sot/source/sdstor/stgio.cxx | 19 ++++++++++++++++---
sot/source/sdstor/stgstrms.cxx | 4 ++--
sot/source/sdstor/stgstrms.hxx | 2 +-
3 files changed, 19 insertions(+), 6 deletions(-)
New commits:
commit c10b3f85a3e600aefe88565356f98c9e78abd1ce
Author: Caolán McNamara <caol...@redhat.com>
Date: Tue Sep 26 09:59:48 2017 +0100
AddressSanitizer: undefined-behavior
Change-Id: I55a92512ad9e1508c49ee3149394196f5be5f162
Reviewed-on: https://gerrit.libreoffice.org/42784
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
Tested-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sd/qa/unit/data/ppt/pass/large-bounding-box.ppt
b/sot/qa/cppunit/data/fail/oversized-fat-1.compound
similarity index 100%
rename from sd/qa/unit/data/ppt/pass/large-bounding-box.ppt
rename to sot/qa/cppunit/data/fail/oversized-fat-1.compound
diff --git a/sot/source/sdstor/stgio.cxx b/sot/source/sdstor/stgio.cxx
index 4376210055bd..15774bf64a2b 100644
--- a/sot/source/sdstor/stgio.cxx
+++ b/sot/source/sdstor/stgio.cxx
@@ -24,6 +24,7 @@
#include "stgstrms.hxx"
#include "stgdir.hxx"
#include "stgio.hxx"
+#include <o3tl/safeint.hxx>
#include <rtl/instance.hxx>
#include <memory>
@@ -88,9 +89,21 @@ void StgIo::SetupStreams()
m_pDataStrm = nullptr;
m_pFAT = nullptr;
ResetError();
- SetPhysPageSize( 1 << m_aHdr.GetPageSize() );
- m_pFAT = new StgFATStrm( *this );
- m_pTOC = new StgDirStrm( *this );
+ short nPhysPageSize = 1 << m_aHdr.GetPageSize();
+ SetPhysPageSize(nPhysPageSize);
+ sal_Int32 nFatStrmSize;
+ if (o3tl::checked_multiply<sal_Int32>(m_aHdr.GetFATSize(), nPhysPageSize,
nFatStrmSize))
+ {
+ SAL_WARN("sot", "Error: " << m_aHdr.GetFATSize() << " * " <<
nPhysPageSize << " would overflow");
+ SetError(SVSTREAM_FILEFORMAT_ERROR);
+ m_pFAT = nullptr;
+ m_pTOC = nullptr;
+ }
+ else
+ {
+ m_pFAT = new StgFATStrm(*this, nFatStrmSize);
+ m_pTOC = new StgDirStrm( *this );
+ }
if( !GetError() )
{
StgDirEntry* pRoot = m_pTOC->GetRoot();
diff --git a/sot/source/sdstor/stgstrms.cxx b/sot/source/sdstor/stgstrms.cxx
index f449874b3b10..1f7f0769f0ce 100644
--- a/sot/source/sdstor/stgstrms.cxx
+++ b/sot/source/sdstor/stgstrms.cxx
@@ -572,10 +572,10 @@ bool StgStrm::SetSize( sal_Int32 nBytes )
// Since this access is implemented as a StgStrm, we can use the
// FAT allocator.
-StgFATStrm::StgFATStrm( StgIo& r ) : StgStrm( r )
+StgFATStrm::StgFATStrm(StgIo& r, sal_Int32 nFatStrmSize) : StgStrm( r )
{
m_pFat.reset( new StgFAT( *this, true ) );
- m_nSize = m_rIo.m_aHdr.GetFATSize() * m_nPageSize;
+ m_nSize = nFatStrmSize;
}
bool StgFATStrm::Pos2Page( sal_Int32 nBytePos )
diff --git a/sot/source/sdstor/stgstrms.hxx b/sot/source/sdstor/stgstrms.hxx
index bdd3e8755813..c8432e212e49 100644
--- a/sot/source/sdstor/stgstrms.hxx
+++ b/sot/source/sdstor/stgstrms.hxx
@@ -101,7 +101,7 @@ class StgFATStrm : public StgStrm { // the master FAT
stream
virtual bool Pos2Page( sal_Int32 nBytePos ) override;
bool SetPage( short, sal_Int32 );
public:
- explicit StgFATStrm( StgIo& );
+ explicit StgFATStrm(StgIo&, sal_Int32 nFatStrmSize);
using StgStrm::GetPage;
sal_Int32 GetPage( short, bool, sal_uInt16 *pnMasterAlloc = nullptr);
virtual bool SetSize( sal_Int32 ) override;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
