limit storage entry max size to size of underlying stream

Change-Id: Ie3772338009c07fea40b637621b1170863830e14 Reviewed-on: https://gerrit.libreoffice.org/17296Reviewed-by: Michael Meeks <michael.meeks@collabora.com> Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>

limit storage entry max size to size of underlying stream
Change-Id: Ie3772338009c07fea40b637621b1170863830e14 Reviewed-on: https://gerrit.libreoffice.org/17296Reviewed-by: Michael Meeks <michael.meeks@collabora.com> Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
78657306 · Caolán McNamara · 26e6d4b0 · 78657306 · 78657306 · 78657306
Kaydet (Commit) 78657306 authored Tem 22, 2015 tarafından Caolán McNamara
7 changed files
--- a/sot/qa/cppunit/data/pass/fdo41642-2.compound
+++ b/sot/qa/cppunit/data/pass/fdo41642-2.compound
--- a/sot/source/sdstor/stgdir.cxx
+++ b/sot/source/sdstor/stgdir.cxx
@@ -48,9 +48,9 @@
 // Problem der Implementation: Keine Hierarchischen commits. Daher nur
 // insgesamt transaktionsorientert oder direkt.

-StgDirEntry::StgDirEntry( const void* pBuffer, sal_uInt32 nBufferLen, bool * pbOk ) : StgAvlNode()
+StgDirEntry::StgDirEntry( const void* pBuffer, sal_uInt32 nBufferLen, sal_uInt64 nUnderlyingStreamSize, bool * pbOk ) : StgAvlNode()
 {
-    *pbOk = aEntry.Load( pBuffer, nBufferLen );
+    *pbOk = aEntry.Load( pBuffer, nBufferLen, nUnderlyingStreamSize );

    InitMembers();
 }
@@ -819,8 +819,13 @@ void StgDirStrm::SetupEntry( sal_Int32 n, StgDirEntry* pUpper )
    void* p = ( n == STG_FREE ) ? NULL : GetEntry( n );
    if( p )
    {
+        SvStream *pUnderlyingStream = rIo.GetStrm();
+        sal_uInt64 nCur = pUnderlyingStream->Tell();
+        sal_uInt64 nUnderlyingStreamSize = pUnderlyingStream->Seek(STREAM_SEEK_TO_END);
+        pUnderlyingStream->Seek(nCur);
+
        bool bOk(false);
-        StgDirEntry* pCur = new StgDirEntry( p, STGENTRY_SIZE, &bOk );
+        StgDirEntry* pCur = new StgDirEntry( p, STGENTRY_SIZE, nUnderlyingStreamSize, &bOk );

        if( !bOk )
        {

--- a/sot/source/sdstor/stgdir.hxx
+++ b/sot/source/sdstor/stgdir.hxx
@@ -62,7 +62,8 @@ public:
    bool         bDirect;                   // true: direct mode
    bool         bZombie;                   // true: Removed From StgIo
    bool         bInvalid;                  // true: invalid entry
-    StgDirEntry( const void* pBuffer, sal_uInt32 nBufferLen, bool * pbOk );
+    StgDirEntry(const void* pBuffer, sal_uInt32 nBufferLen,
+                sal_uInt64 nUnderlyingStreamSize, bool * pbOk);
    StgDirEntry( const StgEntry& );
    virtual ~StgDirEntry();


--- a/sot/source/sdstor/stgelem.cxx
+++ b/sot/source/sdstor/stgelem.cxx
@@ -361,7 +361,7 @@ sal_Int32 StgEntry::Compare( const StgEntry& r ) const
 // These load/store operations are a bit more complicated,
 // since they have to copy their contents into a packed structure.

-bool StgEntry::Load( const void* pFrom, sal_uInt32 nBufSize )
+bool StgEntry::Load(const void* pFrom, sal_uInt32 nBufSize, sal_uInt64 nUnderlyingStreamSize)
 {
    if ( nBufSize < 128 )
        return false;
@@ -392,11 +392,26 @@ bool StgEntry::Load( const void* pFrom, sal_uInt32 nBufSize )
    if (n > nMaxLegalStr)
        return false;

-    if ((cType != STG_STORAGE) && ((nSize < 0) || (nPage1 < 0 && !isKnownSpecial(nPage1))))
+    if (cType != STG_STORAGE)
    {
-        // the size makes no sense for the substorage
-        // TODO/LATER: actually the size should be an unsigned value, but in this case it would mean a stream of more than 2Gb
-        return false;
+        if (nPage1 < 0 && !isKnownSpecial(nPage1))
+        {
+            //bad pageid
+            return false;
+        }
+        if (nSize < 0)
+        {
+            // the size makes no sense for the substorage
+            // TODO/LATER: actually the size should be an unsigned value, but
+            // in this case it would mean a stream of more than 2Gb
+            return false;
+        }
+        if (static_cast<sal_uInt64>(nSize) > nUnderlyingStreamSize)
+        {
+            // surely an entry cannot be larger than the underlying file
+            return false;
+        }
+
    }

    aName = OUString(nName , n);

--- a/sot/source/sdstor/stgelem.hxx
+++ b/sot/source/sdstor/stgelem.hxx
@@ -129,7 +129,7 @@ public:
    void        GetName( OUString& rName ) const;
                                        // fill in the name
    sal_Int32   Compare( const StgEntry& ) const;   // compare two entries
-    bool        Load( const void* pBuffer, sal_uInt32 nBufSize );
+    bool        Load( const void* pBuffer, sal_uInt32 nBufSize, sal_uInt64 nUnderlyingStreamSize );
    void        Store( void* );
    StgEntryType GetType() const            { return (StgEntryType) cType;  }
    sal_Int32   GetStartPage() const        { return nPage1; }

--- a/sw/qa/core/data/ww8/fail/hang-2.doc
+++ b/sw/qa/core/data/ww8/fail/hang-2.doc
--- a/sw/qa/core/data/ww8/pass/tdf57532-1.doc
+++ b/sw/qa/core/data/ww8/pass/tdf57532-1.doc