chart2/source/tools/InternalDataProvider.cxx
| 7
configure.ac
| 2
connectivity/source/commontools/dbconversion.cxx
| 9
connectivity/source/drivers/dbase/DTable.cxx
| 13 -
download.lst
| 30 +--
external/icu/UnpackedTarball_icu.mk
| 2
external/icu/cec7de7a390dd6907b0ea0feb4488ed3934ee71d.patch.2
| 94 ++++++++++
external/icu/e450fa50fc242282551f56b941dc93b9a8a0bcbb.patch.2
| 39 ++++
external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
| 1
external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
| 38 ++++
external/libmwaw/Library_mwaw.mk
| 4
external/libodfgen/0001-tdf-101077-make-double-string-conversion-locale-agno.patch.1
| 58 ------
external/libodfgen/ExternalProject_libodfgen.mk
| 4
external/libodfgen/Library_odfgen.mk
| 3
external/libodfgen/UnpackedTarball_libodfgen.mk
| 8
external/libodfgen/c++11.patch
| 44 ----
external/libodfgen/libodfgen-bundled-soname.patch.0
| 5
external/pdfium/Library_pdfium.mk
| 44 ++--
external/pdfium/README
| 2
external/pdfium/build.patch.1
| 79 +++++++-
external/pdfium/inc/pch/precompiled_pdfium.hxx
| 49 ++---
external/pdfium/ubsan.patch
| 6
external/poppler/StaticLibrary_poppler.mk
| 2
external/poppler/poppler-config.patch.1
| 58 ++++--
include/vcl/BitmapTools.hxx
| 5
lotuswordpro/source/filter/lwpfribptr.cxx
| 35 +--
lotuswordpro/source/filter/lwpfribptr.hxx
| 4
sc/source/core/tool/compiler.cxx
| 9
sc/source/core/tool/interpr1.cxx
| 2
solenv/flatpak-manifest.in
| 19 +-
svtools/source/svhtml/parhtml.cxx
| 6
svx/source/svdraw/svdpdf.cxx
| 12 -
sw/qa/core/data/html/pass/ofz40593-1.html
|binary
sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc
|binary
sw/qa/core/data/ww8/pass/ofz34749-1.doc
|binary
sw/qa/core/data/ww8/pass/ofz38011-1.doc
|binary
sw/source/core/inc/layact.hxx
| 8
sw/source/core/layout/layact.cxx
| 65 ++++++
sw/source/core/layout/objectformattertxtfrm.cxx
| 2
sw/source/core/layout/pagechg.cxx
| 2
sw/source/core/text/itrform2.cxx
| 4
sw/source/core/undo/undobj.cxx
| 11 -
sw/source/filter/html/htmltab.cxx
| 32 +++
sw/source/filter/ww8/ww8par.cxx
| 13 +
sw/source/filter/ww8/ww8par.hxx
| 12 +
sw/source/filter/ww8/ww8par2.cxx
| 9
sw/source/filter/ww8/ww8par6.cxx
| 3
tools/source/generic/poly.cxx
| 2
vcl/qa/cppunit/pdfexport/pdfexport.cxx
| 11 -
vcl/source/gdi/jobset.cxx
| 7
vcl/source/graphic/Manager.cxx
| 7
vcl/unx/generic/printer/cpdmgr.cxx
| 49 ++---
52 files changed, 645 insertions(+), 285 deletions(-)
New commits:
commit b2fec4222f92d4dff676c3bbaf20a1987602b5ab
Author: Michael Stahl <[email protected]>
AuthorDate: Tue Nov 16 14:41:57 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:14 2021 +0100
postgresql: upgrade to release 13.5
Fixes CVE-2021-23222.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <[email protected]>
(cherry picked from commit 71b9369f1cc40143108e3f2189d96e402895e315)
Change-Id: I4e16fcc60c634382a864f66b211d0e0170a06db0
diff --git a/download.lst b/download.lst
index f5c35551682c..2632c4e06f8f 100644
--- a/download.lst
+++ b/download.lst
@@ -210,8 +210,8 @@ export LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201f
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
export POPPLER_SHA256SUM :=
31b76b5cac0a48612fdd154c02d9eca01fd38fb8eaa77c1196840ecdeb53a584
export POPPLER_TARBALL := poppler-21.11.0.tar.xz
-export POSTGRESQL_SHA256SUM :=
12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f
-export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
+export POSTGRESQL_SHA256SUM :=
9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3
+export POSTGRESQL_TARBALL := postgresql-13.5.tar.bz2
export PYTHON_SHA256SUM :=
f8d82e7572c86ec9d55c8627aae5040124fd2203af400c383c821b980306ee6b
export PYTHON_TARBALL := Python-3.7.10.tar.xz
export QRCODEGEN_SHA256SUM :=
fcdf9fd69fde07ae4dca2351d84271a9de8093002f733b77c70f52f1630f6e4a
commit 5ca52d169a3bee2082c3c087b7c3d53eae16d4d9
Author: Michael Stahl <[email protected]>
AuthorDate: Tue Nov 16 14:28:15 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:14 2021 +0100
ofz#40766 svtools, sw: HTMLParser: really stop inserting control chars
35d248cab1f0d4800f72abb5cb6afb56f40d9083 forgot to fix one place where
control characters were in a presumed XML declaration.
Another place looks missing where comments are handled, but it's not
clear if these can be passed on to Writer.
Revert the previous fix from commit
b3325ef8cdfc2c82eec34e747106f75a9fccb7e4.
Change-Id: I11ad13de9122533626e512ce0384051e3e5bd97f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125306
Tested-by: Jenkins
Reviewed-by: Michael Stahl <[email protected]>
(cherry picked from commit a7116b890ccd6dd1721413b4de6591a8057668ef)
diff --git a/svtools/source/svhtml/parhtml.cxx
b/svtools/source/svhtml/parhtml.cxx
index 67f5a87862ad..563ef0f76755 100644
--- a/svtools/source/svhtml/parhtml.cxx
+++ b/svtools/source/svhtml/parhtml.cxx
@@ -1058,6 +1058,7 @@ HtmlTokenId HTMLParser::GetNextToken_()
sTmpBuffer.appendUtf32( nNextCh );
nNextCh = GetNextChar();
} while( '>' != nNextCh && '/' != nNextCh &&
!rtl::isAsciiWhiteSpace( nNextCh ) &&
+ !linguistic::IsControlChar(nNextCh) &&
IsParserWorking() && !rInput.eof() );
if( !sTmpBuffer.isEmpty() )
@@ -1135,8 +1136,11 @@ HtmlTokenId HTMLParser::GetNextToken_()
if( !bDone )
sTmpBuffer.appendUtf32(nNextCh);
}
- else
+ else if (!linguistic::IsControlChar(nNextCh)
+ || nNextCh == '\r' || nNextCh == '\n' ||
nNextCh == '\t')
+ {
sTmpBuffer.appendUtf32(nNextCh);
+ }
if( !bDone )
nNextCh = GetNextChar();
}
commit 0763b640cc6f36946b5046bc1a262c902680dbd2
Author: Caolán McNamara <[email protected]>
AuthorDate: Mon Nov 1 17:34:23 2021 +0000
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:14 2021 +0100
ofz#40593 remove Objects from m_xResizeDrawObjects if deleted during parse
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124563
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 2f01faaf88b6d172d7293f0c9e2a061d99b8ceb5)
fix misplaced line
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124630
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 4ed359093c991291216c39cffe14a60e607ec551)
Change-Id: I11fa665175ef067a36f4822676c02d4df1e1e250
diff --git a/sw/qa/core/data/html/pass/ofz40593-1.html
b/sw/qa/core/data/html/pass/ofz40593-1.html
new file mode 100644
index 000000000000..43510d5d00b2
Binary files /dev/null and b/sw/qa/core/data/html/pass/ofz40593-1.html differ
diff --git a/sw/source/filter/html/htmltab.cxx
b/sw/source/filter/html/htmltab.cxx
index ce689df01b9d..670ed3ae7aeb 100644
--- a/sw/source/filter/html/htmltab.cxx
+++ b/sw/source/filter/html/htmltab.cxx
@@ -34,6 +34,7 @@
#include <svtools/htmlkywd.hxx>
#include <svl/urihelper.hxx>
#include <svl/listener.hxx>
+#include <svx/sdrobjectuser.hxx>
#include <sal/log.hxx>
#include <dcontact.hxx>
@@ -372,7 +373,7 @@ typedef std::vector<HTMLTableColumn> HTMLTableColumns;
typedef std::vector<SdrObject *> SdrObjects;
-class HTMLTable
+class HTMLTable : public sdr::ObjectUser
{
OUString m_aId;
OUString m_aStyle;
@@ -520,6 +521,8 @@ private:
sal_uInt16 GetBorderWidth( const SvxBorderLine& rBLine,
bool bWithDistance=false ) const;
+ virtual void ObjectInDestruction(const SdrObject& rObject) override;
+
public:
bool m_bFirstCell; // is there a cell created already?
@@ -529,7 +532,7 @@ public:
bool bHasToFly,
const HTMLTableOptions& rOptions);
- ~HTMLTable();
+ virtual ~HTMLTable();
// Identifying of a cell
const HTMLTableCell& GetCell(sal_uInt16 nRow, sal_uInt16 nCell) const;
@@ -1065,11 +1068,33 @@ bool SwHTMLParser::IsReqIF() const
return m_bReqIF;
}
+// if any m_pResizeDrawObjects members are deleted during parse, remove them
+// from m_pResizeDrawObjects and m_pDrawObjectPrcWidths
+void HTMLTable::ObjectInDestruction(const SdrObject& rObject)
+{
+ auto it = std::find(m_pResizeDrawObjects->begin(),
m_pResizeDrawObjects->end(), &rObject);
+ assert(it != m_pResizeDrawObjects->end());
+ auto nIndex = std::distance(m_pResizeDrawObjects->begin(), it);
+ m_pResizeDrawObjects->erase(it);
+ auto otherit = m_pDrawObjectPrcWidths->begin() + nIndex * 3;
+ m_pDrawObjectPrcWidths->erase(otherit, otherit + 3);
+}
+
HTMLTable::~HTMLTable()
{
m_pParser->DeregisterHTMLTable(this);
- m_pResizeDrawObjects.reset();
+ if (m_pResizeDrawObjects)
+ {
+ size_t nCount = m_pResizeDrawObjects->size();
+ for (size_t i = 0; i < nCount; ++i)
+ {
+ SdrObject *pObj = (*m_pResizeDrawObjects)[i];
+ pObj->RemoveObjectUser(*this);
+ }
+ m_pResizeDrawObjects.reset();
+ }
+
m_pDrawObjectPrcWidths.reset();
m_pContext.reset();
@@ -2483,6 +2508,7 @@ void HTMLTable::RegisterDrawObject( SdrObject *pObj,
sal_uInt8 nPrcWidth )
if( !m_pResizeDrawObjects )
m_pResizeDrawObjects.reset(new SdrObjects);
m_pResizeDrawObjects->push_back( pObj );
+ pObj->AddObjectUser(*this);
if( !m_pDrawObjectPrcWidths )
m_pDrawObjectPrcWidths.reset(new std::vector<sal_uInt16>);
commit e9fab2e6869f335abedd7a462a4b523cf1d6657f
Author: Caolán McNamara <[email protected]>
AuthorDate: Sun Sep 26 14:05:37 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:14 2021 +0100
ofz#39304 short timestamp record
Change-Id: I8f783473dd5d4679846c7c866cd1853ef7d919fc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122628
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit bfc70a9f314bbb5b03247be25544e9b4cc467f8d)
diff --git a/connectivity/source/drivers/dbase/DTable.cxx
b/connectivity/source/drivers/dbase/DTable.cxx
index ffd4eb2ab30f..6bd9ce2bbaf1 100644
--- a/connectivity/source/drivers/dbase/DTable.cxx
+++ b/connectivity/source/drivers/dbase/DTable.cxx
@@ -773,10 +773,8 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const
OSQLColumns & _rCols, bool
for (std::size_t i = 1; aIter != aEnd && nByteOffset <= m_nBufferSize && i
< nCount;++aIter, i++)
{
// Lengths depending on data type:
- sal_Int32 nLen = 0;
- sal_Int32 nType = 0;
- nLen = m_aPrecisions[i-1];
- nType = m_aTypes[i-1];
+ sal_Int32 nLen = m_aPrecisions[i-1];
+ sal_Int32 nType = m_aTypes[i-1];
switch(nType)
{
@@ -835,8 +833,13 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const
OSQLColumns & _rCols, bool
else if ( DataType::TIMESTAMP == nType )
{
sal_Int32 nDate = 0,nTime = 0;
+ if (nLen < 8)
+ {
+ SAL_WARN("connectivity.drivers", "short TIMESTAMP");
+ return false;
+ }
memcpy(&nDate, pData, 4);
- memcpy(&nTime, pData+ 4, 4);
+ memcpy(&nTime, pData + 4, 4);
if ( !nDate && !nTime )
{
(_rRow->get())[i]->setNull();
commit 3448524c5114d8598e9454e104ad1d436cfe459a
Author: Caolán McNamara <[email protected]>
AuthorDate: Sun Sep 26 14:23:54 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:13 2021 +0100
ofz#39301 month has to be in range [1-12]
Change-Id: I5a4ca534b24098342d8f465a32bc1887f40f5b63
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122629
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 4a93b7a2f8a3fc13fed800d93e2103b785abeb62)
diff --git a/connectivity/source/commontools/dbconversion.cxx
b/connectivity/source/commontools/dbconversion.cxx
index 77e7c871123c..6cd27e46a5ff 100644
--- a/connectivity/source/commontools/dbconversion.cxx
+++ b/connectivity/source/commontools/dbconversion.cxx
@@ -27,6 +27,7 @@
#include <rtl/character.hxx>
#include <rtl/ustrbuf.hxx>
#include <rtl/math.hxx>
+#include <sal/log.hxx>
#include <unotools/datetime.hxx>
#include <sstream>
#include <iomanip>
@@ -167,10 +168,13 @@ namespace dbtools
;
}
-
static sal_Int32 implDaysInMonth(sal_Int32 _nMonth, sal_Int32 _nYear)
{
- OSL_ENSURE(_nMonth > 0 && _nMonth < 13,"Month as invalid value!");
+ SAL_WARN_IF(_nMonth < 1 || _nMonth > 12, "connectivity.commontools",
"Month has invalid value: " << _nMonth);
+ if (_nMonth < 1)
+ _nMonth = 1;
+ else if (_nMonth > 12)
+ _nMonth = 12;
if (_nMonth != 2)
return aDaysInMonth[_nMonth-1];
else
@@ -182,7 +186,6 @@ namespace dbtools
}
}
-
static sal_Int32 implRelativeToAbsoluteNull(const css::util::Date& _rDate)
{
sal_Int32 nDays = 0;
commit acf48574d6a0488b21117a5fb4fa764ce54bcb47
Author: Caolán McNamara <[email protected]>
AuthorDate: Sat Sep 25 19:57:36 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:13 2021 +0100
ofz#39252 use safer SwUnoCursor for the pos to move back to
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122611
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit ca844cbdc3e933e3082e9cde0632445916de819e)
Change-Id: Iba6f200cea92196986bd30564cf56ab5d8b954b1
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 1a99e0805e98..41beb52670ff 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -1992,7 +1992,7 @@ void SwWW8ImplReader::ImportDopTypography(const
WW8DopTypography &rTypo)
* Footnotes and Endnotes
*/
WW8ReaderSave::WW8ReaderSave(SwWW8ImplReader* pRdr ,WW8_CP nStartCp) :
- maTmpPos(*pRdr->m_pPaM->GetPoint()),
+ mxTmpPos(pRdr->m_rDoc.CreateUnoCursor(*pRdr->m_pPaM->GetPoint())),
mxOldStck(std::move(pRdr->m_xCtrlStck)),
mxOldAnchorStck(std::move(pRdr->m_xAnchorStck)),
mxOldRedlines(std::move(pRdr->m_xRedlineStack)),
@@ -2090,7 +2090,7 @@ void WW8ReaderSave::Restore( SwWW8ImplReader* pRdr )
pRdr->DeleteAnchorStack();
pRdr->m_xAnchorStck = std::move(mxOldAnchorStck);
- *pRdr->m_pPaM->GetPoint() = maTmpPos;
+ *pRdr->m_pPaM->GetPoint() = GetStartPos();
if (mxOldPlcxMan != pRdr->m_xPlcxMan)
pRdr->m_xPlcxMan = mxOldPlcxMan;
diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx
index 9f19f48d463b..f98853d82295 100644
--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -589,7 +589,7 @@ class WW8ReaderSave
{
private:
WW8PLCFxSaveAll maPLCFxSave;
- SwPosition const maTmpPos;
+ std::shared_ptr<SwUnoCursor> mxTmpPos;
std::deque<bool> maOldApos;
std::deque<WW8FieldEntry> maOldFieldStack;
std::unique_ptr<SwWW8FltControlStack> mxOldStck;
@@ -617,7 +617,7 @@ private:
public:
WW8ReaderSave(SwWW8ImplReader* pRdr, WW8_CP nStart=-1);
void Restore(SwWW8ImplReader* pRdr);
- const SwPosition &GetStartPos() const { return maTmpPos; }
+ const SwPosition &GetStartPos() const { return *mxTmpPos->GetPoint(); }
};
enum class eF_ResT { OK, TEXT, TAGIGN, READ_FSPA };
commit 0880f73855c8d4100ce8e5780819a0ea0fd73ce9
Author: Caolán McNamara <[email protected]>
AuthorDate: Thu Sep 2 13:35:34 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:13 2021 +0100
ofz#38011 save and restore m_pLastAnchorPos via UnoCursor
when we do some operations that may delete paragraphs
Change-Id: I2165dd287771f06c6d0fd061dd7659b06db4bd72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121511
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit bc7baa18435000f47f90e47d3300710bcb4cf56b)
diff --git a/sw/qa/core/data/ww8/pass/ofz38011-1.doc
b/sw/qa/core/data/ww8/pass/ofz38011-1.doc
new file mode 100644
index 000000000000..8ef58ca5395d
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/ofz38011-1.doc differ
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index 6edc842e48ee..026b0ead213c 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -2749,8 +2749,17 @@ void WW8TabDesc::FinishSwTable()
{
m_pIo->m_xRedlineStack->closeall(*m_pIo->m_pPaM->GetPoint());
m_pIo->m_aFrameRedlines.emplace(std::move(m_pIo->m_xRedlineStack));
+
+ // ofz#38011 drop m_pLastAnchorPos during RedlineStack dtor and restore it
afterwards to the same
+ // place, or somewhere close if that place got destroyed
+ std::shared_ptr<SwUnoCursor> xLastAnchorCursor(m_pIo->m_pLastAnchorPos ?
m_pIo->m_rDoc.CreateUnoCursor(*m_pIo->m_pLastAnchorPos) : nullptr);
+ m_pIo->m_pLastAnchorPos.reset();
+
m_pIo->m_xRedlineStack = std::move(mxOldRedlineStack);
+ if (xLastAnchorCursor)
+ m_pIo->m_pLastAnchorPos.reset(new
SwPosition(*xLastAnchorCursor->GetPoint()));
+
WW8DupProperties aDup(m_pIo->m_rDoc,m_pIo->m_xCtrlStck.get());
m_pIo->m_xCtrlStck->SetAttr( *m_pIo->m_pPaM->GetPoint(), 0, false);
commit 444174ef06a21e9257d65d5adad7d73df1bd5f07
Author: Caolán McNamara <[email protected]>
AuthorDate: Sun Aug 29 16:58:11 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:13 2021 +0100
ofz#37796 limit to numeric_limits<int>::max
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121230
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 72da4c623baf60eb2b7073697cd36ffb3022847d)
Change-Id: I6e09226fad1e566ba2758d0084042b603b84d221
diff --git a/include/vcl/BitmapTools.hxx b/include/vcl/BitmapTools.hxx
index 3652bb849bf4..7c076a451a69 100644
--- a/include/vcl/BitmapTools.hxx
+++ b/include/vcl/BitmapTools.hxx
@@ -20,6 +20,7 @@
#include <basegfx/range/b2drectangle.hxx>
#include <o3tl/safeint.hxx>
#include <array>
+#include <limits>
class SvStream;
namespace basegfx { class B2DHomMatrix; }
@@ -51,6 +52,10 @@ public:
mnBitCount(nBitCount)
{
assert(nBitCount == 24 || nBitCount == 32);
+ if (rSize.getWidth() > std::numeric_limits<sal_Int32>::max() ||
rSize.getWidth() < 0)
+ throw std::bad_alloc();
+ if (rSize.getHeight() > std::numeric_limits<sal_Int32>::max() ||
rSize.getHeight() < 0)
+ throw std::bad_alloc();
sal_Int32 nRowSize, nDataSize;
if (o3tl::checked_multiply<sal_Int32>(rSize.getWidth(), nBitCount/8,
nRowSize) ||
o3tl::checked_multiply<sal_Int32>(nRowSize, rSize.getHeight(),
nDataSize) ||
commit 81ffdb458e7169312c7b46da2d76cf40a6c51032
Author: Caolán McNamara <[email protected]>
AuthorDate: Wed Aug 18 16:57:18 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:13 2021 +0100
ofz#37322 Bad-cast
use a SwUnoCursor for the LastAnchorPos around here, this is similar to
ofz#9858 Bad-cast
Change-Id: I194a39ae13c382740b0ba8145dcc33fb2107105d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120679
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit c1cd505c67a53a0a27589889b34641612d10946d)
diff --git a/sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc
b/sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc
new file mode 100644
index 000000000000..fd64eeed2963
Binary files /dev/null and b/sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc differ
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index f5bdacffe32d..1a99e0805e98 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -2076,8 +2076,17 @@ void WW8ReaderSave::Restore( SwWW8ImplReader* pRdr )
pRdr->m_xRedlineStack->closeall(*pRdr->m_pPaM->GetPoint());
pRdr->m_aFrameRedlines.emplace(std::move(pRdr->m_xRedlineStack));
+
+ // ofz#37322 drop m_pLastAnchorPos during RedlineStack dtor and restore it
afterwards to the same
+ // place, or somewhere close if that place got destroyed
+ std::shared_ptr<SwUnoCursor> xLastAnchorCursor(pRdr->m_pLastAnchorPos ?
pRdr->m_rDoc.CreateUnoCursor(*pRdr->m_pLastAnchorPos) : nullptr);
+ pRdr->m_pLastAnchorPos.reset();
+
pRdr->m_xRedlineStack = std::move(mxOldRedlines);
+ if (xLastAnchorCursor)
+ pRdr->m_pLastAnchorPos.reset(new
SwPosition(*xLastAnchorCursor->GetPoint()));
+
pRdr->DeleteAnchorStack();
pRdr->m_xAnchorStck = std::move(mxOldAnchorStck);
commit a1899dbbc0c248768a5132643b7986debc05159d
Author: Caolán McNamara <[email protected]>
AuthorDate: Fri Jul 16 12:45:21 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:13 2021 +0100
crashtesting: UaF on layout of fdo53985-1.docx
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119060
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit ceb32f59d96a17c3007ed883fb44bc880673c8e0)
Change-Id: Id8ca0d277f485347e21bd8d6d68de2a7de13de48
diff --git a/sw/source/core/inc/layact.hxx b/sw/source/core/inc/layact.hxx
index 3e6ded269bd4..5a00382995f9 100644
--- a/sw/source/core/inc/layact.hxx
+++ b/sw/source/core/inc/layact.hxx
@@ -68,6 +68,9 @@ class SwLayAction
std::unique_ptr<SwWait> m_pWait;
+ std::vector<SwFrame*> m_aFrameStack;
+ std::vector<std::unique_ptr<SwFrameDeleteGuard>> m_aFrameDeleteGuards;
+
// If a paragraph (or anything else) moved more than one page when
// formatting, it adds its new page number here.
// The InternalAction can then take the appropriate steps.
@@ -124,6 +127,9 @@ class SwLayAction
bool RemoveEmptyBrowserPages();
+ void PushFormatLayout(SwFrame* pLow);
+ void PopFormatLayout();
+
public:
SwLayAction(SwRootFrame *pRt, SwViewShellImp *pImp, TaskStopwatch* pWatch
= nullptr);
~SwLayAction();
@@ -148,7 +154,7 @@ public:
void SetReschedule ( bool bNew ) { m_bReschedule = bNew; }
void SetWaitAllowed ( bool bNew ) { m_bWaitAllowed = bNew; }
- void SetAgain(bool bAgain) { m_bAgain = bAgain; }
+ void SetAgain(bool bAgain);
void SetUpdateExpFields() {m_bUpdateExpFields = true; }
inline void SetCheckPageNum( sal_uInt16 nNew );
diff --git a/sw/source/core/layout/layact.cxx b/sw/source/core/layout/layact.cxx
index 09069261cf71..33b1ae277180 100644
--- a/sw/source/core/layout/layact.cxx
+++ b/sw/source/core/layout/layact.cxx
@@ -319,6 +319,53 @@ bool SwLayAction::RemoveEmptyBrowserPages()
return bRet;
}
+void SwLayAction::SetAgain(bool bAgain)
+{
+ if (bAgain == m_bAgain)
+ return;
+
+ m_bAgain = bAgain;
+
+ assert(m_aFrameStack.size() == m_aFrameDeleteGuards.size());
+ size_t nCount = m_aFrameStack.size();
+ if (m_bAgain)
+ {
+ // LayAction::FormatLayout is now flagged to exit early and will avoid
+ // dereferencing any SwFrames in the stack of FormatLayouts so allow
+ // their deletion
+ for (size_t i = 0; i < nCount; ++i)
+ m_aFrameDeleteGuards[i].reset();
+ }
+ else
+ {
+ // LayAction::FormatLayout is now continue normally and will
+ // dereference the top SwFrame in the stack of m_aFrameStack as each
+ // FormatLevel returns so disallow their deletion
+ for (size_t i = 0; i < nCount; ++i)
+ m_aFrameDeleteGuards[i] =
std::make_unique<SwFrameDeleteGuard>(m_aFrameStack[i]);
+ }
+}
+
+void SwLayAction::PushFormatLayout(SwFrame* pLow)
+{
+ /* Workaround crash seen in crashtesting with fdo53985-1.docx
+
+ Lock pLow against getting deleted when it will be dereferenced
+ after FormatLayout
+
+ If SetAgain is called to make SwLayAction exit early to avoid that
+ dereference, then it clears these guards
+ */
+ m_aFrameStack.push_back(pLow);
+ m_aFrameDeleteGuards.push_back(std::make_unique<SwFrameDeleteGuard>(pLow));
+}
+
+void SwLayAction::PopFormatLayout()
+{
+ m_aFrameDeleteGuards.pop_back();
+ m_aFrameStack.pop_back();
+}
+
void SwLayAction::Action(OutputDevice* pRenderContext)
{
m_bActionInProgress = true;
@@ -1374,7 +1421,11 @@ bool SwLayAction::FormatLayout( OutputDevice
*pRenderContext, SwLayoutFrame *pLa
}
// Skip the ones already registered for deletion
else if( !pLow->IsSctFrame() ||
static_cast<SwSectionFrame*>(pLow)->GetSection() )
+ {
+ PushFormatLayout(pLow);
bChanged |= FormatLayout( pRenderContext,
static_cast<SwLayoutFrame*>(pLow), bAddRect );
+ PopFormatLayout();
+ }
}
else if ( m_pImp->GetShell()->IsPaintLocked() )
// Shortcut to minimize the cycles. With Lock, the
commit 0338f540359f3a932b913cecf6c6e6f5fda51e1a
Author: Caolán McNamara <[email protected]>
AuthorDate: Thu Jul 15 14:13:35 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:13 2021 +0100
Only change SwLayAction::m_bAgain via SetAgain
no logic change intended
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118983
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 3a5383892e1f0e22558cd56cb77d56a09c515b7a)
Change-Id: Ib0174f8040faa3efde7b9c5ba9b062bac5a35da3
diff --git a/sw/source/core/inc/layact.hxx b/sw/source/core/inc/layact.hxx
index 990c0e4b88f0..3e6ded269bd4 100644
--- a/sw/source/core/inc/layact.hxx
+++ b/sw/source/core/inc/layact.hxx
@@ -148,7 +148,7 @@ public:
void SetReschedule ( bool bNew ) { m_bReschedule = bNew; }
void SetWaitAllowed ( bool bNew ) { m_bWaitAllowed = bNew; }
- void SetAgain() { m_bAgain = true; }
+ void SetAgain(bool bAgain) { m_bAgain = bAgain; }
void SetUpdateExpFields() {m_bUpdateExpFields = true; }
inline void SetCheckPageNum( sal_uInt16 nNew );
diff --git a/sw/source/core/layout/layact.cxx b/sw/source/core/layout/layact.cxx
index 04201e1c6f5e..09069261cf71 100644
--- a/sw/source/core/layout/layact.cxx
+++ b/sw/source/core/layout/layact.cxx
@@ -282,11 +282,12 @@ bool SwLayAction::IsInterrupt()
void SwLayAction::Reset()
{
+ SetAgain(false);
m_pOptTab = nullptr;
m_nStartTicks = std::clock();
m_nEndPage = m_nPreInvaPage = m_nCheckPageNum = USHRT_MAX;
m_bPaint = m_bComplete = m_bWaitAllowed = m_bCheckPages = true;
- m_bInterrupt = m_bAgain = m_bNextCycle = m_bCalcLayout = m_bReschedule =
+ m_bInterrupt = m_bNextCycle = m_bCalcLayout = m_bReschedule =
m_bUpdateExpFields = m_bBrowseActionStop = false;
m_pCurPage = nullptr;
}
@@ -344,12 +345,15 @@ void SwLayAction::Action(OutputDevice* pRenderContext)
SetCheckPages( false );
InternalAction(pRenderContext);
- m_bAgain |= RemoveEmptyBrowserPages();
+ if (RemoveEmptyBrowserPages())
+ SetAgain(true);
while ( IsAgain() )
{
- m_bAgain = m_bNextCycle = false;
+ SetAgain(false);
+ m_bNextCycle = false;
InternalAction(pRenderContext);
- m_bAgain |= RemoveEmptyBrowserPages();
+ if (RemoveEmptyBrowserPages())
+ SetAgain(true);
}
m_pRoot->DeleteEmptySct();
@@ -637,7 +641,7 @@ void SwLayAction::InternalAction(OutputDevice*
pRenderContext)
{
bool bOld = IsAgain();
m_pRoot->RemoveSuperfluous();
- m_bAgain = bOld;
+ SetAgain(bOld);
}
if ( IsAgain() )
{
diff --git a/sw/source/core/layout/objectformattertxtfrm.cxx
b/sw/source/core/layout/objectformattertxtfrm.cxx
index 1ba020a84901..3e99cfd32bc9 100644
--- a/sw/source/core/layout/objectformattertxtfrm.cxx
+++ b/sw/source/core/layout/objectformattertxtfrm.cxx
@@ -293,7 +293,7 @@ bool SwObjectFormatterTextFrame::DoFormatObjs()
{
// notify layout action, thus is can restart the layout process on
// a previous page.
- GetLayAction()->SetAgain();
+ GetLayAction()->SetAgain(true);
}
else
{
diff --git a/sw/source/core/layout/pagechg.cxx
b/sw/source/core/layout/pagechg.cxx
index a684b1602a1a..a650179660ac 100644
--- a/sw/source/core/layout/pagechg.cxx
+++ b/sw/source/core/layout/pagechg.cxx
@@ -284,7 +284,7 @@ void SwPageFrame::DestroyImpl()
SwViewShellImp *pImp = pSh->Imp();
pImp->SetFirstVisPageInvalid();
if ( pImp->IsAction() )
- pImp->GetLayAction().SetAgain();
+ pImp->GetLayAction().SetAgain(true);
// #i9719# - retouche area of page
// including border and shadow area.
const bool bRightSidebar = (SidebarPosition() ==
sw::sidebarwindows::SidebarPosition::RIGHT);
commit 10159ff9accc8d50423d060dc21c69e56fe49ea8
Author: Caolán McNamara <[email protected]>
AuthorDate: Mon Jul 12 16:21:04 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:13 2021 +0100
crashtesting: UaF on layout of ooo98566-1.odt
in:
sw/source/core/text/itrform2.cxx:2643 SwTextFormatter::NewFlyCntPortion
at: pFly = static_cast<SwTextFlyCnt*>(pHint)->GetFlyFrame(pFrame)
(gdb) print m_pCurr
$2 = (SwLineLayout *) 0x55ea220a0020
after calling GetFlyFrame m_pCurr is unchanged and we will call
m_pCurr->MaxAscentDescent
on it.
But m_pCurr is deleted during GetFlyFrame by...
#18 0x00007f98c5cd337f in SwLineLayout::~SwLineLayout()
(this=this@entry=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/portxt.hxx:26
#19 0x00007f98c5cd347a in SwParaPortion::~SwParaPortion()
(this=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/porlay.cxx:2491
#20 0x00007f98c5cd3485 in SwParaPortion::~SwParaPortion()
(this=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/porlay.cxx:2491
#21 0x00007f98c5d05e70 in
std::default_delete<SwParaPortion>::operator()(SwParaPortion*) const
(__ptr=<optimized out>, this=<optimized out>)
at /usr/include/c++/8/bits/unique_ptr.h:75
#22 0x00007f98c5d05e70 in std::unique_ptr<SwParaPortion,
std::default_delete<SwParaPortion> >::reset(SwParaPortion*)
(__p=<optimized out>, this=<optimized out>) at
/usr/include/c++/8/bits/unique_ptr.h:382
#23 0x00007f98c5d05e70 in SwTextLine::SetPara(SwParaPortion*, bool)
(bDelete=true, pNew=0x0, this=<optimized out>)
at source/libo-core/sw/source/core/text/txtcache.hxx:45
#24 0x00007f98c5d05e70 in SwTextFrame::ClearPara()
(this=this@entry=0x55ea21302b60) at
source/libo-core/sw/source/core/text/txtcache.cxx:113
#25 0x00007f98c5d1be89 in SwTextFrame::Init()
(this=this@entry=0x55ea21302b60) at
source/libo-core/sw/source/core/text/txtfrm.cxx:757
#26 0x00007f98c5d2630c in SwTextFrame::Prepare(PrepareHint, void const*,
bool)
(this=0x55ea21302b60, ePrep=PrepareHint::FlyFrameArrive,
pVoid=<optimized out>, bNotify=<optimized out>)
at source/libo-core/sw/source/core/text/txtfrm.cxx:3086
#27 0x00007f98c5b1edb8 in
SwFlyInContentFrame::NotifyBackground(SwPageFrame*, SwRect const&, PrepareHint)
(this=<optimized out>, rRect=..., eHint=<optimized out>) at
source/libo-core/sw/inc/anchoredobject.hxx:205
#28 0x00007f98c5b261a6 in Notify(SwFlyFrame*, SwPageFrame*, SwRect const&,
SwRect const*)
(pFly=pFly@entry=0x55ea21a18d60, pOld=0x0, rOld=SwRect = {...},
pOldPrt=pOldPrt@entry=0x7ffeb50390f8)
at source/libo-core/sw/source/core/inc/frame.hxx:1177
#29 0x00007f98c5b2ceca in SwFlyNotify::~SwFlyNotify()
(this=0x7ffeb50390d0, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/layout/frmtool.cxx:648
#30 0x00007f98c5b1fa25 in SwFlyInContentFrame::MakeAll(OutputDevice*)
(this=0x55ea21a18d60)
at source/libo-core/sw/source/core/inc/frmtool.hxx:419
#31 0x00007f98c5aec3a9 in SwFrame::PrepareMake(OutputDevice*)
(this=0x55ea21a18d60, pRenderContext=0x55ea212bc4c0)
at source/libo-core/sw/source/core/layout/calcmove.cxx:375
#32 0x00007f98c5b17ad2 in SwFlyFrame::Calc(OutputDevice*) const
(this=<optimized out>, pRenderContext=<optimized out>)
at source/libo-core/sw/source/core/layout/fly.cxx:2890
#33 0x00007f98c5b636c5 in SwObjectFormatter::FormatLayout_(SwLayoutFrame&)
(this=this@entry=0x55ea2244d150, _rLayoutFrame=...)
at source/libo-core/include/rtl/ref.hxx:206
#34 0x00007f98c5b6413e in SwObjectFormatter::FormatObj_(SwAnchoredObject&)
(this=this@entry=0x55ea2244d150, _rAnchoredObj=...)
at source/libo-core/sw/source/core/layout/objectformatter.cxx:296
#35 0x00007f98c5b6705b in
SwObjectFormatterTextFrame::DoFormatObj(SwAnchoredObject&, bool)
(this=0x55ea2244d150, _rAnchoredObj=..., _bCheckForMovedFwd=<optimized
out>)
at source/libo-core/sw/source/core/layout/objectformattertxtfrm.cxx:136
#36 0x00007f98c5b6359f in SwObjectFormatter::FormatObj(SwAnchoredObject&,
SwFrame*, SwPageFrame const*)
(_rAnchoredObj=..., _pAnchorFrame=<optimized out>,
_pPageFrame=<optimized out>)
at source/libo-core/sw/source/core/layout/objectformatter.cxx:190
#37 0x00007f98c5d717aa in SwTextFlyCnt::GetFlyFrame_(SwFrame const*)
(this=this@entry=0x55ea214d8810, pCurrFrame=pCurrFrame@entry=0x55ea21302b60)
at source/libo-core/sw/source/core/inc/frame.hxx:1177
#38 0x00007f98c5cb511b in SwTextFlyCnt::GetFlyFrame(SwFrame const*)
(pCurrFrame=0x55ea21302b60, this=0x55ea214d8810)
at source/libo-core/sw/inc/txtflcnt.hxx:48
#39 0x00007f98c5cb511b in
SwTextFormatter::NewFlyCntPortion(SwTextFormatInfo&, SwTextAttr*) const
(this=this@entry=0x7ffeb503a6b0, rInf=..., pHint=0x55ea214d8810) at
source/libo-core/sw/source/core/text/itrform2.cxx:2643
(gdb) print this
(SwLinePortion * const) 0x55ea220a0020
The SwTextFrame of SwTextFrame::ClearPara is the same pFrame/m_pFrame at
SwTextFormatter::NewFlyCntPortion
ClearPara is not called if the SwTextFrame is "Locked", so try using that
to protect GetFlyFrame
Change-Id: Ia9dcb1f345f6953d995f2acf1ec23492d1680364
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118784
Tested-by: Jenkins
Tested-by: Caolán McNamara <[email protected]>
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 7e016df70d4ceb6c90ec5f1b129b50a65ff07505)
diff --git a/sw/source/core/text/itrform2.cxx b/sw/source/core/text/itrform2.cxx
index 34ebd28f6421..12817c2ea80f 100644
--- a/sw/source/core/text/itrform2.cxx
+++ b/sw/source/core/text/itrform2.cxx
@@ -2546,7 +2546,11 @@ SwFlyCntPortion *SwTextFormatter::NewFlyCntPortion(
SwTextFormatInfo &rInf,
SwFlyInContentFrame *pFly;
SwFrameFormat* pFrameFormat =
static_cast<SwTextFlyCnt*>(pHint)->GetFlyCnt().GetFrameFormat();
if( RES_FLYFRMFMT == pFrameFormat->Which() )
+ {
+ // set Lock pFrame to avoid m_pCurr getting deleted
+ TextFrameLockGuard aGuard(m_pFrame);
pFly = static_cast<SwTextFlyCnt*>(pHint)->GetFlyFrame(pFrame);
+ }
else
pFly = nullptr;
// aBase is the document-global position, from which the new extra portion
is placed
commit 7fb248648bef17d402fe7c6e6b51edb91fa93938
Author: Caolán McNamara <[email protected]>
AuthorDate: Thu Jul 1 14:56:45 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:12 2021 +0100
ofz#34749 don't remove trailing paragraph if something got anchored to it
Change-Id: Ic6eec2f9829c415abd4f2628bc51efbf98f918fb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118228
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit e803875fbb86b24b39fcd9adcf7df40ed255ea8f)
diff --git a/sw/qa/core/data/ww8/pass/ofz34749-1.doc
b/sw/qa/core/data/ww8/pass/ofz34749-1.doc
new file mode 100644
index 000000000000..d657a71b5245
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/ofz34749-1.doc differ
diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx
index 74953aa2016c..9f19f48d463b 100644
--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -922,6 +922,14 @@ public:
explicit wwExtraneousParas(SwDoc &rDoc) : m_rDoc(rDoc) {}
~wwExtraneousParas() { delete_all_from_doc(); }
void insert(SwTextNode *pTextNode) { m_aTextNodes.insert(pTextNode); }
+ void check_anchor_destination(SwTextNode *pTextNode)
+ {
+ auto it = m_aTextNodes.find(pTextNode);
+ if (it == m_aTextNodes.end())
+ return;
+ SAL_WARN("sw.ww8", "It is unexpected to anchor something in a para
scheduled for removal");
+ m_aTextNodes.erase(it);
+ }
void delete_all_from_doc();
};
diff --git a/sw/source/filter/ww8/ww8par6.cxx b/sw/source/filter/ww8/ww8par6.cxx
index 1e68d7a592b4..ca2ddc28fd1f 100644
--- a/sw/source/filter/ww8/ww8par6.cxx
+++ b/sw/source/filter/ww8/ww8par6.cxx
@@ -2451,6 +2451,9 @@ bool SwWW8ImplReader::StartApo(const ApoTestResults
&rApo, const WW8_TablePos *p
}
else
{
+ // ofz#34749 we shouldn't anchor anything into an 'extra'
paragraph scheduled for
+ // removal at end of import, but check if that scenario is
happening
+
m_aExtraneousParas.check_anchor_destination(m_pPaM->GetNode().GetTextNode());
m_xSFlyPara->pFlyFormat =
m_rDoc.MakeFlySection(WW8SwFlyPara::eAnchor,
m_pPaM->GetPoint(), &aFlySet);
OSL_ENSURE(m_xSFlyPara->pFlyFormat->GetAnchor().GetAnchorId() ==
commit 2619a325f2be29e3d07f9ebf45f0657b7e010571
Author: Caolán McNamara <[email protected]>
AuthorDate: Sun Jun 27 19:08:36 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:12 2021 +0100
ofz#35504 Integer-overflow
Change-Id: I7a462b821f286411d759b5259461fcdbf1741859
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117955
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 228cb26a6a1afe668dd17471bedf0ab52f133d5a)
diff --git a/tools/source/generic/poly.cxx b/tools/source/generic/poly.cxx
index 0a597fdff1fc..b549f1cd65c1 100644
--- a/tools/source/generic/poly.cxx
+++ b/tools/source/generic/poly.cxx
@@ -251,7 +251,7 @@ ImplPolygon::ImplPolygon( const tools::Rectangle& rBound,
const Point& rStart, c
}
- if( ( nRadX > 32 ) && ( nRadY > 32 ) && ( nRadX + nRadY ) < 8192 )
+ if (nRadX > 32 && nRadY > 32 && o3tl::saturating_add(nRadX, nRadY) <
8192)
nPoints >>= 1;
// compute threshold
commit 202d472a054111683260fc9cd1f0382c53a5e11f
Author: Caolán McNamara <[email protected]>
AuthorDate: Fri Apr 2 14:28:37 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:12 2021 +0100
ofz: Segv on unknown address
Change-Id: I6c69375a89781fc0b87230203335c861efb562f9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113518
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 8de38977838d5a044271cb170730e3d557659f17)
diff --git a/sc/source/core/tool/compiler.cxx b/sc/source/core/tool/compiler.cxx
index e26dd00177f9..84a0d64e155b 100644
--- a/sc/source/core/tool/compiler.cxx
+++ b/sc/source/core/tool/compiler.cxx
@@ -2588,7 +2588,14 @@ Label_MaskStateMachine:
if (eState != ssSkipReference)
{
*pSym++ = c;
- *pSym++ = *pSrc++;
+
+ if( pSym == &cSymbol[ MAXSTRLEN ] )
+ {
+ SetError(
FormulaError::StringOverflow);
+ eState = ssStop;
+ }
+ else
+ *pSym++ = *pSrc++;
}
bAddToSymbol = false;
}
commit ed4900ad9b501a0d5f61f1623721d05a09270551
Author: Caolán McNamara <[email protected]>
AuthorDate: Fri Apr 3 16:35:36 2020 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:12 2021 +0100
crashtesting: crash on reexport of tdf118346-1.odg to odg
make a copy of m_pImpGraphicList because if we swap out a svg, the svg
filter
may create more temp Graphics which are auto-added to m_pImpGraphicList
invalidating a loop over m_pImpGraphicList
#0 0x00007ffff0d25ae5 in vcl::graphic::Manager::reduceGraphicMemory()
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:88
#1 0x00007ffff0d25ee9 in
vcl::graphic::Manager::registerGraphic(std::shared_ptr<ImpGraphic> const&,
rtl::OUString const&)
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>,
pImpGraphic=std::shared_ptr<ImpGraphic> (use count 1, weak count 0) = {...})
at vcl/source/graphic/Manager.cxx:139
#2 0x00007ffff0d26406 in vcl::graphic::Manager::newInstance()
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:184
#3 0x00007ffff0b6735c in Graphic::Graphic() (this=0x7fffffff84f0) at
vcl/source/gdi/graph.cxx:182
#4 0x00007fffdc526600 in
svgio::svgreader::SvgImageNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x555556817940, rTarget=...) at
svgio/source/svgreader/svgimagenode.cxx:219
#5 0x00007fffdc52e75d in
svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a6a93d0, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svgnode.cxx:529
#6 0x00007fffdc522339 in
svgio::svgreader::SvgGNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a6a93d0, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svggnode.cxx:106
#7 0x00007fffdc52e75d in
svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a6a9070, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svgnode.cxx:529
#8 0x00007fffdc522339 in
svgio::svgreader::SvgGNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a6a9070, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svggnode.cxx:106
#9 0x00007fffdc52e75d in
svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a5f9150, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svgnode.cxx:529
#10 0x00007fffdc54d19f in
svgio::svgreader::SvgSvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a5f9150, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svgsvgnode.cxx:304
#11 0x00007fffdc571373 in svgio::svgreader::(anonymous
namespace)::XSvgParser::getDecomposition(com::sun::star::uno::Reference<com::sun::star::io::XInputStream>
const&, rtl::OUString const&) (this=0x55555a69c6d0, xSVGStream=uno::Reference
to (comphelper::SequenceInputStream *) 0x555557480668, aAbsolutePath="")
at svgio/source/svguno/xsvgparser.cxx:160
#12 0x00007ffff0cf849b in VectorGraphicData::ensureSequenceAndRange()
(this=0x555556ea7540)
at vcl/source/gdi/vectorgraphicdata.cxx:196
#13 0x00007ffff0cf9124 in VectorGraphicData::getRange() const
(this=0x555556ea7540)
at vcl/source/gdi/vectorgraphicdata.cxx:323
#14 0x00007ffff0b74da7 in ImpGraphic::ImplGetPrefSize() const
(this=0x5555588b00f0) at vcl/source/gdi/impgraph.cxx:778
#15 0x00007ffff0b76623 in ImpGraphic::ImplWriteEmbedded(SvStream&)
(this=0x5555588b00f0, rOStm=...)
at vcl/source/gdi/impgraph.cxx:1235
#16 0x00007ffff0b770a1 in ImpGraphic::ImplSwapOut(SvStream*)
(this=0x5555588b00f0, xOStm=0x55555826b7d0)
at vcl/source/gdi/impgraph.cxx:1377
#17 0x00007ffff0b76bdb in ImpGraphic::ImplSwapOut() (this=0x5555588b00f0)
at vcl/source/gdi/impgraph.cxx:1328
#18 0x00007ffff0d25c88 in vcl::graphic::Manager::reduceGraphicMemory()
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:107
#19 0x00007ffff0d25ee9 in
vcl::graphic::Manager::registerGraphic(std::shared_ptr<ImpGraphic> const&,
rtl::OUString const&)
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>,
pImpGraphic=std::shared_ptr<ImpGraphic> (use count 1, weak count 0) = {...})
at vcl/source/graphic/Manager.cxx:139
#20 0x00007ffff0d26406 in vcl::graphic::Manager::newInstance()
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:184
#21 0x00007ffff0b6735c in Graphic::Graphic() (this=0x555556d5ea68) at
vcl/source/gdi/graph.cxx:182
Change-Id: I4e1ffcb12ead0d53b7ca2f369154e9c753af77d8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91650
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 6fa2891da4852716fe62d925ffdbeeb380a2ed66)
diff --git a/vcl/source/graphic/Manager.cxx b/vcl/source/graphic/Manager.cxx
index 5942b5cb8784..865beabf37a9 100644
--- a/vcl/source/graphic/Manager.cxx
+++ b/vcl/source/graphic/Manager.cxx
@@ -84,7 +84,12 @@ void Manager::reduceGraphicMemory()
std::scoped_lock<std::recursive_mutex> aGuard(maMutex);
- for (ImpGraphic* pEachImpGraphic : m_pImpGraphicList)
+ // make a copy of m_pImpGraphicList because if we swap out a svg, the svg
+ // filter may create more temp Graphics which are auto-added to
+ // m_pImpGraphicList invalidating a loop over m_pImpGraphicList, e.g.
+ // reexport of tdf118346-1.odg
+ auto const aImpGraphicList = m_pImpGraphicList;
+ for (ImpGraphic* pEachImpGraphic : aImpGraphicList)
{
if (mnUsedSize < mnMemoryLimit * 0.7)
return;
commit be1bd03dee1b7c36e0435dd6e3bf023532b8420e
Author: Caolán McNamara <[email protected]>
AuthorDate: Fri Mar 19 14:11:45 2021 +0000
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:12 2021 +0100
cid#1473818 Use after free
Change-Id: Idd74e0debd12e42ff97d79b56e76cde6fd98aa2c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112745
Tested-by: Caolán McNamara <[email protected]>
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 236f3a8e60e05147a37f294774b0c07d40aff36f)
diff --git a/vcl/unx/generic/printer/cpdmgr.cxx
b/vcl/unx/generic/printer/cpdmgr.cxx
index cae2a4e1ab03..d114dd71accd 100644
--- a/vcl/unx/generic/printer/cpdmgr.cxx
+++ b/vcl/unx/generic/printer/cpdmgr.cxx
@@ -40,11 +40,11 @@ void CPDManager::onNameAcquired (GDBusConnection
*connection,
gpointer user_data)
{
gchar* contents;
- GDBusNodeInfo *introspection_data;
-
// Get Interface for introspection
- g_file_get_contents (FRONTEND_INTERFACE, &contents, nullptr, nullptr);
- introspection_data = g_dbus_node_info_new_for_xml (contents, nullptr);
+ if (!g_file_get_contents (FRONTEND_INTERFACE, &contents, nullptr, nullptr))
+ return;
+
+ GDBusNodeInfo *introspection_data = g_dbus_node_info_new_for_xml
(contents, nullptr);
g_dbus_connection_register_object (connection,
"/org/libreoffice/PrintDialog",
@@ -60,28 +60,29 @@ void CPDManager::onNameAcquired (GDBusConnection
*connection,
std::vector<std::pair<std::string, gchar*>> backends =
current->getTempBackends();
for (auto const& backend : backends)
{
- GDBusProxy *proxy;
// Get Interface for introspection
- g_file_get_contents (BACKEND_INTERFACE, &contents, nullptr, nullptr);
- introspection_data = g_dbus_node_info_new_for_xml (contents, nullptr);
- proxy = g_dbus_proxy_new_sync (connection,
- G_DBUS_PROXY_FLAGS_NONE,
- introspection_data->interfaces[0],
- backend.first.c_str(),
- backend.second,
- "org.openprinting.PrintBackend",
- nullptr,
- nullptr);
+ if (g_file_get_contents(BACKEND_INTERFACE, &contents, nullptr,
nullptr))
+ {
+ introspection_data = g_dbus_node_info_new_for_xml (contents,
nullptr);
+ GDBusProxy *proxy = g_dbus_proxy_new_sync (connection,
+ G_DBUS_PROXY_FLAGS_NONE,
+ introspection_data->interfaces[0],
+ backend.first.c_str(),
+ backend.second,
+ "org.openprinting.PrintBackend",
+ nullptr,
+ nullptr);
+ g_assert (proxy != nullptr);
+ g_dbus_proxy_call(proxy, "ActivateBackend",
+ nullptr,
+ G_DBUS_CALL_FLAGS_NONE,
+ -1, nullptr, nullptr, nullptr);
+
+ g_free(contents);
+ g_object_unref(proxy);
+ g_dbus_node_info_unref(introspection_data);
+ }
g_free(backend.second);
- g_assert (proxy != nullptr);
- g_dbus_proxy_call(proxy, "ActivateBackend",
- nullptr,
- G_DBUS_CALL_FLAGS_NONE,
- -1, nullptr, nullptr, nullptr);
-
- g_free(contents);
- g_object_unref(proxy);
- g_dbus_node_info_unref(introspection_data);
}
}
commit 28d7cb8c6087125ad5a56eb4d0c8aad82725f1ce
Author: Stephan Bergmann <[email protected]>
AuthorDate: Tue Mar 9 15:52:21 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:12 2021 +0100
Avoid signed-integer-overflow parsing table:cell-range-address="PivotChart"
...as happens during UITest_chart
UITEST_TEST_NAME=tdf107097.tdf107097.test_tdf107097 ever since
86b192965ee8d625092b723337f6a65bdf34dcb7 "tdf#107097: sc: Add UItest" added
that
test (see <https://ci.libreoffice.org/job/lo_ubsan/1919/>),
> /chart2/source/tools/XMLRangeHelper.cxx:136:52: runtime error: signed
integer overflow: 15 * 308915776 cannot be represented in type 'int'
> #0 0x2ad74a554918 in (anonymous
namespace)::lcl_getSingleCellAddressFromXMLString(rtl::OUString const&, int,
int, chart::XMLRangeHelper::Cell&)
/chart2/source/tools/XMLRangeHelper.cxx:136:52
> #1 0x2ad74a553482 in (anonymous
namespace)::lcl_getCellAddressFromXMLString(rtl::OUString const&, int, int,
chart::XMLRangeHelper::Cell&, rtl::OUString&)
/chart2/source/tools/XMLRangeHelper.cxx:217:13
> #2 0x2ad74a5505da in (anonymous
namespace)::lcl_getCellRangeAddressFromXMLString(rtl::OUString const&, int,
int, chart::XMLRangeHelper::CellRange&)
/chart2/source/tools/XMLRangeHelper.cxx:253:19
> #3 0x2ad74a54fde1 in
chart::XMLRangeHelper::getCellRangeFromXMLString(rtl::OUString const&)
/chart2/source/tools/XMLRangeHelper.cxx:328:15
> #4 0x2ad74a2aed4d in
chart::InternalDataProvider::convertRangeFromXML(rtl::OUString const&)
/chart2/source/tools/InternalDataProvider.cxx:1227:39
> #5 0x2ad74a2b0164 in non-virtual thunk to
chart::InternalDataProvider::convertRangeFromXML(rtl::OUString const&)
/chart2/source/tools/InternalDataProvider.cxx
> #6 0x2ad6c4784257 in (anonymous
namespace)::lcl_ConvertRange(rtl::OUString const&,
com::sun::star::uno::Reference<com::sun::star::chart2::XChartDocument> const&)
/xmloff/source/chart/SchXMLPlotAreaContext.cxx:76:32
> #7 0x2ad6c4779a67 in SchXMLPlotAreaContext::startFastElement(int,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList>
const&) /xmloff/source/chart/SchXMLPlotAreaContext.cxx:233:34
> #8 0x2ad6c4c6328a in SvXMLImport::startFastElement(int,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList>
const&) /xmloff/source/core/xmlimp.cxx:797:15
> #9 0x2ad704988b78 in (anonymous
namespace)::Entity::startElement((anonymous namespace)::Event const*)
/sax/source/fastparser/fastparser.cxx:468:27
> #10 0x2ad70496f681 in
sax_fastparser::FastSaxParserImpl::consume((anonymous namespace)::EventList&)
/sax/source/fastparser/fastparser.cxx:1026:25
> #11 0x2ad70496c65f in
sax_fastparser::FastSaxParserImpl::parseStream(com::sun::star::xml::sax::InputSource
const&) /sax/source/fastparser/fastparser.cxx:870:22
> #12 0x2ad7049905d1 in
sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource
const&) /sax/source/fastparser/fastparser.cxx:1482:13
> #13 0x2ad6c4c52b80 in
SvXMLImport::parseStream(com::sun::star::xml::sax::InputSource const&)
/xmloff/source/core/xmlimp.cxx:504:15
> #14 0x2ad749aafe1e in
chart::XMLFilter::impl_ImportStream(rtl::OUString const&, rtl::OUString const&,
com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&,
com::sun::star::uno::Reference<com::sun::star::lang::XMultiComponentFactory>
const&,
com::sun::star::uno::Reference<com::sun::star::document::XGraphicStorageHandler>
const&, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>
const&) /chart2/source/model/filter/XMLFilter.cxx:473:34
> #15 0x2ad749aa9f01 in
chart::XMLFilter::impl_Import(com::sun::star::uno::Reference<com::sun::star::lang::XComponent>
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) /chart2/source/model/filter/XMLFilter.cxx:375:35
> #16 0x2ad749aa0988 in
chart::XMLFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) /chart2/source/model/filter/XMLFilter.cxx:221:13
> #17 0x2ad749c2c76e in
chart::ChartModel::impl_load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage>
const&) /chart2/source/model/main/ChartModel_Persistence.cxx:567:18
> #18 0x2ad749c30eea in
chart::ChartModel::loadFromStorage(com::sun::star::uno::Reference<com::sun::star::embed::XStorage>
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) /chart2/source/model/main/ChartModel_Persistence.cxx:759:5
> #19 0x2ad74244b977 in
OCommonEmbeddedObject::LoadDocumentFromStorage_Impl()
/embeddedobj/source/commonembedding/persistence.cxx:535:19
> #20 0x2ad7423d7bde in OCommonEmbeddedObject::SwitchStateTo_Impl(int)
/embeddedobj/source/commonembedding/embedobj.cxx:185:49
> #21 0x2ad7423e32ff in OCommonEmbeddedObject::changeState(int)
/embeddedobj/source/commonembedding/embedobj.cxx:453:13
> #22 0x2ad7424b7057 in
OCommonEmbeddedObject::getPreferredVisualRepresentation(long)
/embeddedobj/source/commonembedding/visobj.cxx:168:9
> #23 0x2ad67e08fdb6 in
comphelper::EmbeddedObjectContainer::GetGraphicReplacementStream(long,
com::sun::star::uno::Reference<com::sun::star::embed::XEmbeddedObject> const&,
rtl::OUString*) /comphelper/source/container/embeddedobjectcontainer.cxx:1425:54
> #24 0x2ad6a447182c in
svt::EmbeddedObjectRef::GetGraphicReplacementStream(long,
com::sun::star::uno::Reference<com::sun::star::embed::XEmbeddedObject> const&,
rtl::OUString*) /svtools/source/misc/embedhlp.cxx:809:12
> #25 0x2ad6a446c7d4 in svt::EmbeddedObjectRef::GetGraphicStream(bool)
const /svtools/source/misc/embedhlp.cxx:616:23
> #26 0x2ad6a4469e58 in svt::EmbeddedObjectRef::GetReplacement(bool)
/svtools/source/misc/embedhlp.cxx:424:46
> #27 0x2ad6a446d4ea in svt::EmbeddedObjectRef::GetGraphic() const
/svtools/source/misc/embedhlp.cxx:453:54
> #28 0x2ad69d4a9470 in SdrOle2Obj::GetGraphic() const
/svx/source/svdraw/svdoole2.cxx:1635:33
> #29 0x2ad71b222d01 in
ScDrawTransferObj::ScDrawTransferObj(std::unique_ptr<SdrModel,
std::default_delete<SdrModel> >, ScDocShell*, TransferableObjectDescriptor
const&) /sc/source/ui/app/drwtrans.cxx:191:107
> #30 0x2ad71d7da932 in ScDrawView::DoCopy()
/sc/source/ui/view/drawvie4.cxx:364:56
> #31 0x2ad71c1fb75a in ScDrawShell::ExecDrawFunc(SfxRequest&)
/sc/source/ui/drawfunc/drawsh5.cxx:328:20
> #32 0x2ad71c1b181f in SfxStubScDrawShellExecDrawFunc(SfxShell*,
SfxRequest&) /workdir/SdiTarget/sc/sdi/scslots.hxx:2823:1
> #33 0x2ad68de39d05 in SfxShell::CallExec(void (*)(SfxShell*,
SfxRequest&), SfxRequest&) /include/sfx2/shell.hxx:197:35
> #34 0x2ad68ddd1214 in SfxDispatcher::Call_Impl(SfxShell&, SfxSlot
const&, SfxRequest&, bool) /sfx2/source/control/dispatch.cxx:253:16
> #35 0x2ad68dde721f in SfxDispatcher::Execute_(SfxShell&, SfxSlot
const&, SfxRequest&, SfxCallMode) /sfx2/source/control/dispatch.cxx:753:9
> #36 0x2ad68dd5edff in SfxBindings::Execute_Impl(SfxRequest&, SfxSlot
const*, SfxShell*) /sfx2/source/control/bindings.cxx:1060:22
> #37 0x2ad68e24a322 in
SfxDispatchController_Impl::dispatch(com::sun::star::util::URL const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&,
com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
const&) /sfx2/source/control/unoctitm.cxx:758:53
> #38 0x2ad68e245261 in
SfxOfficeDispatch::dispatch(com::sun::star::util::URL const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
/sfx2/source/control/unoctitm.cxx:229:16
> #39 0x2ad67e465052 in comphelper::dispatchCommand(rtl::OUString
const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&,
com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
const&) /comphelper/source/misc/dispatchcommand.cxx:61:12
> #40 0x2ad67e4657c5 in comphelper::dispatchCommand(rtl::OUString
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&,
com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
const&) /comphelper/source/misc/dispatchcommand.cxx:76:12
> #41 0x2ad6b39a49a6 in UITest::executeCommand(rtl::OUString const&)
/vcl/source/uitest/uitest.cxx:24:12
> #42 0x2ad6b39b7240 in (anonymous
namespace)::UITestUnoObj::executeCommand(rtl::OUString const&)
/vcl/source/uitest/uno/uitest_uno.cxx:69:12
> #43 0x2ad6ee6508db in gcc3::callVirtualMethod(void*, unsigned int,
void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int,
unsigned long*, double*)
/bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx:77:5
> #44 0x2ad6ee64abf2 in
cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*,
bridges::cpp_uno::shared::VtableSlot, _typelib_TypeDescriptionReference*, int,
_typelib_MethodParameter*, void*, void**, _uno_Any**)
/bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:233:13
> #45 0x2ad6ee64773d in unoInterfaceProxyDispatch
/bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:413:13
> #46 0x2ad6f3a7d2ca in
binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny*,
std::__debug::vector<binaryurp::BinaryAny, std::allocator<binaryurp::BinaryAny>
>*) const /binaryurp/source/incomingrequest.cxx:235:13
Creating a pivot chart apparently generates XML output containing
<chart:plot-area table:cell-range-address="PivotChart" ...>
which does not conform to ODF, see the mail thread starting at
<https://lists.freedesktop.org/archives/libreoffice/2021-February/086884.html>
"Integer overflow in Calc lcl_getSingleCellAddressFromXMLString nColumn
computation" for details.
And, ignoring the signed-integer-overflow UB for now,
InternalDataProvider::convertRangeFromXML would always have returned an
empty
OUString for an input of aXMLRange="PivotChart":
chart::XMLRangeHelper::getCellRangeFromXMLString with
rXMLString="PivotChart"
calls lcl_getCellAddressFromXMLString with rXMLString="PivotChart",
nStartPos=0,
nEndPos=9, its leading while-loop mis-computes nDelimiterPos=nEndPos, so
calls
lcl_getCellAddressFromXMLString with rXMLString="PivotChart", nStartPos=0,
nEndPos=9, its leading while-loop mis-computes nDelimiterPos=nEndPos, so it
doesn't set rOutTableName, so lcl_getCellAddressFromXMLString returns
bResult=false, so chart::XMLRangeHelper::getCellRangeFromXMLString returns
an
empty CellRange().
So, similar to 9e5314f19c9dcff35b5cee5c5a1b7f744e495b2e "tdf#107097 invoke
internal DP and correctly handle 'range' names" added special handling of
aXMLRange values starting with "PT@" to
InternalDataProvider::convertRangeFromXML, also add explicit special
handling
for "PivotChart" (instead of relying on the later code returning an empty
string, but after invoking UB).
Change-Id: I1671f0ab3b3ab00dce8e348aa3b7141ebebaaad5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112207
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <[email protected]>
(cherry picked from commit 6d43ba110084605462901bcee786c7ae4c1f3bdf)
diff --git a/chart2/source/tools/InternalDataProvider.cxx
b/chart2/source/tools/InternalDataProvider.cxx
index eec8280425b4..24d0c85b809b 100644
--- a/chart2/source/tools/InternalDataProvider.cxx
+++ b/chart2/source/tools/InternalDataProvider.cxx
@@ -1222,6 +1222,13 @@ OUString SAL_CALL
InternalDataProvider::convertRangeToXML( const OUString& aRang
OUString SAL_CALL InternalDataProvider::convertRangeFromXML( const OUString&
aXMLRange )
{
+ // Handle non-standards-conforming table:cell-range-address="PivotChart",
see
+ // <https://bugs.documentfoundation.org/show_bug.cgi?id=112783> "PIVOT
CHARTS: Save produces
+ // invalid file because of invalid cell address":
+ if (aXMLRange == "PivotChart") {
+ return "";
+ }
+
const OUString aPivotTableID("PT@");
if (aXMLRange.startsWith(aPivotTableID))
return aXMLRange.copy(aPivotTableID.getLength());
commit 06f5b2cfcd3feccc31526f16b3988650e2d07990
Author: Caolán McNamara <[email protected]>
AuthorDate: Sun Feb 28 18:53:55 2021 +0000
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:12 2021 +0100
ofz#31538 null-deref
Change-Id: I3264c0fd509e16cf4727847199f0be316d03d0e8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/111713
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 58f5c3b07701a14a61dc6b11f959faaf8aa98b9b)
diff --git a/sw/source/core/undo/undobj.cxx b/sw/source/core/undo/undobj.cxx
index fa86072a3008..3b1860ecc7c1 100644
--- a/sw/source/core/undo/undobj.cxx
+++ b/sw/source/core/undo/undobj.cxx
@@ -1558,9 +1558,14 @@ static bool IsNotBackspaceHeuristic(
SwPosition const& rStart, SwPosition const& rEnd)
{
// check if the selection is backspace/delete created by DelLeft/DelRight
- return rStart.nNode.GetIndex() + 1 != rEnd.nNode.GetIndex()
- || rEnd.nContent != 0
- || rStart.nContent != rStart.nNode.GetNode().GetTextNode()->Len();
+ if (rStart.nNode.GetIndex() + 1 != rEnd.nNode.GetIndex())
+ return true;
+ if (rEnd.nContent != 0)
+ return true;
+ const SwTextNode* pTextNode = rStart.nNode.GetNode().GetTextNode();
+ if (!pTextNode || rStart.nContent != pTextNode->Len())
+ return true;
+ return false;
}
bool IsDestroyFrameAnchoredAtChar(SwPosition const & rAnchorPos,
commit 6e3f9dd5b31e171247f1701fe86e469ffa74e431
Author: Caolán McNamara <[email protected]>
AuthorDate: Thu Jan 28 14:54:13 2021 +0000
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:12 2021 +0100
ofz#30005 crash in LwpFribPtr::XFConvert
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110086
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 4e84a42add9c8ac27feb5e49a96e00ffcc8f0bc8)
Change-Id: I4f03c1cd8bc12f3fa09c815837b289ff088c91d3
diff --git a/lotuswordpro/source/filter/lwpfribptr.cxx
b/lotuswordpro/source/filter/lwpfribptr.cxx
index f1d9917de8bf..8eabe7099883 100644
--- a/lotuswordpro/source/filter/lwpfribptr.cxx
+++ b/lotuswordpro/source/filter/lwpfribptr.cxx
@@ -85,7 +85,8 @@
#include <lwpdropcapmgr.hxx>
LwpFribPtr::LwpFribPtr()
- : m_pFribs(nullptr),m_pXFPara(nullptr),m_pPara(nullptr)
+ : m_pFribs(nullptr)
+ , m_pPara(nullptr)
{
}
@@ -174,7 +175,7 @@ void LwpFribPtr::XFConvert()
case FRIB_TAG_TEXT:
{
LwpFribText* textFrib= static_cast<LwpFribText*>(pFrib);
- textFrib->XFConvert(m_pXFPara,m_pPara->GetStory());
+ textFrib->XFConvert(m_pXFPara.get(),m_pPara->GetStory());
}
break;
case FRIB_TAG_TAB:
@@ -246,7 +247,7 @@ void LwpFribPtr::XFConvert()
case FRIB_TAG_UNICODE3: //fall through
{
LwpFribUnicode* unicodeFrib= static_cast<LwpFribUnicode*>(pFrib);
- unicodeFrib->XFConvert(m_pXFPara,m_pPara->GetStory());
+ unicodeFrib->XFConvert(m_pXFPara.get(), m_pPara->GetStory());
}
break;
case FRIB_TAG_HARDSPACE:
@@ -255,15 +256,15 @@ void LwpFribPtr::XFConvert()
LwpStory *pStory = m_pPara->GetStory();
LwpHyperlinkMgr* pHyperlink = pStory ? pStory->GetHyperlinkMgr() :
nullptr;
if (pHyperlink && pHyperlink->GetHyperlinkFlag())
- pFrib->ConvertHyperLink(m_pXFPara,pHyperlink,sHardSpace);
+ pFrib->ConvertHyperLink(m_pXFPara.get(),
pHyperlink,sHardSpace);
else
- pFrib->ConvertChars(m_pXFPara,sHardSpace);
+ pFrib->ConvertChars(m_pXFPara.get(), sHardSpace);
}
break;
case FRIB_TAG_SOFTHYPHEN:
{
OUString sSoftHyphen(u'\x00ad');
- pFrib->ConvertChars(m_pXFPara,sSoftHyphen);
+ pFrib->ConvertChars(m_pXFPara.get(), sSoftHyphen);
}
break;
case FRIB_TAG_FRAME:
@@ -275,64 +276,64 @@ void LwpFribPtr::XFConvert()
LwpFoundry* pFoundry = m_pPara->GetFoundry();
LwpDropcapMgr* pMgr = pFoundry ? pFoundry->GetDropcapMgr() :
nullptr;
if (pMgr)
- pMgr->SetXFPara(m_pXFPara);
+ pMgr->SetXFPara(m_pXFPara.get());
}
- frameFrib->XFConvert(m_pXFPara);
+ frameFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_CHBLOCK:
{
LwpFribCHBlock* chbFrib = static_cast<LwpFribCHBlock*>(pFrib);
- chbFrib->XFConvert(m_pXFPara,m_pPara->GetStory());
+ chbFrib->XFConvert(m_pXFPara.get(),m_pPara->GetStory());
}
break;
case FRIB_TAG_TABLE:
{
LwpFribTable* tableFrib = static_cast<LwpFribTable*>(pFrib);
//tableFrib->XFConvert(m_pPara->GetXFContainer());
- tableFrib->XFConvert(m_pXFPara);
+ tableFrib->XFConvert(m_pXFPara.get());
}
break;
case FRIB_TAG_BOOKMARK:
{
LwpFribBookMark* bookmarkFrib =
static_cast<LwpFribBookMark*>(pFrib);
- bookmarkFrib->XFConvert(m_pXFPara);
+ bookmarkFrib->XFConvert(m_pXFPara.get());
}
break;
case FRIB_TAG_FOOTNOTE:
{
LwpFribFootnote* pFootnoteFrib =
static_cast<LwpFribFootnote*>(pFrib);
- pFootnoteFrib->XFConvert(m_pXFPara);
+ pFootnoteFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_FIELD:
{
LwpFribField* fieldFrib = static_cast<LwpFribField*>(pFrib);
- fieldFrib->XFConvert(m_pXFPara);
+ fieldFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_NOTE:
{
LwpFribNote* pNoteFrib = static_cast<LwpFribNote*>(pFrib);
- pNoteFrib->XFConvert(m_pXFPara);
+ pNoteFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_PAGENUMBER:
{
LwpFribPageNumber* pagenumFrib =
static_cast<LwpFribPageNumber*>(pFrib);
- pagenumFrib->XFConvert(m_pXFPara);
+ pagenumFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_DOCVAR:
{
LwpFribDocVar* docFrib = static_cast<LwpFribDocVar*>(pFrib);
- docFrib->XFConvert(m_pXFPara);
+ docFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_RUBYMARKER:
{
LwpFribRubyMarker* rubyFrib =
static_cast<LwpFribRubyMarker*>(pFrib);
- rubyFrib->XFConvert(m_pXFPara);
+ rubyFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_RUBYFRAME:
diff --git a/lotuswordpro/source/filter/lwpfribptr.hxx
b/lotuswordpro/source/filter/lwpfribptr.hxx
index d59cb81ca0d4..847690242911 100644
--- a/lotuswordpro/source/filter/lwpfribptr.hxx
+++ b/lotuswordpro/source/filter/lwpfribptr.hxx
@@ -75,13 +75,13 @@ public:
void ReadPara(LwpObjectStream* pObjStrm);
private:
LwpFrib* m_pFribs;
- XFParagraph* m_pXFPara;//Current XFPara used for frib parsing
+ rtl::Reference<XFParagraph> m_pXFPara; //Current XFPara used for frib
parsing
LwpPara* m_pPara;//for get foundry
static void ProcessDropcap(LwpStory* pStory, const LwpFrib*
pFrib,sal_uInt32 nLen);
public:
void XFConvert();
void SetXFPara(XFParagraph* Para){m_pXFPara = Para;}
- XFParagraph* GetXFPara(){return m_pXFPara;}
+ XFParagraph* GetXFPara() { return m_pXFPara.get(); }
void SetPara(LwpPara* para){m_pPara=para;}
void RegisterStyle();
LwpFrib* GetFribs(){return m_pFribs;}
commit ec739be7c2d9214fbea5761edc9054d3ca2bb778
Author: Caolán McNamara <[email protected]>
AuthorDate: Mon Jan 4 17:19:47 2021 +0000
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:12 2021 +0100
ofz#29234 Integer-overflow
sc/source/core/tool/interpr1.cxx:9578:39: runtime error: signed integer
overflow: 1 + 2147483647 cannot be represented in type 'int'
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108677
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 52de00024e84c063ab292890256cda59fe259ef5)
Change-Id: I2975ae1daab826f10f0e52e7d7421ac8dcc9fffc
diff --git a/sc/source/core/tool/interpr1.cxx b/sc/source/core/tool/interpr1.cxx
index e375f1626ec5..0f37b4f9f35e 100644
--- a/sc/source/core/tool/interpr1.cxx
+++ b/sc/source/core/tool/interpr1.cxx
@@ -9505,6 +9505,8 @@ void ScInterpreter::ScMid()
OUString aStr = GetString().getString();
if ( nStart < 1 || nSubLen < 0 )
PushIllegalArgument();
+ else if (nStart > kScInterpreterMaxStrLen || nSubLen >
kScInterpreterMaxStrLen)
+ PushError(FormulaError::StringOverflow);
else
{
sal_Int32 nLen = aStr.getLength();
commit 54b35842683d3ed1322ef2e1b55f1103dddc599d
Author: Caolán McNamara <[email protected]>
AuthorDate: Wed Dec 30 21:19:15 2020 +0000
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:11 2021 +0100
ofz#29113 short read
Change-Id: I107d8abeac419ba4e70a5880054c9195c60464ad
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108527
Tested-by: Caolán McNamara <[email protected]>
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit ab3829bf74667044d9b0f5b96903bbafda5171f6)
diff --git a/vcl/source/gdi/jobset.cxx b/vcl/source/gdi/jobset.cxx
index b1ca8e3f80f7..c6641c14ef03 100644
--- a/vcl/source/gdi/jobset.cxx
+++ b/vcl/source/gdi/jobset.cxx
@@ -262,6 +262,13 @@ SvStream& ReadJobSetup( SvStream& rIStream, JobSetup&
rJobSetup )
if ( nSystem == JOBSET_FILE364_SYSTEM ||
nSystem == JOBSET_FILE605_SYSTEM )
{
+ if (nRead < sizeof(ImplOldJobSetupData) +
sizeof(Impl364JobSetupData))
+ {
+ SAL_WARN("vcl", "Parsing error: " <<
sizeof(ImplOldJobSetupData) + sizeof(Impl364JobSetupData) <<
+ " required, but " << nRead << " available");
+ return rIStream;
+ }
+
Impl364JobSetupData* pOldJobData =
reinterpret_cast<Impl364JobSetupData*>(pTempBuf.get() + sizeof(
ImplOldJobSetupData ));
sal_uInt16 nOldJobDataSize = SVBT16ToUInt16(
pOldJobData->nSize );
rJobData.SetSystem( SVBT16ToUInt16( pOldJobData->nSystem ) );
commit ac8240245a24e6697a222a8054680dffbaba2ca8
Author: Michael Stahl <[email protected]>
AuthorDate: Thu Nov 11 11:01:43 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:11 2021 +0100
poppler: upgrade to release 21.11.0
The changelogs tend to mention "crash in malformed files" a lot.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125034
Tested-by: Jenkins
Reviewed-by: Michael Stahl <[email protected]>
(cherry picked from commit 03bc0f97205593547ddf1fc8d4fb396479bcab6d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124973
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 22beb8f80985ea73e2c98d14480e53da81673c67)
Change-Id: Iadc1d9cc23abd09a8fff58ba0cb7a7803236a542
diff --git a/download.lst b/download.lst
index 03101aac433b..f5c35551682c 100644
--- a/download.lst
+++ b/download.lst
@@ -208,8 +208,8 @@ export PIXMAN_SHA256SUM :=
21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
-export POPPLER_SHA256SUM :=
016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3
-export POPPLER_TARBALL := poppler-21.01.0.tar.xz
+export POPPLER_SHA256SUM :=
31b76b5cac0a48612fdd154c02d9eca01fd38fb8eaa77c1196840ecdeb53a584
+export POPPLER_TARBALL := poppler-21.11.0.tar.xz
export POSTGRESQL_SHA256SUM :=
12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f
export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
export PYTHON_SHA256SUM :=
f8d82e7572c86ec9d55c8627aae5040124fd2203af400c383c821b980306ee6b
diff --git a/external/poppler/StaticLibrary_poppler.mk
b/external/poppler/StaticLibrary_poppler.mk
index 3cc0a95e3617..bcb66b49299a 100644
--- a/external/poppler/StaticLibrary_poppler.mk
+++ b/external/poppler/StaticLibrary_poppler.mk
@@ -72,6 +72,7 @@ $(eval $(call
gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/fofi/FoFiType1C \
UnpackedTarball/poppler/fofi/FoFiIdentifier \
UnpackedTarball/poppler/poppler/Annot \
+ UnpackedTarball/poppler/poppler/AnnotStampImageHelper \
UnpackedTarball/poppler/poppler/Array \
UnpackedTarball/poppler/poppler/BBoxOutputDev \
UnpackedTarball/poppler/poppler/CachedFile \
@@ -136,6 +137,7 @@ $(eval $(call
gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/Movie \
UnpackedTarball/poppler/poppler/Rendition \
UnpackedTarball/poppler/poppler/DCTStream \
+ UnpackedTarball/poppler/splash/SplashBitmap \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/poppler/poppler-config.patch.1
b/external/poppler/poppler-config.patch.1
index b902402ea4e7..2a24d4510197 100644
--- a/external/poppler/poppler-config.patch.1
+++ b/external/poppler/poppler-config.patch.1
@@ -16,7 +16,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/config.h
-@@ -0,0 +1,221 @@
+@@ -0,0 +1,223 @@
+/* config.h. Generated from config.h.cmake by cmake. */
+
+/* Build against libcurl. */
@@ -176,7 +176,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_NAME "poppler"
+
+/* Define to the full name and version of this package. */
-+#define PACKAGE_STRING "poppler 21.01.0"
++#define PACKAGE_STRING "poppler 21.11.0"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "poppler"
@@ -185,7 +185,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
-+#define PACKAGE_VERSION "21.01.0"
++#define PACKAGE_VERSION "21.11.0"
+
+/* Poppler data dir */
+#define POPPLER_DATADIR "/usr/local/share/poppler"
@@ -203,7 +203,7 @@ index 0fbd336a..451213f8 100644
+/* #undef USE_FLOAT */
+
+/* Version number of package */
-+#define VERSION "21.01.0"
++#define VERSION "21.11.0"
+
+#if defined(__APPLE__)
+#elif defined (_WIN32)
@@ -228,6 +228,8 @@ index 0fbd336a..451213f8 100644
+#if defined(_MSC_VER) || defined(__BORLANDC__)
+#define popen _popen
+#define pclose _pclose
++#define strncasecmp _strnicmp
++// error C4005: "strcasecmp": macro redefinition #define strcasecmp
_stricmp
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
@@ -243,7 +245,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/poppler/poppler-config.h
-@@ -0,0 +1,166 @@
+@@ -0,0 +1,161 @@
+//================================================= -*- mode: c++ -*- ====
+//
+// poppler-config.h
@@ -282,7 +284,7 @@ index 0fbd336a..451213f8 100644
+
+/* Defines the poppler version. */
+#ifndef POPPLER_VERSION
-+#define POPPLER_VERSION "21.01.0"
++#define POPPLER_VERSION "21.11.0"
+#endif
+
+/* Use single precision arithmetic in the Splash backend */
@@ -369,11 +371,6 @@ index 0fbd336a..451213f8 100644
+/* #undef USE_BOOST_HEADERS */
+#endif
+
-+/* Is splash backend available */
-+#ifndef HAVE_SPLASH
-+/* #undef HAVE_SPLASH */
-+#endif
-+
+//------------------------------------------------------------------------
+// version
+//------------------------------------------------------------------------
@@ -439,9 +436,9 @@ index 0fbd336a..451213f8 100644
+
+#include "poppler-global.h"
+
-+#define POPPLER_VERSION "21.01.0"
++#define POPPLER_VERSION "21.11.0"
+#define POPPLER_VERSION_MAJOR 21
-+#define POPPLER_VERSION_MINOR 1
++#define POPPLER_VERSION_MINOR 11
+#define POPPLER_VERSION_MICRO 0
+
+namespace poppler
@@ -455,3 +452,38 @@ index 0fbd336a..451213f8 100644
+}
+
+#endif
+diff --git a/poppler_private_export.h b/poppler_private_export.h
+new file mode 100644
+index 0fbd336a..451213f8 100644
+--- /dev/null
++++ b/poppler_private_export.h
+@@ -0,0 +1,11 @@
++
++#ifndef POPPLER_PRIVATE_EXPORT_H
++#define POPPLER_PRIVATE_EXPORT_H
++
++# define POPPLER_PRIVATE_EXPORT
++# define POPPLER_PRIVATE_NO_EXPORT
++# define POPPLER_PRIVATE_DEPRECATED
++# define POPPLER_PRIVATE_DEPRECATED_EXPORT
++# define POPPLER_PRIVATE_DEPRECATED_NO_EXPORT
++
++#endif /* POPPLER_PRIVATE_EXPORT_H */
+
+diff --git a/cpp/poppler_cpp_export.h b/cpp/poppler_cpp_export.h
+new file mode 100644
+index 0fbd336a..451213f8 100644
+--- /dev/null
++++ b/cpp/poppler_cpp_export.h
+@@ -0,0 +1,11 @@
++
++#ifndef POPPLER_CPP_EXPORT_H
++#define POPPLER_CPP_EXPORT_H
++
++# define POPPLER_CPP_EXPORT
++# define POPPLER_CPP_NO_EXPORT
++# define POPPLER_CPP_DEPRECATED
++# define POPPLER_CPP_DEPRECATED_EXPORT
++# define POPPLER_CPP_DEPRECATED_NO_EXPORT
++
++#endif /* POPPLER_CPP_EXPORT_H */
commit 37d4101a824b8caf05d462946947fa514e7873b0
Author: Miklos Vajna <[email protected]>
AuthorDate: Wed Sep 22 20:09:04 2021 +0200
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:11 2021 +0100
external: update pdfium to 4643
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122485
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <[email protected]>
(cherry picked from commit 8cecaa622700cecb5b5776bd3e5360ac6cc3dd63)
Change-Id: I4e86b163a9abef88f26c6c0ae91ae0a4008658f1
diff --git a/download.lst b/download.lst
index 4bb187e1b5f8..03101aac433b 100644
--- a/download.lst
+++ b/download.lst
@@ -202,8 +202,8 @@ export OWNCLOUD_ANDROID_LIB_SHA256SUM :=
b18b3e3ef7fae6a79b62f2bb43cc47a5346b633
export OWNCLOUD_ANDROID_LIB_TARBALL :=
owncloud-android-library-0.9.4-no-binary-deps.tar.gz
export PAGEMAKER_SHA256SUM :=
66adacd705a7d19895e08eac46d1e851332adf2e736c566bef1164e7a442519d
export PAGEMAKER_TARBALL := libpagemaker-0.0.4.tar.xz
-export PDFIUM_SHA256SUM :=
b0c5725e1cdcef7f52f068fd33adf9e8d833a271c28ba5b6a5a576ef8f2bbbf4
-export PDFIUM_TARBALL := pdfium-4568.tar.bz2
+export PDFIUM_SHA256SUM :=
eb98a77eaaab9e9e8de541cfd18b9438dd3c538bd5ef163820353179727f5dc9
+export PDFIUM_TARBALL := pdfium-4643.tar.bz2
export PIXMAN_SHA256SUM :=
21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3997aa20a88e
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
diff --git a/external/pdfium/Library_pdfium.mk
b/external/pdfium/Library_pdfium.mk
index 5ba04fda321b..07282fc3d157 100644
--- a/external/pdfium/Library_pdfium.mk
+++ b/external/pdfium/Library_pdfium.mk
@@ -58,7 +58,6 @@ $(eval $(call
gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_actionhandler \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_annotiterator \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_customaccess \
- UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_fieldaction \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_filewriteadapter \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_helpers \
UnpackedTarball/pdfium/fpdfsdk/fpdf_annot \
@@ -104,7 +103,8 @@ $(eval $(call
gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_textfield \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_button \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_textobject \
- UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_privatedata \
+ UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_fieldaction \
+ UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_perwindowdata \
))
# fpdfapi
@@ -288,6 +288,7 @@ $(eval $(call
gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_pagerendercontext \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_transferfuncdib \
UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_transferfunc \
+ UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_basedcs \
))
# fpdfdoc
@@ -363,7 +364,7 @@ $(eval $(call
gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_DocumentContext \
UnpackedTarball/pdfium/core/fxcodec/basic/basicmodule \
UnpackedTarball/pdfium/core/fxcodec/flate/flatemodule \
- UnpackedTarball/pdfium/core/fxcodec/icc/iccmodule \
+ UnpackedTarball/pdfium/core/fxcodec/icc/icc_transform \
UnpackedTarball/pdfium/core/fxcodec/jbig2/jbig2_decoder \
UnpackedTarball/pdfium/core/fxcodec/jpeg/jpeg_common \
))
@@ -623,12 +624,14 @@ $(eval $(call gb_Library_add_generated_cobjects,pdfium,\
UnpackedTarball/pdfium/third_party/freetype/src/src/truetype/truetype \
UnpackedTarball/pdfium/third_party/freetype/src/src/type1/type1 \
UnpackedTarball/pdfium/third_party/freetype/src/src/base/ftdebug \
+ UnpackedTarball/pdfium/third_party/freetype/src/src/base/ftfstype \
))
endif
ifneq ($(OS),WNT)
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxcrt/cfx_fileaccess_posix \
+ UnpackedTarball/pdfium/core/fxcrt/fx_folder_posix \
))
endif
@@ -644,8 +647,10 @@ $(eval $(call
gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxge/win32/cps_printer_driver \
UnpackedTarball/pdfium/core/fxge/win32/ctext_only_printer_driver \
UnpackedTarball/pdfium/core/fxge/win32/cwin32_platform \
+ UnpackedTarball/pdfium/core/fxge/win32/cfx_psfonttracker \
UnpackedTarball/pdfium/core/fxge/cfx_windowsrenderdevice \
UnpackedTarball/pdfium/core/fxcrt/cfx_fileaccess_windows \
+ UnpackedTarball/pdfium/core/fxcrt/fx_folder_windows \
UnpackedTarball/pdfium/third_party/base/win/win_util \
UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_windowsrenderdevice \
))
diff --git a/external/pdfium/build.patch.1 b/external/pdfium/build.patch.1
index 74e6f405c35d..60283ac63c74 100644
--- a/external/pdfium/build.patch.1
+++ b/external/pdfium/build.patch.1
@@ -53,109 +53,6 @@ index 0fb627ba8..dda1fc8bc 100644
uint8_t r;
uint8_t g;
diff --git a/core/fxcodec/jpx/cjpx_decoder.cpp
b/core/fxcodec/jpx/cjpx_decoder.cpp
-index c66985a7f..9c1122b75 100644
---- a/core/fxcodec/jpx/cjpx_decoder.cpp
-+++ b/core/fxcodec/jpx/cjpx_decoder.cpp
-@@ -6,6 +6,8 @@
-
- #include "core/fxcodec/jpx/cjpx_decoder.h"
-
-+#include <string.h>
-+
- #include <algorithm>
- #include <limits>
- #include <utility>
-diff --git a/core/fxcodec/jpeg/jpegmodule.cpp
b/core/fxcodec/jpeg/jpegmodule.cpp
-index cea0679aa..036f25003 100644
---- a/core/fxcodec/jpeg/jpegmodule.cpp
-+++ b/core/fxcodec/jpeg/jpegmodule.cpp
-@@ -7,6 +7,7 @@
- #include "core/fxcodec/jpeg/jpegmodule.h"
-
- #include <setjmp.h>
-+#include <string.h>
-
- #include <memory>
- #include <utility>
-diff --git a/core/fxge/dib/cfx_bitmapcomposer.cpp
b/core/fxge/dib/cfx_bitmapcomposer.cpp
-index 6f9b42013..0f1ffae2c 100644
---- a/core/fxge/dib/cfx_bitmapcomposer.cpp
-+++ b/core/fxge/dib/cfx_bitmapcomposer.cpp
-@@ -6,6 +6,8 @@
-
- #include "core/fxge/dib/cfx_bitmapcomposer.h"
-
-+#include <string.h>
-+
- #include "core/fxge/cfx_cliprgn.h"
- #include "core/fxge/dib/cfx_dibitmap.h"
-
-diff --git a/core/fxge/dib/cfx_dibitmap.cpp b/core/fxge/dib/cfx_dibitmap.cpp
-index d7ccf6cfa..94e8accdd 100644
---- a/core/fxge/dib/cfx_dibitmap.cpp
-+++ b/core/fxge/dib/cfx_dibitmap.cpp
-@@ -6,6 +6,8 @@
-
- #include "core/fxge/dib/cfx_dibitmap.h"
-
-+#include <string.h>
-+
- #include <limits>
- #include <memory>
- #include <utility>
-diff --git a/core/fxge/dib/cfx_bitmapstorer.cpp
b/core/fxge/dib/cfx_bitmapstorer.cpp
-index f57c00eaa..45a0a180c 100644
---- a/core/fxge/dib/cfx_bitmapstorer.cpp
-+++ b/core/fxge/dib/cfx_bitmapstorer.cpp
-@@ -6,6 +6,8 @@
-
- #include "core/fxge/dib/cfx_bitmapstorer.h"
-
-+#include <string.h>
-+
- #include <utility>
-
- #include "core/fxge/dib/cfx_dibitmap.h"
-diff --git a/core/fxge/cfx_cliprgn.cpp b/core/fxge/cfx_cliprgn.cpp
-index 5369d522c..d198852e3 100644
---- a/core/fxge/cfx_cliprgn.cpp
-+++ b/core/fxge/cfx_cliprgn.cpp
-@@ -6,6 +6,8 @@
-
- #include "core/fxge/cfx_cliprgn.h"
-
-+#include <string.h>
-+
- #include <utility>
-
- #include "core/fxge/dib/cfx_dibitmap.h"
-diff --git a/core/fxge/dib/cfx_scanlinecompositor.cpp
b/core/fxge/dib/cfx_scanlinecompositor.cpp
-index e8362d708..c04c6dcab 100644
---- a/core/fxge/dib/cfx_scanlinecompositor.cpp
-+++ b/core/fxge/dib/cfx_scanlinecompositor.cpp
-@@ -6,6 +6,8 @@
-
- #include "core/fxge/dib/cfx_scanlinecompositor.h"
-
-+#include <string.h>
-+
- #include <algorithm>
-
- #include "core/fxge/dib/fx_dib.h"
-diff --git a/core/fxge/dib/cfx_dibbase.cpp b/core/fxge/dib/cfx_dibbase.cpp
-index 4ec0ddbf9..a1de2fbec 100644
---- a/core/fxge/dib/cfx_dibbase.cpp
-+++ b/core/fxge/dib/cfx_dibbase.cpp
-@@ -6,6 +6,8 @@
-
- #include "core/fxge/dib/cfx_dibbase.h"
-
-+#include <string.h>
-+
- #include <algorithm>
- #include <memory>
- #include <utility>
-diff --git a/core/fxcodec/jpx/cjpx_decoder.cpp
b/core/fxcodec/jpx/cjpx_decoder.cpp
index c66985a7f..817f81dfa 100644
--- a/core/fxcodec/jpx/cjpx_decoder.cpp
+++ b/core/fxcodec/jpx/cjpx_decoder.cpp
@@ -168,3 +65,68 @@ index c66985a7f..817f81dfa 100644
}
void sycc_to_rgb(int offset,
+diff --git a/core/fdrm/fx_crypt_aes.cpp b/core/fdrm/fx_crypt_aes.cpp
+index f2170220b..ede18f581 100644
+--- a/core/fdrm/fx_crypt_aes.cpp
++++ b/core/fdrm/fx_crypt_aes.cpp
+@@ -437,7 +437,7 @@ const unsigned int D3[256] = {
+ (block[0] ^= *keysched++, block[1] ^= *keysched++, block[2] ^= *keysched++,
\
+ block[3] ^= *keysched++)
+ #define MOVEWORD(i) (block[i] = newstate[i])
+-#define MAKEWORD(i) \
++#define FMAKEWORD(i) \
+ (newstate[i] = (E0[(block[i] >> 24) & 0xFF] ^ \
+ E1[(block[(i + C1) % Nb] >> 16) & 0xFF] ^ \
+ E2[(block[(i + C2) % Nb] >> 8) & 0xFF] ^ \
+@@ -458,10 +458,10 @@ void aes_encrypt_nb_4(CRYPT_aes_context* ctx, unsigned
int* block) {
+ unsigned int newstate[4];
+ for (i = 0; i < ctx->Nr - 1; i++) {
+ ADD_ROUND_KEY_4();
+- MAKEWORD(0);
+- MAKEWORD(1);
+- MAKEWORD(2);
+- MAKEWORD(3);
++ FMAKEWORD(0);
++ FMAKEWORD(1);
++ FMAKEWORD(2);
++ FMAKEWORD(3);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+@@ -478,10 +478,10 @@ void aes_encrypt_nb_4(CRYPT_aes_context* ctx, unsigned
int* block) {
+ MOVEWORD(3);
+ ADD_ROUND_KEY_4();
+ }
+-#undef MAKEWORD
++#undef FMAKEWORD
+ #undef LASTWORD
+
+-#define MAKEWORD(i) \
++#define FMAKEWORD(i) \
+ (newstate[i] = (D0[(block[i] >> 24) & 0xFF] ^ \
+ D1[(block[(i + C1) % Nb] >> 16) & 0xFF] ^ \
+ D2[(block[(i + C2) % Nb] >> 8) & 0xFF] ^ \
+@@ -502,10 +502,10 @@ void aes_decrypt_nb_4(CRYPT_aes_context* ctx, unsigned
int* block) {
+ unsigned int newstate[4];
+ for (i = 0; i < ctx->Nr - 1; i++) {
+ ADD_ROUND_KEY_4();
+- MAKEWORD(0);
+- MAKEWORD(1);
+- MAKEWORD(2);
+- MAKEWORD(3);
++ FMAKEWORD(0);
++ FMAKEWORD(1);
++ FMAKEWORD(2);
++ FMAKEWORD(3);
+ MOVEWORD(0);
+ MOVEWORD(1);
+ MOVEWORD(2);
+@@ -522,7 +522,7 @@ void aes_decrypt_nb_4(CRYPT_aes_context* ctx, unsigned
int* block) {
+ MOVEWORD(3);
+ ADD_ROUND_KEY_4();
+ }
+-#undef MAKEWORD
++#undef FMAKEWORD
+ #undef LASTWORD
+
+ void aes_setup(CRYPT_aes_context* ctx, const unsigned char* key, int keylen) {
diff --git a/external/pdfium/inc/pch/precompiled_pdfium.hxx
b/external/pdfium/inc/pch/precompiled_pdfium.hxx
index c13f593c8b3a..357c37d6a81e 100644
--- a/external/pdfium/inc/pch/precompiled_pdfium.hxx
+++ b/external/pdfium/inc/pch/precompiled_pdfium.hxx
@@ -33,13 +33,10 @@
#include <array>
#include <atomic>
#include <cassert>
-#include <cctype>
#include <cfloat>
#include <climits>
#include <cmath>
-#include <cstring>
-#include <cwchar>
-#include <cwctype>
+#include <ctype.h>
#include <functional>
#include <iterator>
#include <limits.h>
@@ -64,6 +61,7 @@
#include <type_traits>
#include <utility>
#include <vector>
+#include <wchar.h>
#endif // PCH_LEVEL >= 1
#if PCH_LEVEL >= 2
#endif // PCH_LEVEL >= 2
@@ -73,6 +71,7 @@
#include <constants/annotation_common.h>
#include <constants/annotation_flags.h>
#include <constants/appearance.h>
+#include <constants/ascii.h>
#include <constants/form_fields.h>
#include <constants/form_flags.h>
#include <constants/page_object.h>
@@ -107,6 +106,7 @@
#include <core/fpdfapi/font/cpdf_type3font.h>
#include <core/fpdfapi/page/cpdf_allstates.h>
#include <core/fpdfapi/page/cpdf_annotcontext.h>
+#include <core/fpdfapi/page/cpdf_basedcs.h>
#include <core/fpdfapi/page/cpdf_clippath.h>
#include <core/fpdfapi/page/cpdf_color.h>
#include <core/fpdfapi/page/cpdf_colorspace.h>
@@ -245,7 +245,7 @@
#include <core/fxcodec/fx_codec.h>
#include <core/fxcodec/gif/cfx_gif.h>
#include <core/fxcodec/gif/lzw_decompressor.h>
-#include <core/fxcodec/icc/iccmodule.h>
+#include <core/fxcodec/icc/icc_transform.h>
#include <core/fxcodec/jbig2/JBig2_ArithDecoder.h>
#include <core/fxcodec/jbig2/JBig2_ArithIntDecoder.h>
#include <core/fxcodec/jbig2/JBig2_BitStream.h>
@@ -309,6 +309,7 @@
#include <core/fxcrt/fx_codepage.h>
#include <core/fxcrt/fx_coordinates.h>
#include <core/fxcrt/fx_extension.h>
+#include <core/fxcrt/fx_folder.h>
#include <core/fxcrt/fx_memory.h>
#include <core/fxcrt/fx_memory_wrappers.h>
#include <core/fxcrt/fx_number.h>
@@ -389,7 +390,6 @@
#include <fpdfsdk/cpdfsdk_baannot.h>
#include <fpdfsdk/cpdfsdk_baannothandler.h>
#include <fpdfsdk/cpdfsdk_customaccess.h>
-#include <fpdfsdk/cpdfsdk_fieldaction.h>
#include <fpdfsdk/cpdfsdk_filewriteadapter.h>
#include <fpdfsdk/cpdfsdk_formfillenvironment.h>
#include <fpdfsdk/cpdfsdk_helpers.h>
@@ -402,10 +402,11 @@
#include <fpdfsdk/formfiller/cffl_button.h>
#include <fpdfsdk/formfiller/cffl_checkbox.h>
#include <fpdfsdk/formfiller/cffl_combobox.h>
+#include <fpdfsdk/formfiller/cffl_fieldaction.h>
#include <fpdfsdk/formfiller/cffl_formfield.h>
#include <fpdfsdk/formfiller/cffl_interactiveformfiller.h>
#include <fpdfsdk/formfiller/cffl_listbox.h>
-#include <fpdfsdk/formfiller/cffl_privatedata.h>
+#include <fpdfsdk/formfiller/cffl_perwindowdata.h>
#include <fpdfsdk/formfiller/cffl_pushbutton.h>
#include <fpdfsdk/formfiller/cffl_radiobutton.h>
#include <fpdfsdk/formfiller/cffl_textfield.h>
@@ -484,7 +485,6 @@
#include <third_party/base/memory/aligned_memory.h>
#include <third_party/base/no_destructor.h>
#include <third_party/base/notreached.h>
-#include <third_party/base/numerics/ranges.h>
#include <third_party/base/numerics/safe_conversions.h>
#include <third_party/base/numerics/safe_math.h>
#include <third_party/base/optional.h>
diff --git a/solenv/flatpak-manifest.in b/solenv/flatpak-manifest.in
index 64fa57427e01..f92a45251d7c 100644
--- a/solenv/flatpak-manifest.in
+++ b/solenv/flatpak-manifest.in
@@ -69,11 +69,11 @@
"type": "shell"
},
{
- "url":
"https://dev-www.libreoffice.org/src/pdfium-4568.tar.bz2";,
- "sha256":
"b0c5725e1cdcef7f52f068fd33adf9e8d833a271c28ba5b6a5a576ef8f2bbbf4",
+ "url":
"https://dev-www.libreoffice.org/src/pdfium-4643.tar.bz2";,
+ "sha256":
"eb98a77eaaab9e9e8de541cfd18b9438dd3c538bd5ef163820353179727f5dc9",
"type": "file",
"dest": "external/tarballs",
- "dest-filename": "pdfium-4568.tar.bz2"
+ "dest-filename": "pdfium-4643.tar.bz2"
},
{
"url":
"https://dev-www.libreoffice.org/src/0168229624cfac409e766913506961a8-ucpp-1.3.2.tar.gz";,
diff --git a/svx/source/svdraw/svdpdf.cxx b/svx/source/svdraw/svdpdf.cxx
index 32bffbb49452..ba27b6d651cb 100644
--- a/svx/source/svdraw/svdpdf.cxx
+++ b/svx/source/svdraw/svdpdf.cxx
@@ -797,7 +797,8 @@ void ImpSdrPdfImport::ImportText(FPDF_PAGEOBJECT
pPageObject, FPDF_TEXTPAGE pTex
const int nChars = FPDFTextObj_GetText(pPageObject, pTextPage, nullptr, 0);
std::unique_ptr<sal_Unicode[]> pText(new sal_Unicode[nChars]);
- const int nActualChars = FPDFTextObj_GetText(pPageObject, pTextPage,
pText.get(), nChars);
+ const int nActualChars = FPDFTextObj_GetText(
+ pPageObject, pTextPage, reinterpret_cast<FPDF_WCHAR*>(pText.get()),
nChars);
if (nActualChars <= 0)
{
return;
diff --git a/vcl/qa/cppunit/pdfexport/pdfexport.cxx
b/vcl/qa/cppunit/pdfexport/pdfexport.cxx
index 95425b128495..344a74f87521 100644
--- a/vcl/qa/cppunit/pdfexport/pdfexport.cxx
+++ b/vcl/qa/cppunit/pdfexport/pdfexport.cxx
@@ -1699,7 +1699,7 @@ void PdfExportTest::testTdf115262()
{
unsigned long nTextSize = FPDFTextObj_GetText(pPageObject,
pTextPage, nullptr, 0);
std::vector<sal_Unicode> aText(nTextSize);
- FPDFTextObj_GetText(pPageObject, pTextPage, aText.data(),
nTextSize);
+ FPDFTextObj_GetText(pPageObject, pTextPage,
reinterpret_cast<FPDF_WCHAR*>(aText.data()), nTextSize);
OUString sText(aText.data(), nTextSize / 2 - 1);
if (sText == "400")
nRowTop = fTop;
@@ -1734,7 +1734,7 @@ void PdfExportTest::testTdf121962()
continue;
unsigned long nTextSize = FPDFTextObj_GetText(pPageObject, pTextPage,
nullptr, 0);
std::vector<sal_Unicode> aText(nTextSize);
- FPDFTextObj_GetText(pPageObject, pTextPage, aText.data(), nTextSize);
+ FPDFTextObj_GetText(pPageObject, pTextPage,
reinterpret_cast<FPDF_WCHAR*>(aText.data()), nTextSize);
OUString sText(aText.data(), nTextSize / 2 - 1);
CPPUNIT_ASSERT(sText != "** Expression is faulty **");
}
@@ -1765,7 +1765,7 @@ void PdfExportTest::testTdf115967()
continue;
unsigned long nTextSize = FPDFTextObj_GetText(pPageObject, pTextPage,
nullptr, 2);
std::vector<sal_Unicode> aText(nTextSize);
- FPDFTextObj_GetText(pPageObject, pTextPage, aText.data(), nTextSize);
+ FPDFTextObj_GetText(pPageObject, pTextPage,
reinterpret_cast<FPDF_WCHAR*>(aText.data()), nTextSize);
OUString sChar(aText.data(), nTextSize / 2 - 1);
sText += sChar.trim();
}
commit 36cb9291a15bbada80bf24b0f6ef38c7743e8429
Author: Miklos Vajna <[email protected]>
AuthorDate: Tue Jul 13 20:28:17 2021 +0200
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 17:48:11 2021 +0100
external: update pdfium to 4568
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118868
Tested-by: Jenkins
Reviewed-by: Miklos Vajna <[email protected]>
(cherry picked from commit 7707339a7d10225ff2503a852f68427519ae26f6)
Change-Id: I2bfd5f806281e747702d423b7e59b5f88a7bea9c
diff --git a/download.lst b/download.lst
index 164b3692f266..4bb187e1b5f8 100644
--- a/download.lst
+++ b/download.lst
@@ -202,8 +202,8 @@ export OWNCLOUD_ANDROID_LIB_SHA256SUM :=
b18b3e3ef7fae6a79b62f2bb43cc47a5346b633
export OWNCLOUD_ANDROID_LIB_TARBALL :=
owncloud-android-library-0.9.4-no-binary-deps.tar.gz
export PAGEMAKER_SHA256SUM :=
66adacd705a7d19895e08eac46d1e851332adf2e736c566bef1164e7a442519d
export PAGEMAKER_TARBALL := libpagemaker-0.0.4.tar.xz
-export PDFIUM_SHA256SUM :=
26a03dd60e5ed0979cdaba9cc848242895110ddfdf347d40989ce2f14020f304
-export PDFIUM_TARBALL := pdfium-4500.tar.bz2
+export PDFIUM_SHA256SUM :=
b0c5725e1cdcef7f52f068fd33adf9e8d833a271c28ba5b6a5a576ef8f2bbbf4
+export PDFIUM_TARBALL := pdfium-4568.tar.bz2
export PIXMAN_SHA256SUM :=
21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3997aa20a88e
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
diff --git a/external/pdfium/Library_pdfium.mk
b/external/pdfium/Library_pdfium.mk
index 9f6e347cfb14..5ba04fda321b 100644
--- a/external/pdfium/Library_pdfium.mk
+++ b/external/pdfium/Library_pdfium.mk
@@ -77,6 +77,12 @@ $(eval $(call
gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_interactiveform \
UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_renderpage \
UnpackedTarball/pdfium/fpdfsdk/fpdf_signature \
+ UnpackedTarball/pdfium/constants/annotation_common \
+ UnpackedTarball/pdfium/constants/appearance \
+ UnpackedTarball/pdfium/constants/form_fields \
+ UnpackedTarball/pdfium/constants/page_object \
+ UnpackedTarball/pdfium/constants/stream_dict_common \
+ UnpackedTarball/pdfium/constants/transparency \
))
# fdrm
@@ -90,7 +96,7 @@ $(eval $(call
gb_Library_add_generated_exception_objects,pdfium,\
$(eval $(call gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_checkbox \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_combobox \
- UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_formfiller \
+ UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_formfield \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_interactiveformfiller \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_listbox \
UnpackedTarball/pdfium/fpdfsdk/formfiller/cffl_pushbutton \
@@ -347,7 +353,7 @@ $(eval $(call
gb_Library_add_generated_exception_objects,pdfium,\
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_SymbolDict \
UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_TrdProc \
UnpackedTarball/pdfium/core/fxcodec/gif/cfx_gif \
- UnpackedTarball/pdfium/core/fxcodec/gif/cfx_lzwdecompressor \
+ UnpackedTarball/pdfium/core/fxcodec/gif/lzw_decompressor \
UnpackedTarball/pdfium/core/fxcodec/cfx_codec_memory \
UnpackedTarball/pdfium/core/fxcodec/fax/faxmodule \
... etc. - the rest is truncated
