src/lib/VSDMetaData.cpp | 5 +++++ src/lib/VSDParser.cpp | 12 ++++++++---- src/lib/libvisio_utils.h | 3 +++ 3 files changed, 16 insertions(+), 4 deletions(-)
New commits: commit 4b03893826bcc5f859b0ac3bea6a98269499d99f Author: David Tardon <[email protected]> Date: Tue Aug 25 16:27:18 2015 +0200 sanitize page dimensions and scale Change-Id: Ie170d9911b9f7349e4700efd5e2c089423f4218b diff --git a/src/lib/VSDParser.cpp b/src/lib/VSDParser.cpp index 827ed48..3074784 100644 --- a/src/lib/VSDParser.cpp +++ b/src/lib/VSDParser.cpp @@ -1102,17 +1102,21 @@ void libvisio::VSDParser::readPageProps(librevenge::RVNGInputStream *input) { // Skip bytes representing unit to *display* (value is always inches) input->seek(1, librevenge::RVNG_SEEK_CUR); - double pageWidth = readDouble(input); + const double pageWidth = std::max<double>(readDouble(input), 0); input->seek(1, librevenge::RVNG_SEEK_CUR); - double pageHeight = readDouble(input); + const double pageHeight = std::max<double>(readDouble(input), 0); input->seek(1, librevenge::RVNG_SEEK_CUR); m_shadowOffsetX = readDouble(input); input->seek(1, librevenge::RVNG_SEEK_CUR); m_shadowOffsetY = readDouble(input); input->seek(1, librevenge::RVNG_SEEK_CUR); - double scale = readDouble(input); + const double numerator = readDouble(input); input->seek(1, librevenge::RVNG_SEEK_CUR); - scale /= readDouble(input); + double denominator = readDouble(input); + if (VSD_ALMOST_ZERO(denominator)) + denominator = 1; + + const double scale = std::abs(numerator / denominator); if (m_isStencilStarted && m_currentStencil) { diff --git a/src/lib/libvisio_utils.h b/src/lib/libvisio_utils.h index 0ff3a16..c6c3a03 100644 --- a/src/lib/libvisio_utils.h +++ b/src/lib/libvisio_utils.h @@ -14,6 +14,9 @@ #include "VSDTypes.h" +#define VSD_EPSILON 1E-6 +#define VSD_ALMOST_ZERO(m) (fabs(m) <= VSD_EPSILON) + #ifdef _MSC_VER typedef unsigned char uint8_t; commit 4700056698abce223b3da120d58019c4626b5e57 Author: David Tardon <[email protected]> Date: Tue Aug 25 16:12:25 2015 +0200 afl: avoid out of bounds access to vector Change-Id: I51fdad6cca395bb5aadc916ef452ee020f666607 diff --git a/src/lib/VSDMetaData.cpp b/src/lib/VSDMetaData.cpp index 00dca07..7241b00 100644 --- a/src/lib/VSDMetaData.cpp +++ b/src/lib/VSDMetaData.cpp @@ -8,6 +8,7 @@ */ #include "VSDMetaData.h" +#include <cassert> #include <cmath> #include <cstdio> #include <cstring> @@ -238,6 +239,9 @@ librevenge::RVNGString libvisio::VSDMetaData::readCodePageString(librevenge::RVN { uint32_t size = readU32(input); + if (size == 0) + return librevenge::RVNGString(); + std::vector<unsigned char> characters; for (uint32_t i = 0; i < size; ++i) characters.push_back(readU8(input)); @@ -267,6 +271,7 @@ librevenge::RVNGString libvisio::VSDMetaData::readCodePageString(librevenge::RVN if (U_SUCCESS(status) && conv) { + assert(!characters.empty()); const char *src = (const char *)&characters[0]; const char *srcLimit = (const char *)src + characters.size(); while (src < srcLimit) _______________________________________________ Libreoffice-commits mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
