diff options
author | Caolán McNamara <caolanm@redhat.com> | 2017-09-26 09:59:48 +0100 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2017-09-26 14:47:55 +0200 |
commit | c10b3f85a3e600aefe88565356f98c9e78abd1ce (patch) | |
tree | bcb4baf39e2b97dea52f6b0400178e8eac7a0df7 /sot | |
parent | 865f8a9055c55ee30a404ddc1e30f67ce482f05b (diff) |
AddressSanitizer: undefined-behavior
Change-Id: I55a92512ad9e1508c49ee3149394196f5be5f162
Reviewed-on: https://gerrit.libreoffice.org/42784
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'sot')
-rw-r--r-- | sot/qa/cppunit/data/fail/oversized-fat-1.compound | bin | 0 -> 5890 bytes | |||
-rw-r--r-- | sot/source/sdstor/stgio.cxx | 19 | ||||
-rw-r--r-- | sot/source/sdstor/stgstrms.cxx | 4 | ||||
-rw-r--r-- | sot/source/sdstor/stgstrms.hxx | 2 |
4 files changed, 19 insertions, 6 deletions
diff --git a/sot/qa/cppunit/data/fail/oversized-fat-1.compound b/sot/qa/cppunit/data/fail/oversized-fat-1.compound Binary files differnew file mode 100644 index 000000000000..6b25c95b451b --- /dev/null +++ b/sot/qa/cppunit/data/fail/oversized-fat-1.compound diff --git a/sot/source/sdstor/stgio.cxx b/sot/source/sdstor/stgio.cxx index 4376210055bd..15774bf64a2b 100644 --- a/sot/source/sdstor/stgio.cxx +++ b/sot/source/sdstor/stgio.cxx @@ -24,6 +24,7 @@ #include "stgstrms.hxx" #include "stgdir.hxx" #include "stgio.hxx" +#include <o3tl/safeint.hxx> #include <rtl/instance.hxx> #include <memory> @@ -88,9 +89,21 @@ void StgIo::SetupStreams() m_pDataStrm = nullptr; m_pFAT = nullptr; ResetError(); - SetPhysPageSize( 1 << m_aHdr.GetPageSize() ); - m_pFAT = new StgFATStrm( *this ); - m_pTOC = new StgDirStrm( *this ); + short nPhysPageSize = 1 << m_aHdr.GetPageSize(); + SetPhysPageSize(nPhysPageSize); + sal_Int32 nFatStrmSize; + if (o3tl::checked_multiply<sal_Int32>(m_aHdr.GetFATSize(), nPhysPageSize, nFatStrmSize)) + { + SAL_WARN("sot", "Error: " << m_aHdr.GetFATSize() << " * " << nPhysPageSize << " would overflow"); + SetError(SVSTREAM_FILEFORMAT_ERROR); + m_pFAT = nullptr; + m_pTOC = nullptr; + } + else + { + m_pFAT = new StgFATStrm(*this, nFatStrmSize); + m_pTOC = new StgDirStrm( *this ); + } if( !GetError() ) { StgDirEntry* pRoot = m_pTOC->GetRoot(); diff --git a/sot/source/sdstor/stgstrms.cxx b/sot/source/sdstor/stgstrms.cxx index f449874b3b10..1f7f0769f0ce 100644 --- a/sot/source/sdstor/stgstrms.cxx +++ b/sot/source/sdstor/stgstrms.cxx @@ -572,10 +572,10 @@ bool StgStrm::SetSize( sal_Int32 nBytes ) // Since this access is implemented as a StgStrm, we can use the // FAT allocator. -StgFATStrm::StgFATStrm( StgIo& r ) : StgStrm( r ) +StgFATStrm::StgFATStrm(StgIo& r, sal_Int32 nFatStrmSize) : StgStrm( r ) { m_pFat.reset( new StgFAT( *this, true ) ); - m_nSize = m_rIo.m_aHdr.GetFATSize() * m_nPageSize; + m_nSize = nFatStrmSize; } bool StgFATStrm::Pos2Page( sal_Int32 nBytePos ) diff --git a/sot/source/sdstor/stgstrms.hxx b/sot/source/sdstor/stgstrms.hxx index bdd3e8755813..c8432e212e49 100644 --- a/sot/source/sdstor/stgstrms.hxx +++ b/sot/source/sdstor/stgstrms.hxx @@ -101,7 +101,7 @@ class StgFATStrm : public StgStrm { // the master FAT stream virtual bool Pos2Page( sal_Int32 nBytePos ) override; bool SetPage( short, sal_Int32 ); public: - explicit StgFATStrm( StgIo& ); + explicit StgFATStrm(StgIo&, sal_Int32 nFatStrmSize); using StgStrm::GetPage; sal_Int32 GetPage( short, bool, sal_uInt16 *pnMasterAlloc = nullptr); virtual bool SetSize( sal_Int32 ) override; |