merge the formfield patch from ooo-build
[ooovba.git] / applied_patches / 0503-emf+-cppcanvas-input-validation.diff
blob6d9ca41f5767991f7d40a1722a5102636116d691
1 --- cppcanvas/source/mtfrenderer/emfplus.cxx.bak 2008-10-22 18:32:48.000000000 +0200
2 +++ cppcanvas/source/mtfrenderer/emfplus.cxx 2008-10-22 18:58:35.000000000 +0200
3 @@ -96,6 +96,8 @@
4 public:
5 EMFPPath (sal_Int32 _nPoints, bool bLines = false)
7 + if( _nPoints<0 || _nPoints>SAL_MAX_INT32/(2*sizeof(float)) )
8 + _nPoints = SAL_MAX_INT32/(2*sizeof(float));
9 nPoints = _nPoints;
10 pPoints = new float [nPoints*2];
11 if (!bLines)
12 @@ -238,6 +240,9 @@
13 EMFP_DEBUG (printf ("EMF+\theader: 0x%08x parts: %d\n", header, parts));
15 if (parts) {
16 + if( parts<0 || parts>SAL_MAX_INT32/sizeof(sal_Int32) )
17 + parts = SAL_MAX_INT32/sizeof(sal_Int32);
19 combineMode = new sal_Int32 [parts];
21 for (int i = 0; i < parts; i ++) {
22 @@ -349,6 +354,9 @@
23 s >> surroundColorsNumber;
24 EMFP_DEBUG (printf ("EMF+\tsurround colors: %d\n", surroundColorsNumber));
26 + if( surroundColorsNumber<0 || surroundColorsNumber>SAL_MAX_INT32/sizeof(::Color) )
27 + surroundColorsNumber = SAL_MAX_INT32/sizeof(::Color);
29 surroundColors = new ::Color [surroundColorsNumber];
30 for (int i = 0; i < surroundColorsNumber; i++) {
31 s >> color;
32 @@ -398,6 +406,8 @@
33 if (additionalFlags & 0x08) {
34 s >> blendPoints;
35 EMFP_DEBUG (printf ("EMF+\tuse blend, points: %d\n", blendPoints));
36 + if( blendPoints<0 || blendPoints>SAL_MAX_INT32/(2*sizeof(float)) )
37 + blendPoints = SAL_MAX_INT32/(2*sizeof(float));
38 blendPositions = new float [2*blendPoints];
39 blendFactors = blendPositions + blendPoints;
40 for (int i=0; i < blendPoints; i ++) {
41 @@ -413,6 +423,10 @@
42 if (additionalFlags & 0x04) {
43 s >> colorblendPoints;
44 EMFP_DEBUG (printf ("EMF+\tuse color blend, points: %d\n", colorblendPoints));
45 + if( colorblendPoints<0 || colorblendPoints>SAL_MAX_INT32/sizeof(float) )
46 + colorblendPoints = SAL_MAX_INT32/sizeof(float);
47 + if( colorblendPoints>SAL_MAX_INT32/sizeof(::Color) )
48 + colorblendPoints = SAL_MAX_INT32/sizeof(::Color);
49 colorblendPositions = new float [colorblendPoints];
50 colorblendColors = new ::Color [colorblendPoints];
51 for (int i=0; i < colorblendPoints; i ++) {
52 @@ -467,6 +481,8 @@
53 if (additionalFlags & 0x08) {
54 s >> blendPoints;
55 EMFP_DEBUG (printf ("EMF+\tuse blend, points: %d\n", blendPoints));
56 + if( blendPoints<0 || blendPoints>SAL_MAX_INT32/(2*sizeof(float)) )
57 + blendPoints = SAL_MAX_INT32/(2*sizeof(float));
58 blendPositions = new float [2*blendPoints];
59 blendFactors = blendPositions + blendPoints;
60 for (int i=0; i < blendPoints; i ++) {
61 @@ -482,6 +498,10 @@
62 if (additionalFlags & 0x04) {
63 s >> colorblendPoints;
64 EMFP_DEBUG (printf ("EMF+\tuse color blend, points: %d\n", colorblendPoints));
65 + if( colorblendPoints<0 || colorblendPoints>SAL_MAX_INT32/sizeof(float) )
66 + colorblendPoints = SAL_MAX_INT32/sizeof(float);
67 + if( colorblendPoints>SAL_MAX_INT32/sizeof(::Color) )
68 + colorblendPoints = SAL_MAX_INT32/sizeof(::Color);
69 colorblendPositions = new float [colorblendPoints];
70 colorblendColors = new ::Color [colorblendPoints];
71 for (int i=0; i < colorblendPoints; i ++) {
72 @@ -583,6 +603,8 @@
74 if (penFlags & 256) {
75 s >> dashPatternLen;
76 + if( dashPatternLen<0 || dashPatternLen>SAL_MAX_INT32/sizeof(float) )
77 + dashPatternLen = SAL_MAX_INT32/sizeof(float);
78 dashPattern = new float [dashPatternLen];
79 for (i = 0; i < dashPatternLen; i++)
80 s >> dashPattern [i];
81 @@ -596,6 +618,8 @@
83 if (penFlags & 1024) {
84 s >> compoundArrayLen;
85 + if( compoundArrayLen<0 || compoundArrayLen>SAL_MAX_INT32/sizeof(float) )
86 + compoundArrayLen = SAL_MAX_INT32/sizeof(float);
87 compoundArray = new float [compoundArrayLen];
88 for (i = 0; i < compoundArrayLen; i++)
89 s >> compoundArray [i];
90 @@ -604,6 +628,8 @@
92 if (penFlags & 2048) {
93 s >> customStartCapLen;
94 + if( customStartCapLen<0 )
95 + customStartCapLen=0;
96 customStartCap = new sal_uInt8 [customStartCapLen];
97 for (i = 0; i < customStartCapLen; i++)
98 s >> customStartCap [i];
99 @@ -612,6 +638,8 @@
101 if (penFlags & 4096) {
102 s >> customEndCapLen;
103 + if( customEndCapLen<0 )
104 + customEndCapLen=0;
105 customEndCap = new sal_uInt8 [customEndCapLen];
106 for (i = 0; i < customEndCapLen; i++)
107 s >> customEndCap [i];