[prev in list] [next in list] [prev in thread] [next in thread]
List: koffice-devel
Subject: patch to fix bug #46352
From: Ariya Hidayat <ariya () tf ! itb ! ac ! id>
Date: 2002-08-24 10:03:28
[Download RAW message or body]
The following is a patch to fix bug #46352 (kword crashes on opening a
*.doc file)
The problem: drawingId for PICF is 32314372 while the size of data stream
is only 348705. Abiword also crashed with the document, and I've got
error in wvWare, i.e "wvError: (picf.c:154) X is f4b0". I'm not familiar
with wvWare but nevertheless will take a look.
The workaround: sentinel check to see whether drawingId is in the proper
range.
To Werner or Shaheed: is it OK if I add such sentinel check everywhere ?
After investigating many bug reports regarding MS Word import, most of the
problems are invalid range, and thus triggers nasty memory reference, like
this one. (Do MS Word files always have these inconsistencies anyway ?)
-------------------------------------------------------
--
Ariya Hidayat :: KDE/KOffice developer:: www.advogato.org/person/ariya
"One OS to rule them all, One OS to find them,
One OS to bring them all and in the darkness bind them."
["picf.patch" (text/x-diff)]
Index: msword.cc
===================================================================
RCS file: /home/kde/koffice/filters/olefilters/winword97/msword.cc,v
retrieving revision 1.81
diff -u -3 -p -r1.81 msword.cc
--- msword.cc 2002/07/05 09:01:26 1.81
+++ msword.cc 2002/08/23 23:33:15
@@ -847,6 +847,9 @@ bool MsWord::getPicture(
unsigned bytes;
QString tiffFilename;
+ // sentinel check
+ if( fc > m_dataStreamLength ) return false;
+
// Get the PICF.
pictureType = "";
@@ -957,6 +960,7 @@ MsWord::MsWord(
m_tableStream = table1Stream.data;
}
m_dataStream = dataStream.data;
+ m_dataStreamLength = dataStream.length;
if (!m_tableStream)
{
// Older versions of Word had no separate table stream.
@@ -970,6 +974,7 @@ MsWord::MsWord(
kdDebug(s_area) << "MsWord::MsWord: no data stream" << endl;
m_dataStream = m_mainStream;
+ m_dataStreamLength = mainStream.length;
}
// We must call readStyles() first, as we use the STSHI size to detect
Index: msword.h
===================================================================
RCS file: /home/kde/koffice/filters/olefilters/winword97/msword.h,v
retrieving revision 1.42
diff -u -3 -p -r1.42 msword.h
--- msword.h 2002/05/13 17:52:20 1.42
+++ msword.h 2002/08/23 23:33:16
@@ -390,6 +390,7 @@ private:
const U8 *m_mainStream;
const U8 *m_tableStream;
const U8 *m_dataStream;
+ U32 m_dataStreamLength;
FIB m_fib;
myFile mainStream;
_______________________________________________
koffice-devel mailing list
koffice-devel@mail.kde.org
http://mail.kde.org/mailman/listinfo/koffice-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic