drawinglayer/source/tools/emfphelperdata.cxx | 31 -
hwpfilter/source/hwpfile.cxx | 2
hwpfilter/source/hwpfile.h | 4
lotuswordpro/source/filter/lwpdrawobj.cxx | 79 +--
sc/source/filter/lotus/op.cxx | 11
shell/source/win32/SysShExec.cxx | 2
sw/qa/extras/layout/data/LIBREOFFICE-N4LA0OHZ.rtf | 347 +++++++++++++++
sw/qa/extras/layout/layout.cxx | 5
sw/source/core/layout/tabfrm.cxx | 1
sw/source/filter/ww8/wrtw8sty.cxx | 28 -
sw/source/filter/ww8/wrtww8.hxx | 4
vcl/source/fontsubset/sft.cxx | 2
vcl/source/gdi/svmconverter.cxx | 20
writerfilter/source/dmapper/DomainMapperTableManager.cxx | 2
14 files changed, 448 insertions(+), 90 deletions(-)
New commits:
commit 3a58089adb8e3655cb0632061576f238febe9f33
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Mar 4 10:38:50 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:46:58 2022 +0200
clamp and add some logging like SvmReader
LIBREOFFICE-OWMTGGWJ
Change-Id: I8f744e1ab2684a0f0995abcc3e753a684a3b970a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130982
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 19add15932e579c931480eed42eeea52d0551897)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131369
Tested-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 8727f47611af8dfb5ac186cc47e7b38741ccfb76)
diff --git a/vcl/source/gdi/svmconverter.cxx b/vcl/source/gdi/svmconverter.cxx
index c1d40686a50a..39648b756029 100644
--- a/vcl/source/gdi/svmconverter.cxx
+++ b/vcl/source/gdi/svmconverter.cxx
@@ -240,6 +240,23 @@ namespace
nFollowingActionCount = remainingActions;
return std::min(remainingActions, nFollowingActionCount);
}
+
+ void ClampRange(const OUString& rStr, sal_Int32& rIndex, sal_Int32&
rLength)
+ {
+ const sal_Int32 nStrLength = rStr.getLength();
+
+ if (rIndex < 0 || rIndex > nStrLength)
+ {
+ SAL_WARN("vcl.gdi", "inconsistent offset");
+ rIndex = nStrLength;
+ }
+
+ if (rLength < 0 || rLength > nStrLength - rIndex)
+ {
+ SAL_WARN("vcl.gdi", "inconsistent len");
+ rLength = nStrLength - rIndex;
+ }
+ }
}
#define LF_FACESIZE 32
@@ -681,6 +698,7 @@ void SVMConverter::ImplConvertFromSVM1( SvStream& rIStm,
GDIMetaFile& rMtf )
OUString aStr(OStringToOUString(aByteStr, eActualCharSet));
if ( nUnicodeCommentActionNumber == i )
ImplReadUnicodeComment( nUnicodeCommentStreamPos,
rIStm, aStr );
+ ClampRange(aStr, nIndex, nLen);
rMtf.AddAction( new MetaTextAction( aPt, aStr, nIndex,
nLen ) );
}
@@ -771,6 +789,7 @@ void SVMConverter::ImplConvertFromSVM1( SvStream& rIStm,
GDIMetaFile& rMtf )
}
if ( nUnicodeCommentActionNumber == i )
ImplReadUnicodeComment( nUnicodeCommentStreamPos,
rIStm, aStr );
+ ClampRange(aStr, nIndex, nLen);
rMtf.AddAction( new MetaTextArrayAction( aPt, aStr,
pDXAry.get(), nIndex, nLen ) );
}
@@ -796,6 +815,7 @@ void SVMConverter::ImplConvertFromSVM1( SvStream& rIStm,
GDIMetaFile& rMtf )
OUString aStr(OStringToOUString(aByteStr, eActualCharSet));
if ( nUnicodeCommentActionNumber == i )
ImplReadUnicodeComment( nUnicodeCommentStreamPos,
rIStm, aStr );
+ ClampRange(aStr, nIndex, nLen);
rMtf.AddAction( new MetaStretchTextAction( aPt, nWidth,
aStr, nIndex, nLen ) );
}
commit c95e7f73807eee6ac6fbc7a2362b80bcaf8d0c77
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Mar 1 11:45:23 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:46:22 2022 +0200
protect frame from triggering deleting itself
LIBREOFFICE-N4LA0OHZ
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130766
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit ee2a192923bf709d05c174848e7054cd411b205a)
(cherry picked from commit 3d3c6462eeef581af2b936071c3ef432858b04a5)
(cherry picked from commit 503d84cabb68233a12a3a9602253f4345be86ad7)
Change-Id: I0d24277665a317f047b286fe0f0878b3814ded65
diff --git a/sw/qa/extras/layout/data/LIBREOFFICE-N4LA0OHZ.rtf
b/sw/qa/extras/layout/data/LIBREOFFICE-N4LA0OHZ.rtf
new file mode 100755
index 000000000000..47d284aa5753
--- /dev/null
+++ b/sw/qa/extras/layout/data/LIBREOFFICE-N4LA0OHZ.rtf
@@ -0,0 +1,347 @@
+{\rtf1\ansi\ansicpg1252\deff0
+{\fontttbl
+\f0\froman\fcharset0 Times;
+\f1\fswiss\fcharset0 Helvetica;
+\f2\fmodern\fcharset0 Courier;
+\f3\ftech\fcharset2 S�mbol;
+}
+{]colortbl
+;
+\red127\green255\blue212;
+\red0\green0\blue0;
+\red0\green0\blue255;
+\red2�5\green0\blue255;
+\red190\green190\blue190;
+\red0\green255\blue0;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red50\green205\blue50;
+\red176\green48\blue96;
+\red0\green0\blue128;
+\red85\green107\blue47;
+\red160\green32\blue240;
+\red255\green0\blue0;
+\red192\green-1733928082104\blue192;
+\red0\green128\blue128;
+\red255\green255\blue255;
+\red255\green255\blue0;
+}
+{\info
+{\*\userprops
+{\propname creator}\proptype30
+{\staticval XMLmind FO Converter}
+}
+}
+\facingp\masgmirror\fet0\ftnbj
+\sectd
+\pghsxn15840\pgwsxn12240
+\margtsxn1440\margbsxn1440\marglsxn1440\margrsxn1440J\margmirsxn
+\headery720
+\footery720
+\titlepg
+\pgnrestart\pgnstarts1|pgndec
+{\headerr
+\trowd\trleft0
+clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx186
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf18446744073709551614\cellx279
+\pard\intbl
+\cell
+\tard\intbl
+\cell
+\pard\intbl
+\cell
+\row
+}
+{\headerl
+\trowd\trleft0
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\�ellx186
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx279
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\row
+}
+{\headerf
+}
+{\footerr
+\trowd\trleft0
+\clvertalb
+\clbrdrT\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalb
+\clbrdrt\brdrs\brdrw10Lbrdrcf2\cellx186
+\clvertalb
+\clbrdrt\brdvs\brdrw10\brdrcf2\cellx279
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\row
+}
+{�footerl
+\trowd\trleft0
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brd2cf2\cellx186
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx279
+\pard\intbl
+\cell
+\row
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\row
+}
+{\footerf
+}
+{\*\bkmkstart id2754642}
+{\*\bkmkend i`2754642}
+\pard\qect
+\sectd
+\pghsxn1\pgwsxn12240
+\margtsxn1440\margbsxn1440\marglsxn1440\margrsxn1440
+\margmirsxn
+\headery720�\footery720
+\titlepg
+\pgncont\pgnlcrm
+{\headerr
+\trowd\trleft0
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx186
+\clvertalt
+^clbrdrb\brdrs\brdrw10\brdrcf2\cellx279
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\row
+}
+{\headerl
+\trowd\trleft0
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx186
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx279
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\row
+}
+{\headerf
+\trkwd\trleft0
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx186
+\clvertalt
+\clbrdrb\brdrs\brdrw10\b�drcf8\cellx279
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\row
+}
+{\footerr
+\trowd\trleft0
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx186
+\cdrertal�VQbdqomA
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx279
+\pard\intbl
+\cell
+\pard\intbl\qc
+{\plain\f0\fs20\cf2
+\chpgn
+}
+\cell
+\pard\intbl
+\cell
+\row
+}
+{\footerl
+\trowd\trleft0
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf3\cellx186
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx279
+\pard\intbl
+\cell
+\pard\intbl\qc
+{\plain\f0\fs20|cf2
+\chpgn
+}
+\cell
+\pard\intbl
+\cell
+\row
+}
+{\footerf
+\trowd\trleft0
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx186
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx279
+\pard\intbl
+\cell
+\pard\intbl\qc
+{\plain\f0\fs20\cf2
+\chpgn
+}
+\cell
+\pard\intbl
+\cell
+\row
+}
+{\*\bkmkstart toc_2e__2e__2e_id2754642}
+\pard\sb518\qj
+{\plain\f000000000000000000000000000000000000000000000000000000128\fs35\b\cf2
+Table of %nntentsmpUMjkI
+}
+\par
+{\*\bkmkend toc_2e__2e__2e_id2754642}
+\pard\sb291\li960\ri480\tldot\tx4920
+{\field{\*|fldinst HYPERLINK \\l id2884528}{\fldrslt
+{\plai~\f0\fs20�cf2
+1.
+}
+}}
+{\plain\f0\fs20\cf2
+
+}
+{\plain\f0\fs20\cf2
+\tab
+}
+{\plain\f0\fs20\cf2
+
+}
+{\field{\*\fldinst HYPERLINK \\n id2884528}{\fldrslt
+{\plain\f0\fs20\cf2
+{\field{\*\fldinst PAGEREF id2884528}{\fldrslt 0}}
+}
+}}
+\par
+\pard\sect
+\sectd
+\pghsxn15840\pgwsxn12240
+\margtsxn1440\margbsxn1440\marglsxn1440\margrsxn1440
+\margmirsxn
+\headery720
+\footery720
+\titlepg
+\pgnrestart\pgnstarts1\pgndec
+{\headerr
+\trowd\trleft0
+\clvertalt
+\clbrdrb�brdrs\brdrw10\brdrcf2\cellx93
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx186
+\clvertalt
+\clbrdrb\brdrs\brdrw10\brdrcf2\cellx279
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\pard\intbl
+\cell
+\rou
+}
+{\footarl
+\trowd\trleft0
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx186
+mkend toc_2e__2e__2e_id2754642}
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx279
+\pard\intbl
+\cell
+\pard\intbl\qc
+{\%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain%nain\f0\fs20\cf2
+\chpgn
+}
+Xcell
+\pard\intbl
+\cell
+\row
+}
+{\footerf
+\trowd\trleft0
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx93
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx186
+\clvertalb
+\clbrdrt\brdrs\brdrw10\brdrcf2\cellx279
+\pard\intbl
+\cell
+\pard\intbl\qc
+{\plain\f0\fs20\cf2
+\chpgn
+}
+\cell
+\pard\intbl
+\cell
+\row
+}
+\par}
+\par}
+\row
+kbkmkend id2884--188884712918700}
+\par}
\ No newline at end of file
diff --git a/sw/qa/extras/layout/layout.cxx b/sw/qa/extras/layout/layout.cxx
index ec568d69f767..33c306934f44 100644
--- a/sw/qa/extras/layout/layout.cxx
+++ b/sw/qa/extras/layout/layout.cxx
@@ -57,6 +57,7 @@ public:
void testTdf109137();
void testForcepoint72();
void testForcepoint76();
+ void testN4LA0OHZ();
void testTdf118058();
void testTdf117188();
void testTdf117187();
@@ -97,6 +98,7 @@ public:
CPPUNIT_TEST(testTdf109137);
CPPUNIT_TEST(testForcepoint72);
CPPUNIT_TEST(testForcepoint76);
+ CPPUNIT_TEST(testN4LA0OHZ);
CPPUNIT_TEST(testTdf118058);
CPPUNIT_TEST(testTdf117188);
CPPUNIT_TEST(testTdf117187);
@@ -2580,6 +2582,9 @@ void SwLayoutWriter::testForcepoint72() {
createDoc("forcepoint72-1.rtf"); }
//just care it doesn't crash/assert
void SwLayoutWriter::testForcepoint76() { createDoc("forcepoint76-1.rtf"); }
+//just care it doesn't crash/assert
+void SwLayoutWriter::testN4LA0OHZ() { createDoc("LIBREOFFICE-N4LA0OHZ.rtf"); }
+
void SwLayoutWriter::testTdf118058()
{
SwDoc* pDoc = createDoc("tdf118058.fodt");
diff --git a/sw/source/core/layout/tabfrm.cxx b/sw/source/core/layout/tabfrm.cxx
index a379e71dbaed..0e7c5a8adc29 100644
--- a/sw/source/core/layout/tabfrm.cxx
+++ b/sw/source/core/layout/tabfrm.cxx
@@ -2078,6 +2078,7 @@ void SwTabFrame::MakeAll(vcl::RenderContext*
pRenderContext)
}
SwFootnoteBossFrame *pOldBoss = bFootnotesInDoc ?
FindFootnoteBossFrame( true ) : nullptr;
bool bReformat;
+ SwFrameDeleteGuard g(this);
if ( MoveBwd( bReformat ) )
{
aRectFnSet.Refresh(this);
commit 5a235e4d9801babae2965d19a5d40c60268a3e9b
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Feb 25 12:33:13 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:42:58 2022 +0200
lastPoint might be 0xFFFF
LIBREOFFICE-KYYAZMB9
Change-Id: Ic0d95bd39a01dc1e5e0fec83dcc2c40b3f23b747
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130462
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 21ea1eacd214dbaac8d0ce7f437580d535871415)
(cherry picked from commit 1f3e7bc9e47b83f009b8085effa61467101aa102)
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 9262c2bca365..bb0f008c7b0e 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -412,7 +412,7 @@ static int GetSimpleTTOutline(TrueTypeFont const *ttf,
sal_uInt32 glyphID, Contr
const sal_uInt8* p = ptr + nOffset;
const sal_uInt32 nBytesRemaining = nTableSize - nOffset;
- const sal_uInt16 palen = lastPoint+1;
+ const sal_uInt32 palen = lastPoint+1;
//at a minimum its one byte per entry
if (palen > nBytesRemaining || lastPoint > nBytesRemaining-1)
commit 5efab2e982890349a29f3ab5fa0944760e26e145
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Mar 1 10:39:34 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:42:26 2022 +0200
fail more gracefully if m_aTmpPosition is empty
LIBREOFFICE-N4LA0OHZ
Change-Id: I7f863151f753ad5605c4f1f280cfd79aa4c6bce4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130772
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 02837024ea8d3d52c92420858327b309f2e96487)
(cherry picked from commit 9fc1be2594ceac46e9a769d7ee2a2004869603ac)
diff --git a/writerfilter/source/dmapper/DomainMapperTableManager.cxx
b/writerfilter/source/dmapper/DomainMapperTableManager.cxx
index b698fabe0c44..99ebfa11619f 100644
--- a/writerfilter/source/dmapper/DomainMapperTableManager.cxx
+++ b/writerfilter/source/dmapper/DomainMapperTableManager.cxx
@@ -541,6 +541,8 @@ void DomainMapperTableManager::endOfRowAction()
// Compare the table position with the previous ones. We may need to split
// into two tables if those are different. We surely don't want to do
anything
// if we don't have any row yet.
+ if (m_aTmpPosition.empty())
+ throw std::out_of_range("row without a position");
TablePositionHandlerPtr pTmpPosition = m_aTmpPosition.back();
TablePropertyMapPtr pTablePropMap = m_aTmpTableProperties.back( );
TablePositionHandlerPtr pCurrentPosition = m_aTablePositions.back();
commit 92f0aeaac8736e5e44b301fa90c07a5614664be1
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Feb 28 09:45:55 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:41:57 2022 +0200
check if cast is to the right type
LIBREOFFICE-311XVJ95
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130670
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit b44bd9ef8e2efdb66558917200e1f179b9db1c58)
Change-Id: I159f516daafad3e4088677fe2c8c6f5423b3e264
(cherry picked from commit f9350f9a8404fd9eb5b6963022f0069e89ddd061)
diff --git a/drawinglayer/source/tools/emfphelperdata.cxx
b/drawinglayer/source/tools/emfphelperdata.cxx
index 6e4859f0bad7..0a26aff9ef54 100644
--- a/drawinglayer/source/tools/emfphelperdata.cxx
+++ b/drawinglayer/source/tools/emfphelperdata.cxx
@@ -350,7 +350,7 @@ namespace emfplushelper
}
else // we use a pen
{
- const EMFPPen* pen =
static_cast<EMFPPen*>(maEMFPObjects[brushIndexOrColor & 0xff].get());
+ const EMFPPen* pen =
dynamic_cast<EMFPPen*>(maEMFPObjects[brushIndexOrColor & 0xff].get());
if (pen)
{
color = pen->GetColor();
@@ -535,7 +535,7 @@ namespace emfplushelper
}
else // use Brush
{
- EMFPBrush* brush = static_cast<EMFPBrush*>(
maEMFPObjects[brushIndexOrColor & 0xff].get() );
+ EMFPBrush* brush = dynamic_cast<EMFPBrush*>(
maEMFPObjects[brushIndexOrColor & 0xff].get() );
SAL_INFO("drawinglayer", "EMF+\t Fill polygon, brush slot: " <<
brushIndexOrColor << " (brush type: " << (brush ? brush->GetType() : -1) <<
")");
// give up in case something wrong happened
@@ -1033,7 +1033,11 @@ namespace emfplushelper
rMS.ReadUInt32(brushIndexOrColor);
SAL_INFO("drawinglayer", "EMF+ FillRegion slot: " <<
index);
-
EMFPPlusFillPolygon(static_cast<EMFPRegion*>(maEMFPObjects[flags &
0xff].get())->regionPolyPolygon, flags & 0x8000, brushIndexOrColor);
+ EMFPRegion* region =
dynamic_cast<EMFPRegion*>(maEMFPObjects[flags & 0xff].get());
+ if (region)
+ EMFPPlusFillPolygon(region->regionPolyPolygon,
flags & 0x8000, brushIndexOrColor);
+ else
+ SAL_WARN("drawinglayer.emf",
"EMF+\tEmfPlusRecordTypeFillRegion missing region");
}
break;
case EmfPlusRecordTypeDrawEllipse:
@@ -1210,9 +1214,10 @@ namespace emfplushelper
SAL_INFO("drawinglayer", "EMF+\tTODO: use image
attributes");
// For DrawImage and DrawImagePoints, source unit of
measurement type must be 1 pixel
- if (sourceUnit == UnitTypePixel && maEMFPObjects[flags
& 0xff].get())
+ if (EMFPImage* image = sourceUnit == UnitTypePixel ?
+ dynamic_cast<EMFPImage*>(maEMFPObjects[flags &
0xff].get()) :
+ nullptr)
{
- EMFPImage& image = *static_cast<EMFPImage
*>(maEMFPObjects[flags & 0xff].get());
float sx, sy, sw, sh;
ReadRectangle(rMS, sx, sy, sw, sh);
::tools::Rectangle aSource(Point(sx, sy), Size(sw,
sh));
@@ -1262,9 +1267,9 @@ namespace emfplushelper
aDstPoint.getX(),
aDstPoint.getY());
- if (image.type == ImageDataTypeBitmap)
+ if (image->type == ImageDataTypeBitmap)
{
- BitmapEx aBmp(image.graphic.GetBitmapEx());
+ BitmapEx aBmp(image->graphic.GetBitmapEx());
aBmp.Crop(aSource);
Size aSize(aBmp.GetSizePixel());
SAL_INFO("drawinglayer", "EMF+\t bitmap size:
" << aSize.Width() << "x" << aSize.Height());
@@ -1278,9 +1283,9 @@ namespace emfplushelper
SAL_INFO("drawinglayer", "EMF+\t warning:
empty bitmap");
}
}
- else if (image.type == ImageDataTypeMetafile)
+ else if (image->type == ImageDataTypeMetafile)
{
- GDIMetaFile
aGDI(image.graphic.GetGDIMetaFile());
+ GDIMetaFile
aGDI(image->graphic.GetGDIMetaFile());
aGDI.Clip(aSource);
mrTargetHolders.Current().append(
o3tl::make_unique<drawinglayer::primitive2d::MetafilePrimitive2D>(aTransformMatrix,
aGDI));
@@ -1314,7 +1319,7 @@ namespace emfplushelper
// get the stringFormat from the Object table (
this is OPTIONAL and may be nullptr )
const EMFPStringFormat *stringFormat =
dynamic_cast<EMFPStringFormat*>(maEMFPObjects[formatId & 0xff].get());
// get the font from the flags
- const EMFPFont *font = static_cast< EMFPFont* >(
maEMFPObjects[flags & 0xff].get() );
+ const EMFPFont *font =
dynamic_cast<EMFPFont*>(maEMFPObjects[flags & 0xff].get());
if (!font)
{
break;
@@ -1680,7 +1685,7 @@ namespace emfplushelper
SAL_INFO("drawinglayer", "EMF+ SetClipPath combine
mode: " << combineMode);
SAL_INFO("drawinglayer", "EMF+\tpath in slot: " <<
(flags & 0xff));
- EMFPPath *path =
static_cast<EMFPPath*>(maEMFPObjects[flags & 0xff].get());
+ EMFPPath *path =
dynamic_cast<EMFPPath*>(maEMFPObjects[flags & 0xff].get());
if (!path)
{
break;
@@ -1697,7 +1702,7 @@ namespace emfplushelper
int combineMode = (flags >> 8) & 0xf;
SAL_INFO("drawinglayer", "EMF+ SetClipRegion");
SAL_INFO("drawinglayer", "EMF+\tregion in slot: " <<
(flags & 0xff) << " combine mode: " << combineMode);
- EMFPRegion *region =
static_cast<EMFPRegion*>(maEMFPObjects[flags & 0xff].get());
+ EMFPRegion *region =
dynamic_cast<EMFPRegion*>(maEMFPObjects[flags & 0xff].get());
if (!region)
{
break;
@@ -1765,7 +1770,7 @@ namespace emfplushelper
}
// get the font from the flags
- EMFPFont *font = static_cast< EMFPFont* >(
maEMFPObjects[flags & 0xff].get() );
+ EMFPFont *font =
dynamic_cast<EMFPFont*>(maEMFPObjects[flags & 0xff].get());
if (!font)
{
break;
commit 8bade2aa2790f885290db3f2ca5c688dfdc3a0f0
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Feb 28 09:15:10 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:34:58 2022 +0200
ensure null terminator
LIBREOFFICE-WB8DT2Q9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130668
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
Tested-by: Jenkins
(cherry picked from commit 4b6956ca146f25b746f63c176b377d3c15d204ff)
Change-Id: I98529325bbd3ff475ba84b4991eb17240440df4b
(cherry picked from commit 918c4a49fa841f0d234b18234d946684fe6378af)
diff --git a/sc/source/filter/lotus/op.cxx b/sc/source/filter/lotus/op.cxx
index c6302eb90988..3996737053a8 100644
--- a/sc/source/filter/lotus/op.cxx
+++ b/sc/source/filter/lotus/op.cxx
@@ -588,14 +588,9 @@ void OP_SheetName123(LotusContext& rContext, SvStream&
rStream, sal_uInt16 nLeng
SCTAB nSheetNum = static_cast<SCTAB>(nDummy);
rContext.pDoc->MakeTable(nSheetNum);
- ::std::vector<sal_Char> sSheetName;
- sSheetName.reserve(nLength-4);
- for (sal_uInt16 i = 4; i < nLength; ++i)
- {
- sal_Char c;
- rStream.ReadChar( c );
- sSheetName.push_back(c);
- }
+ const size_t nStrLen = nLength - 4;
+ std::vector<sal_Char> sSheetName(nStrLen + 1);
+ sSheetName[rStream.ReadBytes(sSheetName.data(), nStrLen)] = 0;
if (!sSheetName.empty())
{
commit f93c3cb62b5bd1f560008b15cb13cd8f34dcd02c
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Feb 22 16:09:53 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:34:21 2022 +0200
keep paragraph's that failed to load until import is complete
LIBREOFFICE-509JU93T
Change-Id: I526edb182fed4fa023cce58e78a650a7c2046ed3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130326
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 32e8d3e45698a3cc09f66460b460db1d10ac50b5)
(cherry picked from commit 0635bbb035940dcedb17713a958f81265d69e67e)
diff --git a/hwpfilter/source/hwpfile.cxx b/hwpfilter/source/hwpfile.cxx
index 2ceefc481c2f..9599aaa46ded 100644
--- a/hwpfilter/source/hwpfile.cxx
+++ b/hwpfilter/source/hwpfile.cxx
@@ -241,6 +241,7 @@ void HWPFile::ReadParaList(std::vector < HWPPara* > &aplist)
aplist.push_back(spNode.release());
spNode.reset( new HWPPara );
}
+ pfailedlist.push_back(std::move(spNode));
}
void HWPFile::ReadParaList(std::vector< std::unique_ptr<HWPPara> > &aplist,
unsigned char flag)
@@ -274,6 +275,7 @@ void HWPFile::ReadParaList(std::vector<
std::unique_ptr<HWPPara> > &aplist, unsi
aplist.push_back(std::move(spNode));
spNode.reset( new HWPPara );
}
+ pfailedlist.push_back(std::move(spNode));
}
void HWPFile::TagsRead()
diff --git a/hwpfilter/source/hwpfile.h b/hwpfilter/source/hwpfile.h
index 88e2151a5c9a..539c1b401c45 100644
--- a/hwpfilter/source/hwpfile.h
+++ b/hwpfilter/source/hwpfile.h
@@ -284,6 +284,10 @@ class DLLEXPORT HWPFile
std::vector<std::unique_ptr<ColumnInfo>> columnlist;
// paragraph list
std::vector<std::unique_ptr<HWPPara>> plist;
+ // keep paragraph's that failed to load until
+ // import is complete to avoid dangling references
+ // elsewhere
+ std::vector<std::unique_ptr<HWPPara>> pfailedlist;
// floating box list
std::vector<FBox*> blist;
// embedded picture list(tag datas)
commit e33561ec714b90a89ef44559477e71cc7fc5a051
Author: Renwa Hiwa <renwa...@gmail.com>
AuthorDate: Tue Feb 22 09:36:29 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:34:00 2022 +0200
Better handling of msi
LIBREOFFICE-SK4E5D8N
Change-Id: I44f25a47ab6ffeb9d2b679874c8c96af1319eb2c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130317
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit ccaabe8e8100a3a0600456c5a65221ca2b263c95)
(cherry picked from commit aa993b7667136ff858a7c8d6f3d1bac8f255151a)
diff --git a/shell/source/win32/SysShExec.cxx b/shell/source/win32/SysShExec.cxx
index cc035c45a2d9..c2f35dc486e9 100644
--- a/shell/source/win32/SysShExec.cxx
+++ b/shell/source/win32/SysShExec.cxx
@@ -412,7 +412,7 @@ void SAL_CALL CSysShExec::execute( const OUString&
aCommand, const OUString& aPa
if (!(checkExtension(ext, env)
&& checkExtension(
ext,
-
".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.CLASS;"
+
".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.MSI;.PY;.CLASS;"
".JAR;.APPLICATION;.LNK;.SCR")))
{
throw css::lang::IllegalArgumentException(
commit b7b28c8a81b24aff5670041fef371bb53436288a
Author: zhutyra <zhutyra>
AuthorDate: Tue Feb 1 14:07:26 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:33:22 2022 +0200
ensure bounds checking
LIBREOFFICE-SBQ5TJRS
Change-Id: I71f35bc120fdd70298685131f29a6bb822d50f11
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129261
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 17dd787a4ca9c17883e0bdfc75c89c2fa7ec169e)
(cherry picked from commit b268215d10f7da6d01c223b260970198c00cb610)
diff --git a/lotuswordpro/source/filter/lwpdrawobj.cxx
b/lotuswordpro/source/filter/lwpdrawobj.cxx
index 917a62d3923b..a0d5ef65d360 100644
--- a/lotuswordpro/source/filter/lwpdrawobj.cxx
+++ b/lotuswordpro/source/filter/lwpdrawobj.cxx
@@ -1352,21 +1352,20 @@ void LwpDrawBitmap::Read()
m_pStream->ReadUInt16( m_aBmpRec.nTranslation );
m_pStream->ReadUInt16( m_aBmpRec.nRotation );
+ // 20 == length of draw-specific fields.
if (m_aObjHeader.nRecLen < 20)
throw BadRead();
- // 20 == length of draw-specific fields.
- // 14 == length of bmp file header.
- m_aBmpRec.nFileSize = m_aObjHeader.nRecLen - 20 + 14;
+ sal_uInt64 nBmpPos = m_pStream->Tell();
+ sal_uInt64 nBmpLen =
+ std::min<sal_uInt64>(m_aObjHeader.nRecLen - 20,
m_pStream->remainingSize());
BmpInfoHeader2 aInfoHeader2;
m_pStream->ReadUInt32( aInfoHeader2.nHeaderLen );
- if (!m_pStream->good())
+ if (!m_pStream->good() || nBmpLen < aInfoHeader2.nHeaderLen)
throw BadRead();
- m_pImageData.reset( new sal_uInt8 [m_aBmpRec.nFileSize] );
-
sal_uInt32 N;
sal_uInt32 rgbTableSize;
@@ -1391,7 +1390,7 @@ void LwpDrawBitmap::Read()
rgbTableSize = 3 * (1 << N);
}
}
- else
+ else if (aInfoHeader2.nHeaderLen >= sizeof(BmpInfoHeader2))
{
m_pStream->ReadUInt32( aInfoHeader2.nWidth );
m_pStream->ReadUInt32( aInfoHeader2.nHeight );
@@ -1406,8 +1405,14 @@ void LwpDrawBitmap::Read()
{
rgbTableSize = 4 * (1 << N);
}
-
}
+ else
+ {
+ throw BadRead();
+ }
+
+ m_aBmpRec.nFileSize = static_cast<sal_uInt32>(nBmpLen + 14);
+ m_pImageData.reset( new sal_uInt8 [m_aBmpRec.nFileSize] );
sal_uInt32 nOffBits = 14 + aInfoHeader2.nHeaderLen + rgbTableSize;
m_pImageData[0] = 'B';
@@ -1425,50 +1430,10 @@ void LwpDrawBitmap::Read()
m_pImageData[12] = static_cast<sal_uInt8>(nOffBits >> 16);
m_pImageData[13] = static_cast<sal_uInt8>(nOffBits >> 24);
- sal_uInt32 nDIBRemaining;
sal_uInt8* pPicData = m_pImageData.get();
- if (aInfoHeader2.nHeaderLen== sizeof(BmpInfoHeader))
- {
- m_pImageData[14] = static_cast<sal_uInt8>(aInfoHeader2.nHeaderLen);
- m_pImageData[15] = static_cast<sal_uInt8>(aInfoHeader2.nHeaderLen >>
8);
- m_pImageData[16] = static_cast<sal_uInt8>(aInfoHeader2.nHeaderLen >>
16);
- m_pImageData[17] = static_cast<sal_uInt8>(aInfoHeader2.nHeaderLen >>
24);
- m_pImageData[18] = static_cast<sal_uInt8>(aInfoHeader2.nWidth);
- m_pImageData[19] = static_cast<sal_uInt8>(aInfoHeader2.nWidth >> 8);
- m_pImageData[20] = static_cast<sal_uInt8>(aInfoHeader2.nHeight);
- m_pImageData[21] = static_cast<sal_uInt8>(aInfoHeader2.nHeight >> 8);
- m_pImageData[22] = static_cast<sal_uInt8>(aInfoHeader2.nPlanes);
- m_pImageData[23] = static_cast<sal_uInt8>(aInfoHeader2.nPlanes >> 8);
- m_pImageData[24] = static_cast<sal_uInt8>(aInfoHeader2.nBitCount);
- m_pImageData[25] = static_cast<sal_uInt8>(aInfoHeader2.nBitCount >> 8);
-
- nDIBRemaining = m_aBmpRec.nFileSize - 26;
- pPicData += 26*sizeof(sal_uInt8);
- }
- else
- {
- m_pImageData[14] = static_cast<sal_uInt8>(aInfoHeader2.nHeaderLen);
- m_pImageData[15] = static_cast<sal_uInt8>(aInfoHeader2.nHeaderLen >>
8);
- m_pImageData[16] = static_cast<sal_uInt8>(aInfoHeader2.nHeaderLen >>
16);
- m_pImageData[17] = static_cast<sal_uInt8>(aInfoHeader2.nHeaderLen >>
24);
- m_pImageData[18] = static_cast<sal_uInt8>(aInfoHeader2.nWidth);
- m_pImageData[19] = static_cast<sal_uInt8>(aInfoHeader2.nWidth >> 8);
- m_pImageData[20] = static_cast<sal_uInt8>(aInfoHeader2.nWidth >> 16);
- m_pImageData[21] = static_cast<sal_uInt8>(aInfoHeader2.nWidth >> 24);
- m_pImageData[22] = static_cast<sal_uInt8>(aInfoHeader2.nHeight);
- m_pImageData[23] = static_cast<sal_uInt8>(aInfoHeader2.nHeight >> 8);
- m_pImageData[24] = static_cast<sal_uInt8>(aInfoHeader2.nHeight >> 16);
- m_pImageData[25] = static_cast<sal_uInt8>(aInfoHeader2.nHeight >> 24);
- m_pImageData[26] = static_cast<sal_uInt8>(aInfoHeader2.nPlanes);
- m_pImageData[27] = static_cast<sal_uInt8>(aInfoHeader2.nPlanes >> 8);
- m_pImageData[28] = static_cast<sal_uInt8>(aInfoHeader2.nBitCount);
- m_pImageData[29] = static_cast<sal_uInt8>(aInfoHeader2.nBitCount >> 8);
-
- nDIBRemaining = m_aBmpRec.nFileSize - 30;
- pPicData += 30*sizeof(sal_uInt8);
- }
- if (nDIBRemaining != m_pStream->ReadBytes(pPicData, nDIBRemaining))
+ m_pStream->Seek(nBmpPos);
+ if (nBmpLen != m_pStream->ReadBytes(pPicData + 14, nBmpLen))
throw BadRead();
}
commit 37cad79d9fbb1b645e9c7c33695dd5ef5fe626fa
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Jan 13 16:57:48 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:32:33 2022 +0200
ofz#43577 valid reclen must be >= 20
Change-Id: I454bff4acfcd85701a7f094a8bd76898825e9ce2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128388
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 444477a07bcaf59181dbbc719b913566091deadc)
ofz: Use-of-uninitialized-value
Change-Id: I6b768b80d972c5379005efecfb803463ca648b4b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128644
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 7b37a1a5144a3a4c8b0803b7e2da81e9e108bf66)
ofz: Undefined-Shift
Change-Id: Ib935359071ef9e390aa3d6c9713ed48241ad18e6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129066
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit e863b90a0e5fc90c3b824e4b0012f9389b87a3ac)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129183
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 7c8b41bc322720dc9434fbef1f10a6740913165e)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129416
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit 7664ec93edc190ae0bc18b5793763fde5cec8d62)
diff --git a/lotuswordpro/source/filter/lwpdrawobj.cxx
b/lotuswordpro/source/filter/lwpdrawobj.cxx
index 6dc6fb2b9220..917a62d3923b 100644
--- a/lotuswordpro/source/filter/lwpdrawobj.cxx
+++ b/lotuswordpro/source/filter/lwpdrawobj.cxx
@@ -1352,14 +1352,21 @@ void LwpDrawBitmap::Read()
m_pStream->ReadUInt16( m_aBmpRec.nTranslation );
m_pStream->ReadUInt16( m_aBmpRec.nRotation );
+ if (m_aObjHeader.nRecLen < 20)
+ throw BadRead();
+
// 20 == length of draw-specific fields.
// 14 == length of bmp file header.
m_aBmpRec.nFileSize = m_aObjHeader.nRecLen - 20 + 14;
- m_pImageData.reset( new sal_uInt8 [m_aBmpRec.nFileSize] );
BmpInfoHeader2 aInfoHeader2;
m_pStream->ReadUInt32( aInfoHeader2.nHeaderLen );
+ if (!m_pStream->good())
+ throw BadRead();
+
+ m_pImageData.reset( new sal_uInt8 [m_aBmpRec.nFileSize] );
+
sal_uInt32 N;
sal_uInt32 rgbTableSize;
@@ -1375,7 +1382,7 @@ void LwpDrawBitmap::Read()
m_pStream->ReadUInt16( aInfoHeader2.nBitCount );
N = aInfoHeader2.nPlanes * aInfoHeader2.nBitCount;
- if (N == 24)
+ if (N >= 16)
{
rgbTableSize = 0;
}
@@ -1391,7 +1398,7 @@ void LwpDrawBitmap::Read()
m_pStream->ReadUInt16( aInfoHeader2.nPlanes );
m_pStream->ReadUInt16( aInfoHeader2.nBitCount );
N = aInfoHeader2.nPlanes * aInfoHeader2.nBitCount;
- if (N == 24)
+ if (N >= 16)
{
rgbTableSize = 0;
}
commit 35562b809a3207a3ff9b2d700e2ea6c285992320
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Jan 17 10:48:12 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:31:49 2022 +0200
ofz: Use-of-uninitialized-value
Change-Id: Ic5f41e4f1f6b20a8cd8887807296f33adb48b728
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/128439
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit bb03203848ef1c30786ad084440b5d317a466127)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129415
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit b3288c52844bec9e33a7ae725332f95c84384ac7)
diff --git a/lotuswordpro/source/filter/lwpdrawobj.cxx
b/lotuswordpro/source/filter/lwpdrawobj.cxx
index cd25e50bb93b..6dc6fb2b9220 100644
--- a/lotuswordpro/source/filter/lwpdrawobj.cxx
+++ b/lotuswordpro/source/filter/lwpdrawobj.cxx
@@ -1461,7 +1461,8 @@ void LwpDrawBitmap::Read()
pPicData += 30*sizeof(sal_uInt8);
}
- m_pStream->ReadBytes(pPicData, nDIBRemaining);
+ if (nDIBRemaining != m_pStream->ReadBytes(pPicData, nDIBRemaining))
+ throw BadRead();
}
OUString LwpDrawBitmap::RegisterStyle()
commit 48d85fd4db95939597b66da2f32bc5f024686518
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Feb 10 10:53:27 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:27:52 2022 +0200
limit style export to words max style count
and
use std::vector
LIBREOFFICE-U78X8I5G
Change-Id: I436b4c13a4ce07f5e9e5d374163bc4de55cd2cde
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129766
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 8e94ec9d93fe3e1057fb1aaa2f0419114c4ea11c)
(cherry picked from commit 0361cc74c7e0619f8b25a5584accb56d0c45f97a)
diff --git a/sw/source/filter/ww8/wrtw8sty.cxx
b/sw/source/filter/ww8/wrtw8sty.cxx
index af39bf4ef063..810cf955135a 100644
--- a/sw/source/filter/ww8/wrtw8sty.cxx
+++ b/sw/source/filter/ww8/wrtw8sty.cxx
@@ -150,13 +150,13 @@ MSWordStyles::MSWordStyles( MSWordExportBase& rExport,
bool bListStyles )
m_rExport.m_pDoc->GetFootnoteInfo().GetAnchorCharFormat(
*m_rExport.m_pDoc );
m_rExport.m_pDoc->GetFootnoteInfo().GetCharFormat( *m_rExport.m_pDoc );
}
- sal_uInt16 nAlloc = WW8_RESERVED_SLOTS +
m_rExport.m_pDoc->GetCharFormats()->size() - 1 +
+ sal_uInt32 nAlloc = WW8_RESERVED_SLOTS +
m_rExport.m_pDoc->GetCharFormats()->size() - 1 +
m_rExport.m_pDoc->GetTextFormatColls()->size() - 1 +
(bListStyles ?
m_rExport.m_pDoc->GetNumRuleTable().size() - 1 : 0);
+ nAlloc = std::min<sal_uInt32>(nAlloc, MSWORD_MAX_STYLES_LIMIT);
// somewhat generous ( free for up to 15 )
- m_pFormatA.reset( new SwFormat*[ nAlloc ] );
- memset( m_pFormatA.get(), 0, nAlloc * sizeof( SwFormat* ) );
+ m_aFormatA.resize(nAlloc, nullptr);
memset( m_aHeadingParagraphStyles, -1 , MAXLEVEL * sizeof( sal_uInt16));
BuildStylesTable();
@@ -172,7 +172,7 @@ sal_uInt16 MSWordStyles::GetSlot( const SwFormat* pFormat )
const
{
sal_uInt16 n;
for ( n = 0; n < m_nUsedSlots; n++ )
- if ( m_pFormatA[n] == pFormat )
+ if ( m_aFormatA[n] == pFormat )
return n;
return 0xfff; // 0xfff: WW: zero
}
@@ -281,19 +281,19 @@ void MSWordStyles::BuildStylesTable()
const SwCharFormats& rArr = *m_rExport.m_pDoc->GetCharFormats(); //
first CharFormat
// the default character style ( 0 ) will not be outputted !
- for( size_t n = 1; n < rArr.size(); n++ )
+ for( size_t n = 1; n < rArr.size() && m_nUsedSlots <
MSWORD_MAX_STYLES_LIMIT; n++ )
{
SwCharFormat* pFormat = rArr[n];
- m_pFormatA[ BuildGetSlot( *pFormat ) ] = pFormat;
+ m_aFormatA[ BuildGetSlot( *pFormat ) ] = pFormat;
}
const SwTextFormatColls& rArr2 = *m_rExport.m_pDoc->GetTextFormatColls();
// then TextFormatColls
// the default character style ( 0 ) will not be outputted !
- for( size_t n = 1; n < rArr2.size(); n++ )
+ for( size_t n = 1; n < rArr2.size() && m_nUsedSlots <
MSWORD_MAX_STYLES_LIMIT; n++ )
{
SwTextFormatColl* pFormat = rArr2[n];
sal_uInt16 nId = BuildGetSlot( *pFormat ) ;
- m_pFormatA[ nId ] = pFormat;
+ m_aFormatA[ nId ] = pFormat;
if ( pFormat->IsAssignedToListLevelOfOutlineStyle() )
{
int nLvl = pFormat->GetAssignedOutlineStyleLevel() ;
@@ -306,7 +306,7 @@ void MSWordStyles::BuildStylesTable()
return;
const SwNumRuleTable& rNumRuleTable = m_rExport.m_pDoc->GetNumRuleTable();
- for (size_t i = 0; i < rNumRuleTable.size(); ++i)
+ for (size_t i = 0; i < rNumRuleTable.size() && m_nUsedSlots <
MSWORD_MAX_STYLES_LIMIT; ++i)
{
const SwNumRule* pNumRule = rNumRuleTable[i];
if (pNumRule->IsAutoRule() || pNumRule->GetName().startsWith("WWNum"))
@@ -326,8 +326,8 @@ void MSWordStyles::BuildStyleIds()
for (sal_uInt16 n = 1; n < m_nUsedSlots; ++n)
{
OUString aName;
- if(m_pFormatA[n])
- aName = m_pFormatA[n]->GetName();
+ if (m_aFormatA[n])
+ aName = m_aFormatA[n]->GetName();
else if (m_aNumRules.find(n) != m_aNumRules.end())
aName = m_aNumRules[n]->GetName();
OStringBuffer aStyleIdBuf(aName.getLength());
@@ -607,8 +607,8 @@ void MSWordStyles::OutputStyle( SwFormat* pFormat,
sal_uInt16 nPos )
for ( int nSuffix = 0; ; ++nSuffix ) {
bool clash=false;
for ( sal_uInt16 n = 1; n < m_nUsedSlots; ++n )
- if ( m_pFormatA[n] &&
- m_pFormatA[n]->GetName().equalsIgnoreAsciiCase(aName)
)
+ if ( m_aFormatA[n] &&
+ m_aFormatA[n]->GetName().equalsIgnoreAsciiCase(aName)
)
{
clash = true;
break;
@@ -683,7 +683,7 @@ void MSWordStyles::OutputStylesTable()
if (m_aNumRules.find(n) != m_aNumRules.end())
OutputStyle(m_aNumRules[n], n);
else
- OutputStyle( m_pFormatA[n], n );
+ OutputStyle(m_aFormatA[n], n);
}
m_rExport.AttrOutput().EndStyles( m_nUsedSlots );
diff --git a/sw/source/filter/ww8/wrtww8.hxx b/sw/source/filter/ww8/wrtww8.hxx
index 064055fd06c7..aef47717f0a1 100644
--- a/sw/source/filter/ww8/wrtww8.hxx
+++ b/sw/source/filter/ww8/wrtww8.hxx
@@ -1536,7 +1536,7 @@ class MSWordStyles
{
MSWordExportBase& m_rExport;
sal_uInt16 m_aHeadingParagraphStyles[MAXLEVEL];
- std::unique_ptr<SwFormat*[]> m_pFormatA; ///< Slot <-> Character and
paragraph style array (0 for list styles).
+ std::vector<SwFormat*> m_aFormatA; ///< Slot <-> Character and paragraph
style array (0 for list styles).
sal_uInt16 m_nUsedSlots;
bool const m_bListStyles; ///< If list styles are requested to be exported
as well.
std::map<sal_uInt16, const SwNumRule*> m_aNumRules; ///< Slot <-> List
style map.
@@ -1584,7 +1584,7 @@ public:
/// Get styleId of the nId-th style (nId is its position in pFormatA).
OString const & GetStyleId(sal_uInt16 nId) const;
- const SwFormat* GetSwFormat(sal_uInt16 nId) const { return
m_pFormatA[nId]; }
+ const SwFormat* GetSwFormat(sal_uInt16 nId) const { return
m_aFormatA[nId]; }
/// Get numbering rule of the nId-th style
const SwNumRule* GetSwNumRule(sal_uInt16 nId) const;
sal_uInt16 GetHeadingParagraphStyleId(sal_uInt16 nLevel) const { return
m_aHeadingParagraphStyles[ nLevel ]; }
commit 1b8ca2dd47a81ecfc4de379e95719a7c00858792
Author: zhutyra <zhutyra>
AuthorDate: Tue Feb 1 13:54:55 2022 +0000
Commit: Gabor Kelemen <kelem...@ubuntu.com>
CommitDate: Sat Apr 2 13:25:59 2022 +0200
read of width/height uses wrong record size
this initially went wrong at:
commit b4fb7a437bb0ce987702b12008737756623618ac
Date: Mon May 23 21:38:40 2011 +0100
fix up some more endian
LIBREOFFICE-SBQ5TJRS
Change-Id: Ie418f530f55288351f73f3c0cbab9ac48e6b6964
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129259
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 6694e3ea9c2f05a20245d94c5c1eda955cb3aacc)
(cherry picked from commit aaad67afccf1c59bf7d8fe7ab5207ff903f1c515)
diff --git a/lotuswordpro/source/filter/lwpdrawobj.cxx
b/lotuswordpro/source/filter/lwpdrawobj.cxx
index 45637de0c32c..cd25e50bb93b 100644
--- a/lotuswordpro/source/filter/lwpdrawobj.cxx
+++ b/lotuswordpro/source/filter/lwpdrawobj.cxx
@@ -1365,8 +1365,12 @@ void LwpDrawBitmap::Read()
if (aInfoHeader2.nHeaderLen == sizeof(BmpInfoHeader))
{
- m_pStream->ReadUInt32( aInfoHeader2.nWidth );
- m_pStream->ReadUInt32( aInfoHeader2.nHeight );
+ sal_uInt16 nTmp;
+
+ m_pStream->ReadUInt16( nTmp );
+ aInfoHeader2.nWidth = nTmp;
+ m_pStream->ReadUInt16( nTmp );
+ aInfoHeader2.nHeight = nTmp;
m_pStream->ReadUInt16( aInfoHeader2.nPlanes );
m_pStream->ReadUInt16( aInfoHeader2.nBitCount );
