You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by js...@apache.org on 2014/03/28 11:04:57 UTC
svn commit: r1582668 - in
/openoffice/branches/AOO410/main/sot/source/sdstor: stgdir.cxx stgdir.hxx
Author: jsc
Date: Fri Mar 28 10:04:57 2014
New Revision: 1582668
URL: http://svn.apache.org/r1582668
Log:
#124461# add checks for nested depth and entry indices
Patch By: awf, hdu
Modified:
openoffice/branches/AOO410/main/sot/source/sdstor/stgdir.cxx
openoffice/branches/AOO410/main/sot/source/sdstor/stgdir.hxx
Modified: openoffice/branches/AOO410/main/sot/source/sdstor/stgdir.cxx
URL: http://svn.apache.org/viewvc/openoffice/branches/AOO410/main/sot/source/sdstor/stgdir.cxx?rev=1582668&r1=1582667&r2=1582668&view=diff
==============================================================================
--- openoffice/branches/AOO410/main/sot/source/sdstor/stgdir.cxx (original)
+++ openoffice/branches/AOO410/main/sot/source/sdstor/stgdir.cxx Fri Mar 28 10:04:57 2014
@@ -827,7 +827,7 @@ StgDirStrm::StgDirStrm( StgIo& r )
// temporarily use this instance as owner, so
// the TOC pages can be removed.
pEntry = (StgDirEntry*) this; // just for a bit pattern
- SetupEntry( 0, pRoot );
+ SetupEntry(0, pRoot, nSize/STGENTRY_SIZE, 0);
rIo.Revert( pEntry );
pEntry = NULL;
}
@@ -840,8 +840,26 @@ StgDirStrm::~StgDirStrm()
// Recursively parse the directory tree during reading the TOC stream
-void StgDirStrm::SetupEntry( sal_Int32 n, StgDirEntry* pUpper )
+void StgDirStrm::SetupEntry (
+ const sal_Int32 n,
+ StgDirEntry* pUpper,
+ const sal_Int32 nEntryCount,
+ const sal_Int32 nDepth)
{
+ if (nDepth >= nEntryCount)
+ {
+ // Tree grew higher than there are different nodes. Looks like
+ // something is wrong with the file. Return now to avoid
+ // infinite recursion.
+ return;
+ }
+ else if (n>=nEntryCount || (n<0 && n!=STG_FREE))
+ {
+ // n has an invalid value. Don't access the corresponding
+ // stream content.
+ return;
+ }
+
void* p = ( n == STG_FREE ) ? NULL : GetEntry( n );
if( p )
{
@@ -889,9 +907,9 @@ void StgDirStrm::SetupEntry( sal_Int32 n
delete pCur; pCur = NULL;
return;
}
- SetupEntry( nLeft, pUpper );
- SetupEntry( nRight, pUpper );
- SetupEntry( nLeaf, pCur );
+ SetupEntry( nLeft, pUpper, nEntryCount, nDepth+1);
+ SetupEntry( nRight, pUpper, nEntryCount, nDepth+1);
+ SetupEntry( nLeaf, pCur, nEntryCount, nDepth+1);
}
}
}
Modified: openoffice/branches/AOO410/main/sot/source/sdstor/stgdir.hxx
URL: http://svn.apache.org/viewvc/openoffice/branches/AOO410/main/sot/source/sdstor/stgdir.hxx?rev=1582668&r1=1582667&r2=1582668&view=diff
==============================================================================
--- openoffice/branches/AOO410/main/sot/source/sdstor/stgdir.hxx (original)
+++ openoffice/branches/AOO410/main/sot/source/sdstor/stgdir.hxx Fri Mar 28 10:04:57 2014
@@ -100,8 +100,12 @@ class StgDirStrm : public StgDataStrm
friend class StgIterator;
StgDirEntry* pRoot; // root of dir tree
short nEntries; // entries per page
- void SetupEntry( sal_Int32, StgDirEntry* );
-public:
+ void SetupEntry(
+ const sal_Int32 n,
+ StgDirEntry* pUpper,
+ const sal_Int32 nEntryCount,
+ const sal_Int32 nDepth);
+public:
StgDirStrm( StgIo& );
~StgDirStrm();
virtual sal_Bool SetSize( sal_Int32 ); // change the size