From 372d5d74ad8cfb9b69dc20557359c4a2c1597b57 Mon Sep 17 00:00:00 2001 From: Julien Nabet Date: Sat, 24 May 2014 16:35:49 +0200 Subject: Resolves: fdo#79137 Crash in oox::vml::InputStream::updateBuffer bt shows: Program received signal SIGSEGV, Segmentation fault. 0x00002aaadba213fb in oox::vml::InputStream::updateBuffer (this=0x8d7fd80) at /home/julien/compile-libreoffice/libreoffice/oox/source/vml/vmlinputstream.cxx:339 339 while( (mnBufferPos >= maBuffer.getLength()) && !mxTextStrm->isEOF() ) (gdb) bt 0x00002aaadba213fb in oox::vml::InputStream::updateBuffer (this=0x8d7fd80) at /home/julien/compile-libreoffice/libreoffice/oox/source/vml/vmlinputstream.cxx:339 0x00002aaadba21048 in oox::vml::InputStream::available (this=0x8d7fd80) at /home/julien/compile-libreoffice/libreoffice/oox/source/vml/vmlinputstream.cxx:326 0x00002aaacf5a0249 in sax_fastparser::FastSaxParserImpl::parseStream (this=0x89aea30, maStructSource=...) at /home/julien/compile-libreoffice/libreoffice/sax/source/fastparser/fastparser.cxx:810 Indeed, mxTextStrm is invalid, so let's test its validity in InputStream constructor Change-Id: Ifed79603e33b64d11eb07656df17824b7f98058f --- oox/source/vml/vmlinputstream.cxx | 2 ++ 1 file changed, 2 insertions(+) (limited to 'oox/source/vml/vmlinputstream.cxx') diff --git a/oox/source/vml/vmlinputstream.cxx b/oox/source/vml/vmlinputstream.cxx index 70896e1952ff..f373bad0c0d1 100644 --- a/oox/source/vml/vmlinputstream.cxx +++ b/oox/source/vml/vmlinputstream.cxx @@ -266,6 +266,8 @@ InputStream::InputStream( const Reference< XComponentContext >& rxContext, const maClosingCData( CREATE_OSTRING( "]]>" ) ), mnBufferPos( 0 ) { + if (!mxTextStrm.is()) + throw IOException(); maOpeningBracket[ 0 ] = '<'; maClosingBracket[ 0 ] = '>'; } -- cgit