Tree - rpms/libreoffice - CentOS Git server

rpms / libreoffice

Files

Commit: 5606251f267c60e585260d493e88bd5a049b713f
Blob Blame History Raw
From b049bfd09192d01aa5dcbc48975cf9eb3e1997b9 Mon Sep 17 00:00:00 2001
From: Pranav Kant <pranavk@gnome.org>
Date: Fri, 5 Jun 2015 17:06:54 +0530
Subject: [PATCH 019/398] lokdocview: check payload for inconsistencies before
 using it

Lets follow the old advice: "Be liberal in what you accept, be strict in
what you produce".

This is after noticing negative values for x, y in
the payload in some situation, such as, hitting a backspace key when the
cursor is at the start of a line

Change-Id: I11939b981f75969b88214baee66b4c69c5e41906
(cherry picked from commit 35e03615066a6525e0259ff1823a0da0c2d4820a)
---
 libreofficekit/source/gtk/lokdocview.cxx | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/libreofficekit/source/gtk/lokdocview.cxx b/libreofficekit/source/gtk/lokdocview.cxx
index 48b3ed6e2080..d9e8c14aa9d5 100644
--- a/libreofficekit/source/gtk/lokdocview.cxx
+++ b/libreofficekit/source/gtk/lokdocview.cxx
@@ -187,9 +187,9 @@ struct LOKDocView_Impl
      */
     void renderDocument(GdkRectangle* pPartial);
     /// Returns the GdkRectangle of a x,y,width,height string.
-    static GdkRectangle payloadToRectangle(const char* pPayload);
+    GdkRectangle payloadToRectangle(const char* pPayload);
     /// Returns the GdkRectangles of a x1,y1,w1,h1;x2,y2,w2,h2;... string.
-    static std::vector<GdkRectangle> payloadToRectangles(const char* pPayload);
+    std::vector<GdkRectangle> payloadToRectangles(const char* pPayload);
     /// Returns the string representation of a LibreOfficeKitCallbackType enumeration element.
     static const char* callbackTypeToString(int nType);
     /// Invoked on the main thread if callbackWorker() requests so.
@@ -853,18 +853,26 @@ GdkRectangle LOKDocView_Impl::payloadToRectangle(const char* pPayload)
     if (!*ppCoordinate)
         return aRet;
     aRet.x = atoi(*ppCoordinate);
+    if (aRet.x < 0)
+        aRet.x = 0;
     ++ppCoordinate;
     if (!*ppCoordinate)
         return aRet;
     aRet.y = atoi(*ppCoordinate);
+    if (aRet.y < 0)
+        aRet.y = 0;
     ++ppCoordinate;
     if (!*ppCoordinate)
         return aRet;
     aRet.width = atoi(*ppCoordinate);
+    if (aRet.x + aRet.width > m_nDocumentWidthTwips)
+        aRet.width = m_nDocumentWidthTwips - aRet.x;
     ++ppCoordinate;
     if (!*ppCoordinate)
         return aRet;
     aRet.height = atoi(*ppCoordinate);
+    if (aRet.y + aRet.height > m_nDocumentHeightTwips)
+        aRet.height = m_nDocumentHeightTwips - aRet.y;
     g_strfreev(ppCoordinates);
     return aRet;
 }
-- 
2.12.0
rpms / libreoffice

Source Code

Files
