Menu
▾
▴
[Libwpg-cvs] libwpg/src/lib WPG2Parser.cpp,1.74,1.75
|
From: Fridrich S. <str...@us...> - 2008-07-22 15:35:28
|
Update of /cvsroot/libwpg/libwpg/src/lib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8288/src/lib Modified Files: WPG2Parser.cpp Log Message: prevent some invalid reads Index: WPG2Parser.cpp =================================================================== RCS file: /cvsroot/libwpg/libwpg/src/lib/WPG2Parser.cpp,v retrieving revision 1.74 retrieving revision 1.75 diff -u -d -r1.74 -r1.75 --- WPG2Parser.cpp 22 Jul 2008 15:26:48 -0000 1.74 +++ WPG2Parser.cpp 22 Jul 2008 15:32:24 -0000 1.75 @@ -1186,8 +1186,8 @@ void WPG2Parser::handlePolyspline() { - // fprintf(stderr, "This is actually not an error, just a crash so that we know \ - // that there is an actual document containing the Polyspline record\n"); + // fprintf(stderr, "This is actually not an error, just a crash so that we know "); + // fprintf(stderr, "that there is an actual document containing the Polyspline record\n"); // crash here !!! // *((int *)NULL) = 0; if (!m_graphicsStarted) @@ -1498,7 +1498,7 @@ { unsigned count = 1 + readU8(); for( ; count ; --count ) - for(unsigned j = 0; j < data_size; j++) + for(unsigned j = 0; j < data_size && !m_input->atEOS(); j++) *ptr++ = 0; } @@ -1509,7 +1509,7 @@ unsigned count = 1 + readU8(); for( ; count ; --count ) - for(unsigned j = 0; j < data_size; j++) + for(unsigned j = 0; j < data_size && !m_input->atEOS(); j++) *ptr++ = 255; } @@ -1518,7 +1518,7 @@ { unsigned count = 1 + readU8(); for( ; count; --count) - for(unsigned j = 0; j < data_size; j++) + for(unsigned j = 0; j < data_size && !m_input->atEOS(); j++) *ptr++ = data[j]; } @@ -1547,7 +1547,7 @@ else if(opcode >= 0x80) { unsigned count = 1 + (opcode & 0x7f); - for(unsigned i = 0; i < data_size; i++) + for(unsigned i = 0; i < data_size && !m_input->atEOS(); i++) data[i] = readU8(); for( ; count; --count) for(unsigned j = 0; j < data_size; j++) @@ -1559,7 +1559,7 @@ { unsigned count = opcode + 1; for( ; count; --count) - for(unsigned j = 0; j < data_size; j++) + for(unsigned j = 0; j < data_size && !m_input->atEOS(); j++) *ptr++ = readU8(); } |
