sw/source/filter/ww8/ww8par6.cxx | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
New commits:
commit 21c78b4e94c6cfb9ec38fd4c94091559f8850344
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Oct 7 09:21:28 2021 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Thu Oct 7 14:54:12 2021 +0200
ofz: Timeout, detect infinite loop
Change-Id: I3234443e2dde9d68b7704fdd3ccf6bdeebef5ee0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123205
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/source/filter/ww8/ww8par6.cxx b/sw/source/filter/ww8/ww8par6.cxx
index 1bbeb17334a3..5328487e1313 100644
--- a/sw/source/filter/ww8/ww8par6.cxx
+++ b/sw/source/filter/ww8/ww8par6.cxx
@@ -1789,11 +1789,22 @@ void WW8FlyPara::ReadFull(sal_uInt8 nOrigSp29,
SwWW8ImplReader* pIo)
ww::WordVersion eVer = pIo->GetFib().GetFIBVersion();
WW8FlyPara *pNowStyleApo=nullptr;
sal_uInt16 nColl = pPap->GetIstd();
- ww::sti eSti = eVer < ww::eWW6 ? ww::GetCanonicalStiFromStc(
static_cast< sal_uInt8 >(nColl) ) : static_cast<ww::sti>(nColl);
- while (eSti != ww::stiNil && sal::static_int_cast<size_t>(nColl) <
pIo->m_vColl.size() && nullptr == (pNowStyleApo =
pIo->m_vColl[nColl].m_xWWFly.get()))
+
+ o3tl::sorted_vector<sal_uInt16> aSeenStyles;
+ ww::sti eSti = eVer < ww::eWW6 ? ww::GetCanonicalStiFromStc(nColl)
: static_cast<ww::sti>(nColl);
+ while (eSti != ww::stiNil && static_cast<size_t>(nColl) <
pIo->m_vColl.size() && nullptr == (pNowStyleApo =
pIo->m_vColl[nColl].m_xWWFly.get()))
{
+ aSeenStyles.insert(nColl);
+
nColl = pIo->m_vColl[nColl].m_nBase;
- eSti = eVer < ww::eWW6 ? ww::GetCanonicalStiFromStc(
static_cast< sal_uInt8 >(nColl) ) : static_cast<ww::sti>(nColl);
+
+ if (aSeenStyles.find(nColl) != aSeenStyles.end())
+ {
+ SAL_WARN("sw.ww8", "loop in style chain");
+ break;
+ }
+
+ eSti = eVer < ww::eWW6 ? ww::GetCanonicalStiFromStc(nColl) :
static_cast<ww::sti>(nColl);
}
WW8FlyPara aF(bVer67, pNowStyleApo);
