From b3ff2c7be0a9b13de242c5ff432b70d37645c615 Mon Sep 17 00:00:00 2001 From: Eike Rathke Date: Tue, 21 Nov 2017 21:20:49 +0100 Subject: [PATCH] ofz#4305 do not read past end of file Change-Id: I7e048c012296fc080434e527c533ea987184699b --- sc/source/filter/lotus/filter.cxx | 7 ++++++- sc/source/filter/lotus/op.cxx | 6 +++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/sc/source/filter/lotus/filter.cxx b/sc/source/filter/lotus/filter.cxx index da1bd167eb4e..30a36d053421 100644 --- a/sc/source/filter/lotus/filter.cxx +++ b/sc/source/filter/lotus/filter.cxx @@ -82,6 +82,9 @@ generate_Opcodes(LotusContext &rContext, SvStream& aStream, sal_uInt16 nOpcode(LOTUS_EOF), nLength(0); aStream.ReadUInt16(nOpcode).ReadUInt16(nLength); + if (!aStream.good()) + break; + aPrgrsBar.Progress(); if( nOpcode == LOTUS_EOF ) rContext.bEOF = true; @@ -118,7 +121,9 @@ generate_Opcodes(LotusContext &rContext, SvStream& aStream, MemDelete(rContext); - if (nErr == ERRCODE_NONE) + if (!aStream.good()) + nErr = SCERR_IMPORT_FORMAT; + else if (nErr == ERRCODE_NONE) rContext.pDoc->CalcAfterLoad(); return nErr; diff --git a/sc/source/filter/lotus/op.cxx b/sc/source/filter/lotus/op.cxx index 0dc7eaa864b9..0b65d7ceee50 100644 --- a/sc/source/filter/lotus/op.cxx +++ b/sc/source/filter/lotus/op.cxx @@ -151,6 +151,8 @@ void OP_Formula(LotusContext &rContext, SvStream& r, sal_uInt16 /*n*/) LotusToSc aConv(rContext, r, rSPool, rContext.pLotusRoot->eCharsetQ, false); aConv.Reset( aAddress ); aConv.Convert( pErg, nBytesLeft ); + if (!r.good()) + return; if (ValidColRow(nCol, nRow)) { @@ -399,6 +401,8 @@ void OP_Formula123(LotusContext& rContext, SvStream& r, sal_uInt16 n) LotusToSc aConv(rContext, r, rSPool, rContext.pLotusRoot->eCharsetQ, true); aConv.Reset( aAddress ); aConv.Convert( pErg, nBytesLeft ); + if (!r.good()) + return; if (ValidColRow(nCol, nRow) && nTab <= rContext.pDoc->GetMaxTableNumber()) { @@ -658,7 +662,7 @@ void OP_ApplyPatternArea123(LotusContext& rContext, SvStream& rStream) break; } } - while( nLevel && !rStream.IsEof() ); + while( nLevel && !rStream.IsEof() && rStream.good() ); rContext.aLotusPatternPool.clear(); }