a05ad2aab7
...left over presumably accidentally by bb459008de
"vcl: add DetectorTools + tests, refactor array string matching", but which
causes heap-buffer-overflow during CppunitTest_vcl_filters_test when printing an
apparently not null-terminated string, see
<https://ci.libreoffice.org/job/lo_ubsan/1614/>:
> ==12896==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61d0000e5480 at pc 0x000000454f7f bp 0x7fffaff10200 sp 0x7fffaff0f9b0
> READ of size 2049 at 0x61d0000e5480 thread T0
> #0 0x454f7e in printf_common(void*, char const*, __va_list_tag*) /home/tdf/lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors_format.inc:547
> #1 0x45568b in vprintf /home/tdf/lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1631
> #2 0x45575e in printf /home/tdf/lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1689
> #3 0x2b0e63a119ca in vcl::checkArrayForMatchingStrings(char const*, int, std::__debug::vector<rtl::OString, std::allocator<rtl::OString> > const&) /vcl/inc/graphic/DetectorTools.hxx:57:9
> #4 0x2b0e63a1ad0a in vcl::GraphicFormatDetector::checkXBM() /vcl/source/filter/GraphicFormatDetector.cxx:426:9
[...]
> 0x61d0000e5480 is located 0 bytes to the right of 2048-byte region [0x61d0000e4c80,0x61d0000e5480)
> allocated by thread T0 here:
> #0 0x4f5648 in operator new[](unsigned long) /home/tdf/lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_new_delete.cc:108
> #1 0x2b0e63a1a839 in vcl::GraphicFormatDetector::checkXBM() /vcl/source/filter/GraphicFormatDetector.cxx:419:42
> #2 0x2b0e639685b8 in ImpPeekGraphicFormat(SvStream&, rtl::OUString&, bool) /vcl/source/filter/graphicfilter.cxx:394:23
> #3 0x2b0e639693b0 in GraphicFilter::ImpTestOrFindFormat(rtl::OUString const&, SvStream&, unsigned short&) /vcl/source/filter/graphicfilter.cxx:455:13
> #4 0x2b0e63970153 in GraphicFilter::ImportGraphic(Graphic&, rtl::OUString const&, SvStream&, unsigned short, unsigned short*, GraphicFilterImportFlags, com::sun:⭐:uno::Sequence<com::sun:⭐🫘:PropertyValue> const*, WmfExternal const*) /vcl/source/filter/graphicfilter.cxx:1437:19
Change-Id: I8d88a417083c14e4f1a9a78f9e1354390283d83c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/93403
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
61 lines
1.9 KiB
C++
61 lines
1.9 KiB
C++
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/*
|
|
* This file is part of the LibreOffice project.
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
namespace vcl
|
|
{
|
|
const char* matchArray(const char* pSource, sal_Int32 nSourceSize, const char* pSearch,
|
|
sal_Int32 nSearchSize)
|
|
{
|
|
for (sal_Int32 increment = 0; increment <= (nSourceSize - nSearchSize); ++increment)
|
|
{
|
|
bool bMatch = true;
|
|
// search both arrays if they match
|
|
for (sal_Int32 index = 0; index < nSearchSize && bMatch; ++index)
|
|
{
|
|
if (pSource[index] != pSearch[index])
|
|
bMatch = false;
|
|
}
|
|
// match has been found
|
|
if (bMatch)
|
|
return pSource;
|
|
pSource++;
|
|
}
|
|
return nullptr;
|
|
}
|
|
|
|
const char* matchArrayWithString(const char* pSource, sal_Int32 nSourceSize, OString const& rString)
|
|
{
|
|
return matchArray(pSource, nSourceSize, rString.getStr(), rString.getLength());
|
|
}
|
|
|
|
bool checkArrayForMatchingStrings(const char* pSource, sal_Int32 nSourceSize,
|
|
std::vector<OString> const& rStrings)
|
|
{
|
|
if (rStrings.empty())
|
|
return false;
|
|
if (rStrings.size() < 2)
|
|
return matchArrayWithString(pSource, nSourceSize, rStrings[0]) != nullptr;
|
|
|
|
const char* pBegin = pSource;
|
|
const char* pCurrent = pSource;
|
|
for (OString const& rString : rStrings)
|
|
{
|
|
sal_Int32 nCurrentSize = nSourceSize - sal_Int32(pCurrent - pBegin);
|
|
pCurrent = matchArray(pCurrent, nCurrentSize, rString.getStr(), rString.getLength());
|
|
if (pCurrent == nullptr)
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
}
|
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|