBand& rSource) return true; } +bool RegionBand::CheckConsistency() const +{ + // look in the band list (don't test first band again!) + const ImplRegionBand* pBand = mpFirstBand->mpNextBand; + while (pBand) + { + if (!pBand->mpFirstSep) + return false; + pBand = pBand->mpNextBand; + } + return true; +} + tools::Rectangle RegionBand::GetBoundRect() const { -- cgit