From b049bfd09192d01aa5dcbc48975cf9eb3e1997b9 Mon Sep 17 00:00:00 2001 From: Pranav Kant Date: Fri, 5 Jun 2015 17:06:54 +0530 Subject: [PATCH 019/398] lokdocview: check payload for inconsistencies before using it Lets follow the old advice: "Be liberal in what you accept, be strict in what you produce". This is after noticing negative values for x, y in the payload in some situation, such as, hitting a backspace key when the cursor is at the start of a line Change-Id: I11939b981f75969b88214baee66b4c69c5e41906 (cherry picked from commit 35e03615066a6525e0259ff1823a0da0c2d4820a) --- libreofficekit/source/gtk/lokdocview.cxx | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libreofficekit/source/gtk/lokdocview.cxx b/libreofficekit/source/gtk/lokdocview.cxx index 48b3ed6e2080..d9e8c14aa9d5 100644 --- a/libreofficekit/source/gtk/lokdocview.cxx +++ b/libreofficekit/source/gtk/lokdocview.cxx @@ -187,9 +187,9 @@ struct LOKDocView_Impl */ void renderDocument(GdkRectangle* pPartial); /// Returns the GdkRectangle of a x,y,width,height string. - static GdkRectangle payloadToRectangle(const char* pPayload); + GdkRectangle payloadToRectangle(const char* pPayload); /// Returns the GdkRectangles of a x1,y1,w1,h1;x2,y2,w2,h2;... string. - static std::vector payloadToRectangles(const char* pPayload); + std::vector payloadToRectangles(const char* pPayload); /// Returns the string representation of a LibreOfficeKitCallbackType enumeration element. static const char* callbackTypeToString(int nType); /// Invoked on the main thread if callbackWorker() requests so. @@ -853,18 +853,26 @@ GdkRectangle LOKDocView_Impl::payloadToRectangle(const char* pPayload) if (!*ppCoordinate) return aRet; aRet.x = atoi(*ppCoordinate); + if (aRet.x < 0) + aRet.x = 0; ++ppCoordinate; if (!*ppCoordinate) return aRet; aRet.y = atoi(*ppCoordinate); + if (aRet.y < 0) + aRet.y = 0; ++ppCoordinate; if (!*ppCoordinate) return aRet; aRet.width = atoi(*ppCoordinate); + if (aRet.x + aRet.width > m_nDocumentWidthTwips) + aRet.width = m_nDocumentWidthTwips - aRet.x; ++ppCoordinate; if (!*ppCoordinate) return aRet; aRet.height = atoi(*ppCoordinate); + if (aRet.y + aRet.height > m_nDocumentHeightTwips) + aRet.height = m_nDocumentHeightTwips - aRet.y; g_strfreev(ppCoordinates); return aRet; } -- 2.12.0