filter/source/msfilter/svdfppt.cxx | 15 ++++++++++----- sd/qa/unit/data/ppt/pass/hang-14.ppt |binary 2 files changed, 10 insertions(+), 5 deletions(-)
New commits: commit 5ed690a3e8a575784ca25048e0229ebc52e6fccd Author: Caolán McNamara <caol...@redhat.com> Date: Thu Aug 27 20:32:28 2015 +0100 check seeks and offsets Change-Id: I2b6ded138b9101415fc49e93e1ec3ebcd3a9d2ae diff --git a/filter/source/msfilter/svdfppt.cxx b/filter/source/msfilter/svdfppt.cxx index 0f419dd..b025b79 100644 --- a/filter/source/msfilter/svdfppt.cxx +++ b/filter/source/msfilter/svdfppt.cxx @@ -6505,10 +6505,12 @@ PPTTextObj::PPTTextObj( SvStream& rIn, SdrPowerPointImport& rSdrPowerPointImport bStatus = false; else { - rIn.Seek( pE->nSlidePersistStartOffset ); + auto nOffset(pE->nSlidePersistStartOffset); + bStatus = (nOffset == rIn.Seek(nOffset)); // now we got the right page and are searching for the right // TextHeaderAtom - while ( rIn.Tell() < pE->nSlidePersistEndOffset ) + auto nEndRecPos = DffPropSet::SanitizeEndPos(rIn, pE->nSlidePersistEndOffset); + while (bStatus && rIn.Tell() < nEndRecPos) { ReadDffRecordHeader( rIn, aClientTextBoxHd ); if ( aClientTextBoxHd.nRecType == PPT_PST_TextHeaderAtom ) @@ -6519,7 +6521,8 @@ PPTTextObj::PPTTextObj( SvStream& rIn, SdrPowerPointImport& rSdrPowerPointImport break; } } - aClientTextBoxHd.SeekToEndOfRecord( rIn ); + if (!aClientTextBoxHd.SeekToEndOfRecord(rIn)) + break; } if ( rIn.Tell() > pE->nSlidePersistEndOffset ) bStatus = false; @@ -6532,12 +6535,14 @@ PPTTextObj::PPTTextObj( SvStream& rIn, SdrPowerPointImport& rSdrPowerPointImport // we have to calculate the correct record len DffRecordHeader aTmpHd; - while ( rIn.Tell() < pE->nSlidePersistEndOffset ) + nEndRecPos = DffPropSet::SanitizeEndPos(rIn, pE->nSlidePersistEndOffset); + while (rIn.Tell() < nEndRecPos) { ReadDffRecordHeader( rIn, aTmpHd ); if ( ( aTmpHd.nRecType == PPT_PST_SlidePersistAtom ) || ( aTmpHd.nRecType == PPT_PST_TextHeaderAtom ) ) break; - aTmpHd.SeekToEndOfRecord( rIn ); + if (!aTmpHd.SeekToEndOfRecord(rIn)) + break; aClientTextBoxHd.nRecLen += aTmpHd.nRecLen + DFF_COMMON_RECORD_HEADER_SIZE; } aClientTextBoxHd.SeekToContent( rIn ); diff --git a/sd/qa/unit/data/ppt/pass/hang-14.ppt b/sd/qa/unit/data/ppt/pass/hang-14.ppt new file mode 100644 index 0000000..8dd397b Binary files /dev/null and b/sd/qa/unit/data/ppt/pass/hang-14.ppt differ
_______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits