You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by tr...@apache.org on 2018/08/17 22:24:27 UTC

svn commit: r1838292 - in /openoffice/trunk/main/filter: inc/filter/msfilter/dffpropset.hxx source/msfilter/dffpropset.cxx

Author: truckman
Date: Fri Aug 17 22:24:27 2018
New Revision: 1838292

URL: http://svn.apache.org/viewvc?rev=1838292&view=rev
Log:
When importing a Microsoft Office Drawing Binary File Format data stream,
ignore properties with the bComplex flag set indicating they have data 
external to the property record if the indicated size of the data is
larger than will fit in the containing property table record.      

DffPropSet::GetPropertyString() should return an empty string if
the bComplex flag is not set since there is no data to return.
 
Bail out of the loop that processes the array of properties early if
we hit the end of the property table record.
 
Limit the length of the property table record to the remaining size of
the stream.


Modified:
    openoffice/trunk/main/filter/inc/filter/msfilter/dffpropset.hxx
    openoffice/trunk/main/filter/source/msfilter/dffpropset.cxx

Modified: openoffice/trunk/main/filter/inc/filter/msfilter/dffpropset.hxx
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/filter/inc/filter/msfilter/dffpropset.hxx?rev=1838292&r1=1838291&r2=1838292&view=diff
==============================================================================
--- openoffice/trunk/main/filter/inc/filter/msfilter/dffpropset.hxx (original)
+++ openoffice/trunk/main/filter/inc/filter/msfilter/dffpropset.hxx Fri Aug 17 22:24:27 2018
@@ -61,6 +61,7 @@ class MSFILTER_DLLPUBLIC DffPropSet
 		~DffPropSet();
 
 		inline sal_Bool	IsProperty( sal_uInt32 nRecType ) const { return ( mpPropSetEntries[ nRecType & 0x3ff ].aFlags.bSet ); };
+		inline sal_Bool	IsComplex( sal_uInt32 nRecType ) const { return ( mpPropSetEntries[ nRecType & 0x3ff ].aFlags.bComplex ); };
 		sal_Bool		IsHardAttribute( sal_uInt32 nId ) const;
 		sal_uInt32		GetPropertyValue( sal_uInt32 nId, sal_uInt32 nDefault = 0 ) const;
         /** Returns a boolean property by its real identifier. */

Modified: openoffice/trunk/main/filter/source/msfilter/dffpropset.cxx
URL: http://svn.apache.org/viewvc/openoffice/trunk/main/filter/source/msfilter/dffpropset.cxx?rev=1838292&r1=1838291&r2=1838292&view=diff
==============================================================================
--- openoffice/trunk/main/filter/source/msfilter/dffpropset.cxx (original)
+++ openoffice/trunk/main/filter/source/msfilter/dffpropset.cxx Fri Aug 17 22:24:27 2018
@@ -1099,7 +1099,11 @@ DffPropSet::~DffPropSet()
 void DffPropSet::ReadPropSet( SvStream& rIn, bool bSetUninitializedOnly )
 {
 	DffRecordHeader aHd;
+	sal_Size nEndOfStream, nEndOfRecord;
 	rIn >> aHd;
+	nEndOfStream = rIn.Seek(STREAM_SEEK_TO_END);
+	aHd.SeekToContent( rIn );
+	nEndOfRecord = Min(aHd.GetRecEndFilePos(), nEndOfStream);
 
 	if ( !bSetUninitializedOnly )
 	{
@@ -1116,6 +1120,8 @@ void DffPropSet::ReadPropSet( SvStream&
 	{
 		sal_uInt16 nTmp;
 		sal_uInt32 nRecType, nContent;
+		if (nEndOfRecord - rIn.Tell() < 6)
+			break;
 		rIn >> nTmp
 			>> nContent;
 
@@ -1157,7 +1163,7 @@ void DffPropSet::ReadPropSet( SvStream&
 				aPropFlag.bBlip = sal_True;
 			if ( nTmp & 0x8000 )
 				aPropFlag.bComplex = sal_True;
-			if ( aPropFlag.bComplex && nContent && ( nComplexDataFilePos < aHd.GetRecEndFilePos() ) )
+			if ( aPropFlag.bComplex && nContent && ( nComplexDataFilePos < nEndOfRecord ) )
             {
                 // normally nContent is the complete size of the complex property,
                 // but this is not always true for IMsoArrays ( what the hell is a IMsoArray ? )
@@ -1190,13 +1196,17 @@ void DffPropSet::ReadPropSet( SvStream&
                             nContent += 6;
 
                         // check if array fits into the PropertyContainer
-                        if ( ( nComplexDataFilePos + nContent ) > aHd.GetRecEndFilePos() )
+                        if ( nContent > nEndOfRecord - nComplexDataFilePos)
                             nContent = 0;
                     }
                     else
                         nContent = 0;
 					rIn.Seek( nOldPos );
-				}
+                } else {
+                    // check if complex property fits into the PropertyContainer
+                    if ( nContent > nEndOfRecord - nComplexDataFilePos)
+                        nContent = 0;
+                }
                 if ( nContent )
                 {
 					if ( bSetProperty )
@@ -1301,7 +1311,7 @@ bool DffPropSet::GetPropertyBool( sal_uI
     sal_Size nOldPos = rStrm.Tell();
     ::rtl::OUStringBuffer aBuffer;
     sal_uInt32 nBufferSize = GetPropertyValue( nId );
-    if( (nBufferSize > 0) && SeekToContent( nId, rStrm ) )
+    if( (nBufferSize > 0) && IsComplex( nId ) && SeekToContent( nId, rStrm ) )
     {
         sal_Int32 nStrLen = static_cast< sal_Int32 >( nBufferSize / 2 );
         aBuffer.ensureCapacity( nStrLen );