ofz#35597 Null-dereference READ

add a check for null getTextBody() return unfold it a bit while I'm at it Change-Id: Ib0286048536ad576b520e1adb08fa9b36da9243f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117938 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolanm@redhat.com> (cherry picked from commit 00a658ff104623d4e7fc984b5fc82d1a7e2607f2) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117870 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> Reviewed-by: Jan Holesovsky <kendy@collabora.com>
author: Caolán McNamara <caolanm@redhat.com> 2021-06-26 19:26:40 +0100
committer: Jan Holesovsky <kendy@collabora.com> 2021-06-30 09:52:52 +0200
commit: ac8909a033bab9edd424c6f95c87cb71c0e2ff2c (patch)
tree: b722afdc825a49675525fd8823657a289da9f33c
parent: Bump version to 6.4-42 (diff)
download: core-ac8909a033bab9edd424c6f95c87cb71c0e2ff2c.tar.gz
core-ac8909a033bab9edd424c6f95c87cb71c0e2ff2c.zip
3 files changed, 23 insertions, 13 deletions
diff --git a/include/oox/ppt/pptshape.hxx b/include/oox/ppt/pptshape.hxx
index e1cc9965fd57..71af3a08e291 100644
--- a/include/oox/ppt/pptshape.hxx
+++ b/include/oox/ppt/pptshape.hxx
@@ -54,6 +54,8 @@ class PPTShape final : public oox::drawingml::Shape
     /// Set if spPr tag is non empty for the shape
     bool mbHasNoninheritedShapeProperties;
 
+    bool IsPlaceHolderCandidate(const SlidePersist& rSlidePersist) const;
+
 public:
 
     PPTShape( const oox::ppt::ShapeLocation eShapeLocation,
diff --git a/oox/source/ppt/pptshape.cxx b/oox/source/ppt/pptshape.cxx
index 6620476d986c..533b49ac8b6f 100644
--- a/oox/source/ppt/pptshape.cxx
+++ b/oox/source/ppt/pptshape.cxx
@@ -92,7 +92,7 @@ static const char* lclDebugSubType( sal_Int32 nType )
 
 namespace
 {
-bool ShapeHasNoVisualPropertiesOnImport(oox::ppt::PPTShape& rPPTShape)
+bool ShapeHasNoVisualPropertiesOnImport(const oox::ppt::PPTShape& rPPTShape)
 {
     return  !rPPTShape.hasNonInheritedShapeProperties()
             && !rPPTShape.hasShapeStyleRefs()
@@ -128,6 +128,23 @@ oox::drawingml::TextListStylePtr PPTShape::getSubTypeTextListStyle( const SlideP
     return pTextListStyle;
 }
 
+bool PPTShape::IsPlaceHolderCandidate(const SlidePersist& rSlidePersist) const
+{
+    if (meShapeLocation != Slide)
+        return false;
+    if (rSlidePersist.isNotesPage())
+        return false;
+    auto pTextBody = getTextBody();
+    if (!pTextBody)
+        return false;
+    auto rParagraphs = pTextBody->getParagraphs();
+    if (rParagraphs.size() != 1)
+        return false;
+    if (rParagraphs.front()->getRuns().size() != 1)
+        return false;
+    return ShapeHasNoVisualPropertiesOnImport(*this);
+}
+
 void PPTShape::addShape(
         oox::core::XmlFilterBase& rFilterBase,
         const SlidePersist& rSlidePersist,
@@ -196,10 +213,7 @@ void PPTShape::addShape(
                 }
                 break;
                 case XML_dt :
-                    if ( meShapeLocation == Slide && !rSlidePersist.isNotesPage()
-                         && getTextBody()->getParagraphs().size() == 1
-                         && getTextBody()->getParagraphs().front()->getRuns().size() == 1
-                         && ShapeHasNoVisualPropertiesOnImport(*this) )
+                    if (IsPlaceHolderCandidate(rSlidePersist))
                     {
                         TextRunPtr& pTextRun = getTextBody()->getParagraphs().front()->getRuns().front();
                         oox::drawingml::TextField* pTextField = dynamic_cast<oox::drawingml::TextField*>(pTextRun.get());
@@ -235,10 +249,7 @@ void PPTShape::addShape(
                     bClearText = true;
                 break;
                 case XML_ftr :
-                    if ( meShapeLocation == Slide && !rSlidePersist.isNotesPage()
-                         && getTextBody()->getParagraphs().size() == 1
-                         && getTextBody()->getParagraphs().front()->getRuns().size() == 1
-                         && ShapeHasNoVisualPropertiesOnImport(*this) )
+                    if (IsPlaceHolderCandidate(rSlidePersist))
                     {
                         const OUString& rFooterText = getTextBody()->toString();
 
@@ -256,10 +267,7 @@ void PPTShape::addShape(
                     bClearText = true;
                 break;
                 case XML_sldNum :
-                    if (meShapeLocation == Slide && !rSlidePersist.isNotesPage()
-                        && getTextBody()->getParagraphs().size() == 1
-                        && getTextBody()->getParagraphs().front()->getRuns().size() == 1
-                        && ShapeHasNoVisualPropertiesOnImport(*this))
+                    if (IsPlaceHolderCandidate(rSlidePersist))
                     {
                         TextRunPtr& pTextRun
                             = getTextBody()->getParagraphs().front()->getRuns().front();
diff --git a/sd/qa/unit/data/pptx/pass/ofz35597-1.pptx b/sd/qa/unit/data/pptx/pass/ofz35597-1.pptx
new file mode 100644
index 000000000000..e7fcacc25482
--- /dev/null
+++ b/sd/qa/unit/data/pptx/pass/ofz35597-1.pptx
author	Caolán McNamara <caolanm@redhat.com>	2021-06-26 19:26:40 +0100
committer	Jan Holesovsky <kendy@collabora.com>	2021-06-30 09:52:52 +0200
commit	ac8909a033bab9edd424c6f95c87cb71c0e2ff2c (patch)
tree	b722afdc825a49675525fd8823657a289da9f33c
parent	Bump version to 6.4-42 (diff)
download	core-ac8909a033bab9edd424c6f95c87cb71c0e2ff2c.tar.gz core-ac8909a033bab9edd424c6f95c87cb71c0e2ff2c.zip