filter/source/msfilter/svdfppt.cxx | 15 ++++++++++----- sd/qa/unit/data/ppt/pass/hang-14.ppt |binary 2 files changed, 10 insertions(+), 5 deletions(-)
New commits: commit 2ddf5ff569ef528d25df7b4613430ab93c207b7a Author: Caolán McNamara <caol...@redhat.com> Date: Thu Aug 27 20:32:28 2015 +0100 check seeks and offsets Change-Id: I2b6ded138b9101415fc49e93e1ec3ebcd3a9d2ae (cherry picked from commit 5ed690a3e8a575784ca25048e0229ebc52e6fccd) Reviewed-on: https://gerrit.libreoffice.org/18099 Reviewed-by: David Tardon <dtar...@redhat.com> Tested-by: David Tardon <dtar...@redhat.com> diff --git a/filter/source/msfilter/svdfppt.cxx b/filter/source/msfilter/svdfppt.cxx index 428708a..1e8f49d 100644 --- a/filter/source/msfilter/svdfppt.cxx +++ b/filter/source/msfilter/svdfppt.cxx @@ -6508,10 +6508,12 @@ PPTTextObj::PPTTextObj( SvStream& rIn, SdrPowerPointImport& rSdrPowerPointImport bStatus = false; else { - rIn.Seek( pE->nSlidePersistStartOffset ); + auto nOffset(pE->nSlidePersistStartOffset); + bStatus = (nOffset == rIn.Seek(nOffset)); // now we got the right page and are searching for the right // TextHeaderAtom - while ( rIn.Tell() < pE->nSlidePersistEndOffset ) + auto nEndRecPos = DffPropSet::SanitizeEndPos(rIn, pE->nSlidePersistEndOffset); + while (bStatus && rIn.Tell() < nEndRecPos) { ReadDffRecordHeader( rIn, aClientTextBoxHd ); if ( aClientTextBoxHd.nRecType == PPT_PST_TextHeaderAtom ) @@ -6522,7 +6524,8 @@ PPTTextObj::PPTTextObj( SvStream& rIn, SdrPowerPointImport& rSdrPowerPointImport break; } } - aClientTextBoxHd.SeekToEndOfRecord( rIn ); + if (!aClientTextBoxHd.SeekToEndOfRecord(rIn)) + break; } if ( rIn.Tell() > pE->nSlidePersistEndOffset ) bStatus = false; @@ -6535,12 +6538,14 @@ PPTTextObj::PPTTextObj( SvStream& rIn, SdrPowerPointImport& rSdrPowerPointImport // we have to calculate the correct record len DffRecordHeader aTmpHd; - while ( rIn.Tell() < pE->nSlidePersistEndOffset ) + nEndRecPos = DffPropSet::SanitizeEndPos(rIn, pE->nSlidePersistEndOffset); + while (rIn.Tell() < nEndRecPos) { ReadDffRecordHeader( rIn, aTmpHd ); if ( ( aTmpHd.nRecType == PPT_PST_SlidePersistAtom ) || ( aTmpHd.nRecType == PPT_PST_TextHeaderAtom ) ) break; - aTmpHd.SeekToEndOfRecord( rIn ); + if (!aTmpHd.SeekToEndOfRecord(rIn)) + break; aClientTextBoxHd.nRecLen += aTmpHd.nRecLen + DFF_COMMON_RECORD_HEADER_SIZE; } aClientTextBoxHd.SeekToContent( rIn ); diff --git a/sd/qa/unit/data/ppt/pass/hang-14.ppt b/sd/qa/unit/data/ppt/pass/hang-14.ppt new file mode 100644 index 0000000..8dd397b Binary files /dev/null and b/sd/qa/unit/data/ppt/pass/hang-14.ppt differ
_______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits