Dosyalar · ee6dd4d39e9169283e74a9210ace0b8f7f897da4 · LibreOffice / core

Avoid truncation of ±1E20 to long · ee6dd4d3

Stephan Bergmann Haz 03, 2019 yazdı

With -fsanitize=float-cast-overflow, opening doc/abi5309-1.doc as obtained by
bin/get-bugzilla-attachments-by-mimetype (i.e., the attachment at
<https://bugzilla.abisource.com/show_bug.cgi?id=5309#c3>) fails with

> include/tools/helpers.hxx:76:79: runtime error: 1e+20 is outside the range of representable values of type 'long'
>  #0 in FRound(double) at include/tools/helpers.hxx:76:79 (instdir/program/libtllo.so +0x3c13dd)
>  #1 in ImplPolygon::ImplPolygon(basegfx::B2DPolygon const&) at tools/source/generic/poly.cxx:474:30 (instdir/program/libtllo.so +0x40f35f)
>  #2 in tools::Polygon::Polygon(basegfx::B2DPolygon const&) at tools/source/generic/poly.cxx:1849:72 (instdir/program/libtllo.so +0x42c9ff)
>  #3 in ImplPolyPolygon::ImplPolyPolygon(basegfx::B2DPolyPolygon const&) at tools/source/generic/poly2.cxx:482:28 (instdir/program/libtllo.so +0x45561e)
>  #4 in tools::PolyPolygon::PolyPolygon(basegfx::B2DPolyPolygon const&) at tools/source/generic/poly2.cxx:463:25 (instdir/program/libtllo.so +0x45512d)
>  #5 in emfio::MtfTools::DrawPolygon(tools::Polygon, bool) at emfio/source/reader/mtftools.cxx:1287:17 (instdir/program/../program/libemfiolo.so +0x1828d3)
>  #6 in emfio::WmfReader::ReadRecordParams(unsigned short) at emfio/source/reader/wmfreader.cxx:367:21 (instdir/program/../program/libemfiolo.so +0x1cffde)
>  #7 in emfio::WmfReader::ReadWMF() at emfio/source/reader/wmfreader.cxx:1425:29 (instdir/program/../program/libemfiolo.so +0x1f7567)
>  #8 in emfio::emfreader::XEmfParser::getDecomposition(com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&, rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at emfio/source/emfuno/xemfparser.cxx:152:108 (instdir/program/../program/libemfiolo.so +0x13795a)
>  #9 in non-virtual thunk to emfio::emfreader::XEmfParser::getDecomposition(com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&, rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at emfio/source/emfuno/xemfparser.cxx (instdir/program/../program/libemfiolo.so +0x138735)
>  #10 in VectorGraphicData::ensureSequenceAndRange() at vcl/source/gdi/vectorgraphicdata.cxx:172:137 (instdir/program/libvcllo.so +0x86bdadf)
>  #11 in VectorGraphicData::ensureReplacement() at vcl/source/gdi/vectorgraphicdata.cxx:138:5 (instdir/program/libvcllo.so +0x86bcb94)
>  #12 in VectorGraphicData::getReplacement() const at vcl/source/gdi/vectorgraphicdata.cxx:286:45 (instdir/program/libvcllo.so +0x86c0a04)
>  #13 in ImpGraphic::ImplSetPrefSize(Size const&) at vcl/source/gdi/impgraph.cxx:956:45 (instdir/program/libvcllo.so +0x7d05433)
>  #14 in Graphic::SetPrefSize(Size const&) at vcl/source/gdi/graph.cxx:388:19 (instdir/program/libvcllo.so +0x7ca7e26)
>  #15 in SvxMSDffManager::GetBLIPDirect(SvStream&, Graphic&, tools::Rectangle*) at filter/source/msfilter/msdffimp.cxx:6616:26 (instdir/program/../program/libmsfilterlo.so +0x9617bc)
>  #16 in SvxMSDffManager::GetBLIP(unsigned long, Graphic&, tools::Rectangle*) at filter/source/msfilter/msdffimp.cxx:6453:23 (instdir/program/../program/libmsfilterlo.so +0x95f368)
>  #17 in SvxMSDffManager::ImportGraphic(SvStream&, SfxItemSet&, DffObjData const&) at filter/source/msfilter/msdffimp.cxx:3821:24 (instdir/program/../program/libmsfilterlo.so +0x990678)
>  #18 in SvxMSDffManager::ImportShape(DffRecordHeader const&, SvStream&, SvxMSDffClientData&, tools::Rectangle&, tools::Rectangle const&, int, int*) at filter/source/msfilter/msdffimp.cxx:4368:28 (instdir/program/../program/libmsfilterlo.so +0x9a221a)
>  #19 in SvxMSDffManager::ImportObj(SvStream&, SvxMSDffClientData&, tools::Rectangle&, tools::Rectangle const&, int, int*) at filter/source/msfilter/msdffimp.cxx:4073:16 (instdir/program/../program/libmsfilterlo.so +0x9972d8)
>  #20 in SvxMSDffManager::GetShape(unsigned long, SdrObject*&, SvxMSDffImportData&) at filter/source/msfilter/msdffimp.cxx:6377:23 (instdir/program/../program/libmsfilterlo.so +0x9dde0c)
>  #21 in SwWW8ImplReader::Read_GrafLayer(long) at sw/source/filter/ww8/ww8graf.cxx:2567:34 (instdir/program/../program/libmswordlo.so +0x2c51a1f)
>  #22 in SwWW8ImplReader::ReadChar(long, long) at sw/source/filter/ww8/ww8par.cxx:3697:17 (instdir/program/../program/libmswordlo.so +0x2db3a07)
>  #23 in SwWW8ImplReader::ReadChars(int&, int, long, long) at sw/source/filter/ww8/ww8par.cxx:3484:27 (instdir/program/../program/libmswordlo.so +0x2dafba2)
>  #24 in SwWW8ImplReader::ReadText(int, int, ManTypes) at sw/source/filter/ww8/ww8par.cxx:4045:22 (instdir/program/../program/libmswordlo.so +0x2d85c3e)
>  #25 in SwWW8ImplReader::CoreLoad(WW8Glossary const*) at sw/source/filter/ww8/ww8par.cxx:5227:9 (instdir/program/../program/libmswordlo.so +0x2de3314)
>  #26 in SwWW8ImplReader::LoadThroughDecryption(WW8Glossary*) at sw/source/filter/ww8/ww8par.cxx:5892:19 (instdir/program/../program/libmswordlo.so +0x2df31ad)
>  #27 in SwWW8ImplReader::LoadDoc(WW8Glossary*) at sw/source/filter/ww8/ww8par.cxx:6196:19 (instdir/program/../program/libmswordlo.so +0x2dfe1ed)
>  #28 in WW8Reader::Read(SwDoc&, rtl::OUString const&, SwPaM&, rtl::OUString const&) at sw/source/filter/ww8/ww8par.cxx:6347:26 (instdir/program/../program/libmswordlo.so +0x2e0301a)
>  #29 in SwReader::Read(Reader const&) at sw/source/filter/basflt/shellio.cxx:188:22 (instdir/program/../program/libswlo.so +0x1041d2be)
>  #30 in SwDocShell::ConvertFrom(SfxMedium&) at sw/source/uibase/app/docsh.cxx:261:26 (instdir/program/../program/libswlo.so +0x10fc4d98)
>  #31 in SfxObjectShell::DoLoad(SfxMedium*) at sfx2/source/doc/objstor.cxx:768:23 (instdir/program/libsfxlo.so +0x49d934a)
[...]

To represent "negative" clip regions, basegfx/source/tools/b2dclipstate.cxx uses
an ugly hack of subtracting the region from a ±1E20 bounding box.  This document
uses such a negative clip region with a 4504x633@(11301,38) rectangular hole.
(Though I don't know whether that's the real intention, or caused by LO
misparsing the input file format.)

So to avoid converting the ±1E20 bounding box from double to long, do the
intersection here with basegfx double values, and only convert the result to
tools long values.  (There appears to be no implemenation of intersection with
a polypolygon for B2DPolyPolyon, just B2DClipState::intersectPolyPolygon.)  (In
principle there could be loss of precision when aPolyPoly is converted to a
B2DPolyPolygon now, but that's unlikely with a typical IEEE 754 double with
52 bit mantissa.)

Change-Id: I82a9941b43d90153d63612147b2ca33fbca5f179
Reviewed-on: https://gerrit.libreoffice.org/73386
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>

ee6dd4d3

Adı	Son kayıt (commit)	Son güncelleme
.git-hooks		Loading commit data...
UnoControls		Loading commit data...
accessibility		Loading commit data...
android		Loading commit data...
animations		Loading commit data...
apple_remote		Loading commit data...
avmedia		Loading commit data...
basctl		Loading commit data...
basegfx		Loading commit data...
basic		Loading commit data...
bean		Loading commit data...
bin		Loading commit data...
binaryurp		Loading commit data...
bridges		Loading commit data...
canvas		Loading commit data...
chart2		Loading commit data...
cli_ure		Loading commit data...
codemaker		Loading commit data...
comphelper		Loading commit data...
compilerplugins		Loading commit data...
config_host		Loading commit data...
configmgr		Loading commit data...
connectivity		Loading commit data...
cppcanvas		Loading commit data...
cppu		Loading commit data...
cppuhelper		Loading commit data...
cpputools		Loading commit data...
cui		Loading commit data...
dbaccess		Loading commit data...
desktop		Loading commit data...
dictionaries @ e1229228
distro-configs		Loading commit data...
drawinglayer		Loading commit data...
dtrans		Loading commit data...
editeng		Loading commit data...
embeddedobj		Loading commit data...
embedserv		Loading commit data...
emfio		Loading commit data...
eventattacher		Loading commit data...
extensions		Loading commit data...
external		Loading commit data...
extras		Loading commit data...
filter		Loading commit data...
forms		Loading commit data...
formula		Loading commit data...
fpicker		Loading commit data...
framework		Loading commit data...
helpcompiler		Loading commit data...
helpcontent2 @ 9a0f4fb1
hwpfilter		Loading commit data...
i18nlangtag		Loading commit data...
i18npool		Loading commit data...
i18nutil		Loading commit data...
icon-themes		Loading commit data...
idl		Loading commit data...
idlc		Loading commit data...
include		Loading commit data...
instsetoo_native		Loading commit data...
io		Loading commit data...
ios		Loading commit data...
javaunohelper		Loading commit data...
jurt		Loading commit data...
jvmaccess		Loading commit data...
jvmfwk		Loading commit data...
l10ntools		Loading commit data...
librelogo		Loading commit data...
libreofficekit		Loading commit data...
lingucomponent		Loading commit data...
linguistic		Loading commit data...
lotuswordpro		Loading commit data...
m4		Loading commit data...
nlpsolver		Loading commit data...
o3tl		Loading commit data...
odk		Loading commit data...
offapi		Loading commit data...
officecfg		Loading commit data...
onlineupdate		Loading commit data...
oovbaapi		Loading commit data...
oox		Loading commit data...
opencl		Loading commit data...
osx		Loading commit data...
package		Loading commit data...
postprocess		Loading commit data...
pyuno		Loading commit data...
qadevOOo		Loading commit data...
readlicense_oo		Loading commit data...
registry		Loading commit data...
remotebridges		Loading commit data...
reportbuilder		Loading commit data...
reportdesign		Loading commit data...
ridljar		Loading commit data...
sal		Loading commit data...
salhelper		Loading commit data...
sax		Loading commit data...
sc		Loading commit data...
scaddins		Loading commit data...
sccomp		Loading commit data...
schema		Loading commit data...
scp2		Loading commit data...
scripting		Loading commit data...
sd		Loading commit data...
sdext		Loading commit data...
setup_native		Loading commit data...
sfx2		Loading commit data...
shell		Loading commit data...
slideshow		Loading commit data...
smoketest		Loading commit data...
solenv		Loading commit data...
soltools		Loading commit data...
sot		Loading commit data...
starmath		Loading commit data...
stoc		Loading commit data...
store		Loading commit data...
svgio		Loading commit data...
svl		Loading commit data...
svtools		Loading commit data...
svx		Loading commit data...
sw		Loading commit data...
swext		Loading commit data...
sysui		Loading commit data...
test		Loading commit data...
testtools		Loading commit data...
toolkit		Loading commit data...
tools		Loading commit data...
translations @ 81e9e186
ucb		Loading commit data...
ucbhelper		Loading commit data...
udkapi		Loading commit data...
uitest		Loading commit data...
unodevtools		Loading commit data...
unoidl		Loading commit data...
unoil		Loading commit data...
unotest		Loading commit data...
unotools		Loading commit data...
unoxml		Loading commit data...
ure		Loading commit data...
uui		Loading commit data...
vbahelper		Loading commit data...
vcl		Loading commit data...
winaccessibility		Loading commit data...
wizards		Loading commit data...
writerfilter		Loading commit data...
writerperfect		Loading commit data...
xmerge		Loading commit data...
xmlhelp		Loading commit data...
xmloff		Loading commit data...
xmlreader		Loading commit data...
xmlscript		Loading commit data...
xmlsecurity		Loading commit data...
.buckconfig		Loading commit data...
.buckversion		Loading commit data...
.clang-format		Loading commit data...
.editorconfig		Loading commit data...
.gitattributes		Loading commit data...
.gitignore		Loading commit data...
.gitmodules		Loading commit data...
.gitreview		Loading commit data...
BUCK		Loading commit data...
COPYING		Loading commit data...
COPYING.LGPL		Loading commit data...
COPYING.MPL		Loading commit data...
Library_merged.mk		Loading commit data...
Makefile.fetch		Loading commit data...
Makefile.gbuild		Loading commit data...
Makefile.in		Loading commit data...
README.Solaris		Loading commit data...
README.cross		Loading commit data...
README.md		Loading commit data...
Repository.mk		Loading commit data...
RepositoryExternal.mk		Loading commit data...
RepositoryFixes.mk		Loading commit data...
RepositoryModule_build.mk		Loading commit data...
RepositoryModule_host.mk		Loading commit data...
TEMPLATE.SOURCECODE.HEADER		Loading commit data...
autogen.sh		Loading commit data...
config.guess		Loading commit data...
config.sub		Loading commit data...
config_host.mk.in		Loading commit data...
config_host_lang.mk.in		Loading commit data...
configure.ac		Loading commit data...
download.lst		Loading commit data...
g		Loading commit data...
hardened_runtime.xcent		Loading commit data...
install-sh		Loading commit data...
leak-suppress.txt		Loading commit data...
lo.xcent		Loading commit data...
logerrit		Loading commit data...
sanitize-ubsan-blacklist		Loading commit data...
setup.cfg		Loading commit data...

README.md