subject:"\\\[Libreoffice\\\-commits\\\] core.git\\\: Branch 'libreoffice\\\-6\\\-0' \\\- vcl\\\/source xmlsecurity\\\/qa"

[Libreoffice-commits] core.git: Branch 'libreoffice-6-0' - vcl/source xmlsecurity/qa

2018-03-02 Thread Miklos Vajna

 vcl/source/filter/ipdf/pdfdocument.cxx   |4 +++-
 xmlsecurity/qa/unit/pdfsigning/data/forcepoint16.pdf |binary
 xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx|2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

New commits:
commit bea0195cecc05008b3120ef753c25c0d8d4abccc
Author: Miklos Vajna 
Date:   Fri Mar 2 11:18:21 2018 +0100

forcepoint #16: fix heap-use-after-free

PDFDocument::Tokenize() in the aKeyword == "obj" case allocates a
PDFObjectElement, stores it as an owning pointer inside rElements, and
also stores two non-owning references to it in m_aOffsetObjects and
m_aIDObjects. So make sure those 2 other containers are also cleared
then elements go away.

LO_TRACE="valgrind" bin/run pdfverify 

doesn't report errors anymore after the fix.

Change-Id: Ie103de3e24a1080257a79e53b994e8536a9597bc
Reviewed-on: https://gerrit.libreoffice.org/50631
Reviewed-by: Michael Stahl 
Tested-by: Michael Stahl 

diff --git a/vcl/source/filter/ipdf/pdfdocument.cxx 
b/vcl/source/filter/ipdf/pdfdocument.cxx
index 11c4519e44cf..a9f78fbe7f8c 100644
--- a/vcl/source/filter/ipdf/pdfdocument.cxx
+++ b/vcl/source/filter/ipdf/pdfdocument.cxx
@@ -1266,8 +1266,10 @@ bool PDFDocument::Read(SvStream& rStream)
 if (pPrev)
 nStartXRef = pPrev->GetValue();
 
-// Reset state, except object offsets and the edit buffer.
+// Reset state, except the edit buffer.
 m_aElements.clear();
+m_aOffsetObjects.clear();
+m_aIDObjects.clear();
 m_aStartXRefs.clear();
 m_aEOFs.clear();
 m_pTrailer = nullptr;
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/forcepoint16.pdf 
b/xmlsecurity/qa/unit/pdfsigning/data/forcepoint16.pdf
new file mode 100644
index ..9edccb47f40c
Binary files /dev/null and 
b/xmlsecurity/qa/unit/pdfsigning/data/forcepoint16.pdf differ
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx 
b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index c989af96f1b3..2a65ae004e43 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -450,6 +450,8 @@ void PDFSigningTest::testTokenize()
 "tdf107149.pdf",
 // Nested parentheses were not handled.
 "tdf114460.pdf",
+// Valgrind was unhappy about this.
+"forcepoint16.pdf",
 };
 
 for (const auto& rName : aNames)
___
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: Branch 'libreoffice-6-0' - vcl/source xmlsecurity/qa

2018-01-23 Thread Miklos Vajna

 vcl/source/filter/ipdf/pdfdocument.cxx|9 +
 xmlsecurity/qa/unit/pdfsigning/data/tdf114460.pdf |binary
 xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx |2 ++
 3 files changed, 11 insertions(+)

New commits:
commit e45ca13634ba51a6133a231f74db76be06bb4d95
Author: Miklos Vajna 
Date:   Mon Jan 22 22:12:04 2018 +0100

tdf#114460 vcl: handle nested parentheses in PDF roundtrip

The roundtrip of the pdf image failed due to this.

(cherry picked from commit f58a16d5987c8e8c16580c514ce0c7b0895b4105)

Change-Id: I88a9657e242dd2659f9bf06233e5fcbfeb43ceb5
Reviewed-on: https://gerrit.libreoffice.org/48378
Tested-by: Jenkins 
Reviewed-by: Michael Stahl 

diff --git a/vcl/source/filter/ipdf/pdfdocument.cxx 
b/vcl/source/filter/ipdf/pdfdocument.cxx
index 56e90cf7adf3..11c4519e44cf 100644
--- a/vcl/source/filter/ipdf/pdfdocument.cxx
+++ b/vcl/source/filter/ipdf/pdfdocument.cxx
@@ -2021,11 +2021,20 @@ bool PDFLiteralStringElement::Read(SvStream& rStream)
 nPrevCh = ch;
 rStream.ReadChar(ch);
 
+// Start with 1 nesting level as we read a '(' above already.
+int nDepth = 1;
 OStringBuffer aBuf;
 while (!rStream.eof())
 {
+if (ch == '(' && nPrevCh != '\\')
+++nDepth;
+
 if (ch == ')' && nPrevCh != '\\')
+--nDepth;
+
+if (nDepth == 0)
 {
+// ')' of the outermost '(' is reached.
 m_aValue = aBuf.makeStringAndClear();
 SAL_INFO("vcl.filter", "PDFLiteralStringElement::Read: m_aValue is 
'" << m_aValue << "'");
 return true;
diff --git a/xmlsecurity/qa/unit/pdfsigning/data/tdf114460.pdf 
b/xmlsecurity/qa/unit/pdfsigning/data/tdf114460.pdf
new file mode 100644
index ..a736e5bb90cd
Binary files /dev/null and b/xmlsecurity/qa/unit/pdfsigning/data/tdf114460.pdf 
differ
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx 
b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 642a034ae5e1..c989af96f1b3 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -448,6 +448,8 @@ void PDFSigningTest::testTokenize()
 // File that's intentionally smaller than 1024 bytes.
 "small.pdf",
 "tdf107149.pdf",
+// Nested parentheses were not handled.
+"tdf114460.pdf",
 };
 
 for (const auto& rName : aNames)
___
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: Branch 'libreoffice-6-0' - vcl/source xmlsecurity/qa

[Libreoffice-commits] core.git: Branch 'libreoffice-6-0' - vcl/source xmlsecurity/qa

2 matches

Site Navigation

Mail list logo

Footer information