add tests for CVE-2008-1097, etc.

Change-Id: Iad6948fdf6eb60f86d764783b72a4fe7f5642e40

10 files changed, 128 insertions, 17 deletions

diff --git a/filter/CppunitTest_filter_pcx_test.mk b/filter/CppunitTest_filter_pcx_test.mk
new file mode 100644
index 000000000000..5a5f6d6e08be
--- /dev/null
+++ b/filter/CppunitTest_filter_pcx_test.mk
@@ -0,0 +1,41 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_CppunitTest_CppunitTest,filter_pcx_test))
+
+$(eval $(call gb_CppunitTest_use_external,filter_pcx_test,boost_headers))
+
+$(eval $(call gb_CppunitTest_add_exception_objects,filter_pcx_test, \
+    filter/qa/cppunit/filters-pcx-test \
+))
+
+$(eval $(call gb_CppunitTest_use_libraries,filter_pcx_test, \
+    ipx \
+	sal \
+	test \
+	tl \
+	unotest \
+	vcl \
+	$(gb_UWINAPI) \
+))
+
+$(eval $(call gb_CppunitTest_use_api,filter_pcx_test,\
+    udkapi \
+    offapi \
+))
+
+$(eval $(call gb_CppunitTest_use_ure,filter_pcx_test))
+
+$(eval $(call gb_CppunitTest_use_components,filter_pcx_test,\
+    configmgr/source/configmgr \
+))
+
+$(eval $(call gb_CppunitTest_use_configuration,filter_pcx_test))
+
+# vim: set noet sw=4 ts=4:
diff --git a/filter/Module_filter.mk b/filter/Module_filter.mk
index 65712421f231..d37d91b548d9 100644
--- a/filter/Module_filter.mk
+++ b/filter/Module_filter.mk
@@ -83,10 +83,11 @@ $(eval $(call gb_Module_add_check_targets,filter,\
 
 ifneq ($(DISABLE_CVE_TESTS),TRUE)
 $(eval $(call gb_Module_add_check_targets,filter,\
+    CppunitTest_filter_pcx_test \
     CppunitTest_filter_pict_test \
     CppunitTest_filter_ras_test \
-    CppunitTest_filter_tga_test \
     CppunitTest_filter_tiff_test \
+    CppunitTest_filter_tga_test \
 ))
 endif
 
diff --git a/filter/qa/cppunit/data/pcx/fail/.gitignore b/filter/qa/cppunit/data/pcx/fail/.gitignore
new file mode 100644
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/filter/qa/cppunit/data/pcx/fail/.gitignore
diff --git a/filter/qa/cppunit/data/pcx/fail/CVE-2008-1097-1.pcx b/filter/qa/cppunit/data/pcx/fail/CVE-2008-1097-1.pcx
new file mode 100644
index 000000000000..c55c64ed9a8a
--- /dev/null
+++ b/filter/qa/cppunit/data/pcx/fail/CVE-2008-1097-1.pcx
diff --git a/filter/qa/cppunit/data/pcx/indeterminate/.gitignore b/filter/qa/cppunit/data/pcx/indeterminate/.gitignore
new file mode 100644
index 000000000000..583b009c7c60
--- /dev/null
+++ b/filter/qa/cppunit/data/pcx/indeterminate/.gitignore
@@ -0,0 +1 @@
+*.wmf-*
diff --git a/filter/qa/cppunit/data/pcx/pass/.gitignore b/filter/qa/cppunit/data/pcx/pass/.gitignore
new file mode 100644
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/filter/qa/cppunit/data/pcx/pass/.gitignore
diff --git a/filter/qa/cppunit/data/pcx/pass/rhbz469075-1.pcx b/filter/qa/cppunit/data/pcx/pass/rhbz469075-1.pcx
new file mode 100644
index 000000000000..d928c08908ba
--- /dev/null
+++ b/filter/qa/cppunit/data/pcx/pass/rhbz469075-1.pcx
diff --git a/filter/qa/cppunit/filters-pcx-test.cxx b/filter/qa/cppunit/filters-pcx-test.cxx
new file mode 100644
index 000000000000..678b2673956e
--- /dev/null
+++ b/filter/qa/cppunit/filters-pcx-test.cxx
@@ -0,0 +1,71 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <unotest/filters-test.hxx>
+#include <test/bootstrapfixture.hxx>
+#include <vcl/FilterConfigItem.hxx>
+#include <tools/stream.hxx>
+#include <vcl/graph.hxx>
+
+#include <osl/file.hxx>
+#include <osl/process.h>
+
+extern "C"
+{
+    SAL_DLLPUBLIC_EXPORT bool SAL_CALL
+        GraphicImport(SvStream & rStream, Graphic & rGraphic,
+        FilterConfigItem*);
+}
+
+using namespace ::com::sun::star;
+
+/* Implementation of Filters test */
+
+class RasFilterTest
+    : public test::FiltersTest
+    , public test::BootstrapFixture
+{
+public:
+    RasFilterTest() : BootstrapFixture(true, false) {}
+
+    virtual bool load(const OUString &,
+        const OUString &rURL, const OUString &,
+        unsigned int, unsigned int, unsigned int) SAL_OVERRIDE;
+
+    /**
+     * Ensure CVEs remain unbroken
+     */
+    void testCVEs();
+
+    CPPUNIT_TEST_SUITE(RasFilterTest);
+    CPPUNIT_TEST(testCVEs);
+    CPPUNIT_TEST_SUITE_END();
+};
+
+bool RasFilterTest::load(const OUString &,
+    const OUString &rURL, const OUString &,
+    unsigned int, unsigned int, unsigned int)
+{
+    SvFileStream aFileStream(rURL, STREAM_READ);
+    Graphic aGraphic;
+    return GraphicImport(aFileStream, aGraphic, NULL);
+}
+
+void RasFilterTest::testCVEs()
+{
+    testDir(OUString(),
+        getURLFromSrc("/filter/qa/cppunit/data/pcx/"),
+        OUString());
+}
+
+CPPUNIT_TEST_SUITE_REGISTRATION(RasFilterTest);
+
+CPPUNIT_PLUGIN_IMPLEMENT();
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/filter/source/graphicfilter/ipcx/ipcx.cxx b/filter/source/graphicfilter/ipcx/ipcx.cxx
index 23f5ee2564d5..abad65fddb65 100644
--- a/filter/source/graphicfilter/ipcx/ipcx.cxx
+++ b/filter/source/graphicfilter/ipcx/ipcx.cxx
@@ -160,10 +160,7 @@ sal_Bool PCXReader::ReadPCX(Graphic & rGraphic)
 
 void PCXReader::ImplReadHeader()
 {
-    sal_uInt8 nbyte;
-    sal_uInt16 nushort;
-    sal_uInt16 nMinX,nMinY,nMaxX,nMaxY;
-
+    sal_uInt8 nbyte(0);
     m_rPCX.ReadUChar( nbyte ).ReadUChar( nVersion ).ReadUChar( nEncoding );
     if ( nbyte!=0x0a || (nVersion != 0 && nVersion != 2 && nVersion != 3 && nVersion != 5) || nEncoding > 1 )
     {
@@ -171,7 +168,9 @@ void PCXReader::ImplReadHeader()
         return;
     }
 
+    nbyte = 0;
     m_rPCX.ReadUChar( nbyte ); nBitsPerPlanePix = (sal_uLong)nbyte;
+    sal_uInt16 nMinX(0),nMinY(0),nMaxX(0),nMaxY(0);
     m_rPCX.ReadUInt16( nMinX ).ReadUInt16( nMinY ).ReadUInt16( nMaxX ).ReadUInt16( nMaxY );
 
     if ((nMinX > nMaxX) || (nMinY > nMaxY))
@@ -191,7 +190,9 @@ void PCXReader::ImplReadHeader()
     ImplReadPalette( 16 );
 
     m_rPCX.SeekRel( 1 );
+    nbyte = 0;
     m_rPCX.ReadUChar( nbyte );   nPlanes = (sal_uLong)nbyte;
+    sal_uInt16 nushort(0);
     m_rPCX.ReadUInt16( nushort ); nBytesPerPlaneLin = (sal_uLong)nushort;
     m_rPCX.ReadUInt16( nPaletteInfo );
 
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx b/filter/source/graphicfilter/itiff/itiff.cxx
index 344441832b03..0949e237a550 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -219,18 +219,16 @@ sal_uLong TIFFReader::DataTypeSize()
     return nSize;
 }
 
-
-
 sal_uLong TIFFReader::ReadIntData()
 {
-    double  nDOUBLE;
-    float   nFLOAT;
-    sal_uInt32  nUINT32a, nUINT32b;
-    sal_Int32   nINT32;
-    sal_uInt16  nUINT16;
-    sal_Int16   nINT16;
-    sal_uInt8   nBYTE;
-    char    nCHAR;
+    double  nDOUBLE(0.0);
+    float   nFLOAT(0);
+    sal_uInt32  nUINT32a(0), nUINT32b(0);
+    sal_Int32   nINT32(0);
+    sal_uInt16  nUINT16(0);
+    sal_Int16   nINT16(0);
+    sal_uInt8   nBYTE(0);
+    char    nCHAR(0);
 
     switch( nDataType )
     {
@@ -282,8 +280,6 @@ sal_uLong TIFFReader::ReadIntData()
     return nUINT32a;
 }
 
-
-
 double TIFFReader::ReadDoubleData()
 {
     sal_uInt32 nulong;