svn commit: r1582708 - in /openoffice/trunk/main/sot/source/sdstor: stgdir.cxx stgdir.hxx

Fri, 28 Mar 2014 04:27:35 -0700 

Author: jsc
Date: Fri Mar 28 11:25:38 2014
New Revision: 1582708

URL: http://svn.apache.org/r1582708
Log:
#124461# merge from aoo410 branch, add checks for nested depth and entry indices

Modified:
    openoffice/trunk/main/sot/source/sdstor/stgdir.cxx
    openoffice/trunk/main/sot/source/sdstor/stgdir.hxx

Modified: openoffice/trunk/main/sot/source/sdstor/stgdir.cxx
URL: 
http://svn.apache.org/viewvc/openoffice/trunk/main/sot/source/sdstor/stgdir.cxx?rev=1582708&r1=1582707&r2=1582708&view=diff
==============================================================================
--- openoffice/trunk/main/sot/source/sdstor/stgdir.cxx (original)
+++ openoffice/trunk/main/sot/source/sdstor/stgdir.cxx Fri Mar 28 11:25:38 2014
@@ -827,7 +827,7 @@ StgDirStrm::StgDirStrm( StgIo& r )
         // temporarily use this instance as owner, so
         // the TOC pages can be removed.
         pEntry = (StgDirEntry*) this; // just for a bit pattern
-        SetupEntry( 0, pRoot );
+        SetupEntry(0, pRoot, nSize/STGENTRY_SIZE, 0);
         rIo.Revert( pEntry );
         pEntry = NULL;
     }
@@ -840,8 +840,26 @@ StgDirStrm::~StgDirStrm()
 
 // Recursively parse the directory tree during reading the TOC stream
 
-void StgDirStrm::SetupEntry( sal_Int32 n, StgDirEntry* pUpper )
+void StgDirStrm::SetupEntry (
+    const sal_Int32 n,
+    StgDirEntry* pUpper,
+    const sal_Int32 nEntryCount,
+    const sal_Int32 nDepth)
 {
+    if (nDepth >= nEntryCount)
+    {
+        // Tree grew higher than there are different nodes.  Looks like
+        // something is wrong with the file.  Return now to avoid
+        // infinite recursion.
+        return;
+    }
+    else if (n>=nEntryCount || (n<0 && n!=STG_FREE))
+    {
+        // n has an invalid value.  Don't access the corresponding
+        // stream content.
+        return;
+    }
+
     void* p = ( n == STG_FREE ) ? NULL : GetEntry( n );
     if( p )
     {
@@ -889,9 +907,9 @@ void StgDirStrm::SetupEntry( sal_Int32 n
                 delete pCur; pCur = NULL;
                 return;
             }
-            SetupEntry( nLeft, pUpper );
-            SetupEntry( nRight, pUpper );
-            SetupEntry( nLeaf, pCur );
+            SetupEntry( nLeft, pUpper, nEntryCount, nDepth+1);
+            SetupEntry( nRight, pUpper, nEntryCount, nDepth+1);
+            SetupEntry( nLeaf, pCur, nEntryCount, nDepth+1);
         }
     }
 }

Modified: openoffice/trunk/main/sot/source/sdstor/stgdir.hxx
URL: 
http://svn.apache.org/viewvc/openoffice/trunk/main/sot/source/sdstor/stgdir.hxx?rev=1582708&r1=1582707&r2=1582708&view=diff
==============================================================================
--- openoffice/trunk/main/sot/source/sdstor/stgdir.hxx (original)
+++ openoffice/trunk/main/sot/source/sdstor/stgdir.hxx Fri Mar 28 11:25:38 2014
@@ -100,8 +100,12 @@ class StgDirStrm : public StgDataStrm
        friend class StgIterator;
        StgDirEntry* pRoot;                                                     
// root of dir tree
        short            nEntries;                                              
// entries per page
-       void             SetupEntry( sal_Int32, StgDirEntry* );
-public:
+    void SetupEntry(
+        const sal_Int32 n,
+        StgDirEntry* pUpper,
+        const sal_Int32 nEntryCount,
+        const sal_Int32 nDepth);
+public: 
        StgDirStrm( StgIo& );
        ~StgDirStrm();
        virtual sal_Bool SetSize( sal_Int32 );                          // 
change the size

Reply via email to