sc/source/filter/excel/xiescher.cxx | 10 ++++++---- xmloff/source/core/xmlexp.cxx | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-)
New commits: commit ec100b7066d5a00178deb3a1625da07fd1c3b416 Author: Michael Stahl <[email protected]> Date: Tue Sep 19 22:01:00 2017 +0200 sc: fix infinite loop in XclImpDffConverter::ProcessShGrContainer() ... and also in XclImpDffConverter::ProcessDgContainer() This was looping in CppunitTest_sc_filters_test, reportedly since commit 7e8c38b69742ff037a5e239bf0f02665f053ea53. The problem is that checkSeek() doesn't actually seek until EOF if the offset is too large. Change-Id: I16226a88388dcac8069d6a4cad860470540466e3 diff --git a/sc/source/filter/excel/xiescher.cxx b/sc/source/filter/excel/xiescher.cxx index 17c4f163c886..fd13897d33d1 100644 --- a/sc/source/filter/excel/xiescher.cxx +++ b/sc/source/filter/excel/xiescher.cxx @@ -3684,7 +3684,8 @@ OUString XclImpDffConverter::ReadHlinkProperty( SvStream& rDffStrm ) const void XclImpDffConverter::ProcessDgContainer( SvStream& rDffStrm, const DffRecordHeader& rDgHeader ) { std::size_t nEndPos = rDgHeader.GetRecEndFilePos(); - while( rDffStrm.Tell() < nEndPos ) + bool isBreak(false); + while (!isBreak && rDffStrm.good() && rDffStrm.Tell() < nEndPos) { DffRecordHeader aHeader; ReadDffRecordHeader( rDffStrm, aHeader ); @@ -3697,7 +3698,7 @@ void XclImpDffConverter::ProcessDgContainer( SvStream& rDffStrm, const DffRecord ProcessShGrContainer( rDffStrm, aHeader ); break; default: - aHeader.SeekToEndOfRecord( rDffStrm ); + isBreak = !aHeader.SeekToEndOfRecord( rDffStrm ); } } // seek to end of drawing page container @@ -3713,7 +3714,8 @@ void XclImpDffConverter::ProcessDgContainer( SvStream& rDffStrm, const DffRecord void XclImpDffConverter::ProcessShGrContainer( SvStream& rDffStrm, const DffRecordHeader& rShGrHeader ) { std::size_t nEndPos = rShGrHeader.GetRecEndFilePos(); - while( rDffStrm.Tell() < nEndPos ) + bool isBreak(false); + while (!isBreak && rDffStrm.good() && rDffStrm.Tell() < nEndPos) { DffRecordHeader aHeader; ReadDffRecordHeader( rDffStrm, aHeader ); @@ -3724,7 +3726,7 @@ void XclImpDffConverter::ProcessShGrContainer( SvStream& rDffStrm, const DffReco ProcessShContainer( rDffStrm, aHeader ); break; default: - aHeader.SeekToEndOfRecord( rDffStrm ); + isBreak = !aHeader.SeekToEndOfRecord( rDffStrm ); } } // seek to end of shape group container commit ee599ea46365adc37f4d495d9ff9778c25c04c92 Author: Michael Stahl <[email protected]> Date: Tue Sep 19 21:43:23 2017 +0200 xmloff: fix stack-use-after-return in SvXMLExport::exportDoc() PropertySetInfo(PropertyMapEntry const * pMap) stores the pointers, and its lifetime is controlled by refcounting, so the lifetime of aInfoMap can't be automatic. ERROR: AddressSanitizer: stack-use-after-return on address ... ... is located in stack of thread T46 at offset 224 in frame SvXMLExport::exportDoc(xmloff::token::XMLTokenEnum) This frame has 39 object(s): ... [224, 288) 'aInfoMap' <== Memory access at offset 224 is inside this variable Change-Id: I4eaa9d38bab708b222d999b0982100d7ef97e95c diff --git a/xmloff/source/core/xmlexp.cxx b/xmloff/source/core/xmlexp.cxx index 78a798ecd3a7..a805ef7ac5e4 100644 --- a/xmloff/source/core/xmlexp.cxx +++ b/xmloff/source/core/xmlexp.cxx @@ -1285,7 +1285,7 @@ ErrCode SvXMLExport::exportDoc( enum ::xmloff::token::XMLTokenEnum eClass ) { try { - ::comphelper::PropertyMapEntry const aInfoMap[] = + static ::comphelper::PropertyMapEntry const aInfoMap[] = { { OUString("Class"), 0, ::cppu::UnoType<OUString>::get(), _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
