Bug#603868: Don't try to unpack empty associated strings

Wed, 17 Nov 2010 15:57:20 -0800 

Package: wv2
Version: 0.4.2.dfsg.1-1
Severity: normal
Tags: patch

If the length of the associated strings section is 0, libwv2 currently tries to
unpack it anyway, which tries to interpret whatever is after that point in the
files as a table of strings.  In some cases (such as the attached example
document) this results in garbage values for the metadata.

I've attached a patch to fix this by special casing when this size is 0.

I created the test document from scratch - I'm happy to license it under the
same licence as libwv2 if someone wants to use it in a testsuite.

Cheers,
    Olly

diff -ru wv2-0.4.2.dfsg.1/src/associatedstrings.cpp wv2-0.4.2.dfsg.1-tweaked/src/associatedstrings.cpp
--- wv2-0.4.2.dfsg.1/src/associatedstrings.cpp	2009-11-01 04:52:43.000000000 +1030
+++ wv2-0.4.2.dfsg.1-tweaked/src/associatedstrings.cpp	2010-11-17 22:28:50.263808931 +1030
@@ -27,6 +27,10 @@
 AssociatedStrings::AssociatedStrings( U32 fcSttbfAssoc, U32 lcbSttbfAssoc, U16 lid, OLEStreamReader* tableStream ) :
     m_sttbf( 0 )
 {
+    if ( lcbSttbfAssoc == 0 ) {
+	m_sttbf = new STTBF();
+	return;
+    }
     tableStream->push();
     tableStream->seek( fcSttbfAssoc );
     m_sttbf = new STTBF( lid, tableStream );
diff -ru wv2-0.4.2.dfsg.1/src/word_helper.cpp wv2-0.4.2.dfsg.1-tweaked/src/word_helper.cpp
--- wv2-0.4.2.dfsg.1/src/word_helper.cpp	2009-11-01 04:52:43.000000000 +1030
+++ wv2-0.4.2.dfsg.1-tweaked/src/word_helper.cpp	2010-11-17 22:27:14.126649654 +1030
@@ -24,6 +24,10 @@
 namespace wvWare
 {
 
+    STTBF::STTBF() : m_extraDataLength( 0 )
+    {
+    }
+
     STTBF::STTBF( U16 lid, OLEStreamReader* reader, bool preservePos )
     {
         if ( preservePos )
diff -ru wv2-0.4.2.dfsg.1/src/word_helper.h wv2-0.4.2.dfsg.1-tweaked/src/word_helper.h
--- wv2-0.4.2.dfsg.1/src/word_helper.h	2009-11-01 04:52:43.000000000 +1030
+++ wv2-0.4.2.dfsg.1-tweaked/src/word_helper.h	2010-11-17 22:25:41.591053581 +1030
@@ -44,6 +44,7 @@
     class STTBF
     {
     public:
+        STTBF();
         STTBF( U16 lid, OLEStreamReader* reader, bool preservePos = false );
         STTBF( U16 lid, const U8* ptr );
         STTBF( const STTBF& rhs );

Attachment: test97.doc
Description: MS-Word document

Attachment: signature.asc
Description: Digital signature

Reply via email to