From f974db5d89eacf0c23e303c22c62972014e9db16 Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Wed, 25 Feb 2015 10:50:59 +0000 Subject: check if reads were successful MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I69ab0ca9c017c9a1c10d18fd850f32a92c641d12 Reviewed-on: https://gerrit.libreoffice.org/14631 Reviewed-by: Caolán McNamara Tested-by: Caolán McNamara --- hwpfilter/source/drawdef.h | 12 +- hwpfilter/source/drawing.h | 284 +++++++++++++++++++++++++++---------------- hwpfilter/source/hbox.h | 4 +- hwpfilter/source/hinfo.cxx | 104 ++++++++++++---- hwpfilter/source/hiodev.cxx | 117 ++++++++++++------ hwpfilter/source/hiodev.h | 24 ++-- hwpfilter/source/hpara.cxx | 33 +++-- hwpfilter/source/htags.h | 2 +- hwpfilter/source/hwpfile.cxx | 80 +++++++----- hwpfilter/source/hwpfile.h | 10 +- hwpfilter/source/hwplib.h | 11 -- hwpfilter/source/hwpread.cxx | 69 ++++++----- 12 files changed, 481 insertions(+), 269 deletions(-) (limited to 'hwpfilter') diff --git a/hwpfilter/source/drawdef.h b/hwpfilter/source/drawdef.h index 52b3a9d51a04..b80c18b82b62 100644 --- a/hwpfilter/source/drawdef.h +++ b/hwpfilter/source/drawdef.h @@ -69,11 +69,11 @@ struct BAREHWPDOProperty int line_pstyle; int line_hstyle; int line_tstyle; - DWORD line_color; + unsigned int line_color; hunit line_width; - DWORD fill_color; + unsigned int fill_color; uint pattern_type; - DWORD pattern_color; + unsigned int pattern_color; hunit hmargin; hunit vmargin; uint flag; @@ -122,11 +122,11 @@ struct HWPDOProperty int line_pstyle; /* 선 중간 모양 */ int line_hstyle; /* 끝 화살표 모양 */ int line_tstyle; /* 시작 모양 */ - DWORD line_color; + unsigned int line_color; hunit line_width; - DWORD fill_color; + unsigned int fill_color; uint pattern_type; - DWORD pattern_color; + unsigned int pattern_color; hunit hmargin; hunit vmargin; uint flag; diff --git a/hwpfilter/source/drawing.h b/hwpfilter/source/drawing.h index 8190d0e9b9b2..b542355c738d 100644 --- a/hwpfilter/source/drawing.h +++ b/hwpfilter/source/drawing.h @@ -124,7 +124,6 @@ inline bool HAS_PAT(HWPDrawingObject * hdo) HAVE_GRADATION(hdo) || HAVE_BITMAP_PATTERN(hdo); } - static void SetHdoParallRgn(HWPDrawingObject * hdo, int width, int height) { hdo->property.parall.pt[0].x = 0; @@ -135,37 +134,37 @@ static void SetHdoParallRgn(HWPDrawingObject * hdo, int width, int height) hdo->property.parall.pt[2].y = height; } - static bool SkipPrivateBlock(int type) { int n; if (type == OBJRET_FILE_NO_PRIVATE_BLOCK) { - n = hmem->read4b(); + if (!hmem->read4b(n)) + return false; if (hmem->state() || hmem->skipBlock(n) != n) return false; } - n = hmem->read4b(); + if (!hmem->read4b(n)) + return false; if (hmem->state()) return false; return hmem->skipBlock(n) == n; } - static int SizeExpected; static int SizeRead; static int ReadSizeField(int size) { SizeExpected = size; - SizeRead = hmem->read4b(); + if (!hmem->read4b(SizeRead)) + return -1; if (hmem->state()) return -1; return SizeRead; } - static bool SkipUnusedField(void) { return (SizeExpected < SizeRead) ? @@ -179,62 +178,94 @@ static bool SkipUnusedField(void) #define HDOFILE_HAS_NEXT 0x01 #define HDOFILE_HAS_CHILD 0x02 -static bool LoadCommonHeader(HWPDrawingObject * hdo, WORD * link_info) +static bool LoadCommonHeader(HWPDrawingObject * hdo, unsigned short * link_info) { uint size, common_size; - if( !hmem ) - return FALSE; - size = hmem->read4b(); + if (!hmem) + return false; + if (!hmem->read4b(size)) + return false; if (hmem->state()) - { - return FALSE; - } + return false; if (size < HDOFILE_COMMON_SIZE) - { - return FALSE; - } + return false; common_size = HDOFILE_COMMON_SIZE; - hdo->type = hmem->read2b(); - *link_info = sal::static_int_cast(hmem->read2b()); - hdo->offset.x = hmem->read4b(); - hdo->offset.y = hmem->read4b(); - hdo->extent.w = hmem->read4b(); - hdo->extent.h = hmem->read4b(); - hdo->offset2.x = hmem->read4b(); - hdo->offset2.y = hmem->read4b(); + unsigned short tmp16; + if (!hmem->read2b(tmp16)) + return false; + hdo->type = tmp16; + if (!hmem->read2b(tmp16)) + return false; + *link_info = tmp16; + if (!hmem->read4b(hdo->offset.x)) + return false; + if (!hmem->read4b(hdo->offset.y)) + return false; + if (!hmem->read4b(hdo->extent.w)) + return false; + return false; + if (!hmem->read4b(hdo->extent.h)) + return false; + if (!hmem->read4b(hdo->offset2.x)) + return false; + if (!hmem->read4b(hdo->offset2.y)) + return false; if (hmem->state()) - return FALSE; + return false; - hdo->vrect.x = hmem->read4b(); - hdo->vrect.y = hmem->read4b(); - hdo->vrect.w = hmem->read4b(); - hdo->vrect.h = hmem->read4b(); + if (!hmem->read4b(hdo->vrect.x)) + return false; + if (!hmem->read4b(hdo->vrect.y)) + return false; + if (!hmem->read4b(hdo->vrect.w)) + return false; + if (!hmem->read4b(hdo->vrect.h)) + return false; // read bare property 44 bytes - hdo->property.line_pstyle = hmem->read4b(); - hdo->property.line_hstyle = hmem->read4b(); - hdo->property.line_tstyle = hmem->read4b(); - hdo->property.line_color = hmem->read4b(); - hdo->property.line_width = (hunit) hmem->read4b(); - hdo->property.fill_color = hmem->read4b(); - hdo->property.pattern_type = hmem->read4b(); - hdo->property.pattern_color = hmem->read4b(); - hdo->property.hmargin = (hunit) hmem->read4b(); - hdo->property.vmargin = (hunit) hmem->read4b(); - hdo->property.flag = hmem->read4b(); -// read ratation property 32 bytes + if (!hmem->read4b(hdo->property.line_pstyle)) + return false; + if (!hmem->read4b(hdo->property.line_hstyle)) + return false; + if (!hmem->read4b(hdo->property.line_tstyle)) + return false; + if (!hmem->read4b(hdo->property.line_color)) + return false; + unsigned int tmp32; + if (!hmem->read4b(tmp32)) + return false; + hdo->property.line_width = static_cast(tmp32); + if (!hmem->read4b(hdo->property.fill_color)) + return false; + if (!hmem->read4b(hdo->property.pattern_type)) + return false; + if (!hmem->read4b(hdo->property.pattern_color)) + return false; + if (!hmem->read4b(tmp32)) + return false; + hdo->property.hmargin = static_cast(tmp32); + if (!hmem->read4b(tmp32)) + return false; + hdo->property.vmargin = static_cast(tmp32); + if (!hmem->read4b(hdo->property.flag)) + return false; +// read rotation property 32 bytes if ((size >= common_size + 32) && (hdo->property.flag & HWPDO_FLAG_ROTATION)) { - hdo->property.rot_originx = hmem->read4b(); - hdo->property.rot_originy = hmem->read4b(); - for (int ii = 0; ii < 3; ii++) + if (!hmem->read4b(hdo->property.rot_originx)) + return false; + if (!hmem->read4b(hdo->property.rot_originy)) + return false; + for (int ii = 0; ii < 3; ++ii) { - hdo->property.parall.pt[ii].x = hmem->read4b(); - hdo->property.parall.pt[ii].y = hmem->read4b(); + if (!hmem->read4b(hdo->property.parall.pt[ii].x)) + return false; + if (!hmem->read4b(hdo->property.parall.pt[ii].y)) + return false; } common_size += 32; } @@ -245,13 +276,20 @@ static bool LoadCommonHeader(HWPDrawingObject * hdo, WORD * link_info) if ((size >= common_size + 28) && (hdo->property.flag & HWPDO_FLAG_GRADATION)) { - hdo->property.fromcolor = hmem->read4b(); - hdo->property.tocolor = hmem->read4b(); - hdo->property.gstyle = hmem->read4b(); - hdo->property.angle = hmem->read4b(); - hdo->property.center_x = hmem->read4b(); - hdo->property.center_y = hmem->read4b(); - hdo->property.nstep = hmem->read4b(); + if (!hmem->read4b(hdo->property.fromcolor)) + return false; + if (!hmem->read4b(hdo->property.tocolor)) + return false; + if (!hmem->read4b(hdo->property.gstyle)) + return false; + if (!hmem->read4b(hdo->property.angle)) + return false; + if (!hmem->read4b(hdo->property.center_x)) + return false; + if (!hmem->read4b(hdo->property.center_y)) + return false; + if (!hmem->read4b(hdo->property.nstep)) + return false; common_size += 28; } @@ -259,54 +297,69 @@ static bool LoadCommonHeader(HWPDrawingObject * hdo, WORD * link_info) if ((size >= common_size + 278) && \ (hdo->property.flag & HWPDO_FLAG_BITMAP)) { - hdo->property.offset1.x = hmem->read4b(); - hdo->property.offset1.y = hmem->read4b(); - hdo->property.offset2.x = hmem->read4b(); - hdo->property.offset2.y = hmem->read4b(); + if (!hmem->read4b(hdo->property.offset1.x)) + return false; + if (!hmem->read4b(hdo->property.offset1.y)) + return false; + if (!hmem->read4b(hdo->property.offset2.x)) + return false; + if (!hmem->read4b(hdo->property.offset2.y)) + return false; if (!hmem->readBlock(hdo->property.szPatternFile, 261)) - return FALSE; - hdo->property.pictype = sal::static_int_cast(hmem->read1b()); + return false; + if (!hmem->read1b(hdo->property.pictype)) + return false; common_size += 278; } if( ( size >= common_size + 3 ) && ( hdo->property.flag & HWPDO_FLAG_WATERMARK ) ) //if( ( size >= common_size ) && ( hdo->property.flag >> 20 & 0x01 ) ) { - if( size - common_size >= 5 ) - hmem->skipBlock( 2 ); - hdo->property.luminance = hmem->read1b(); - hdo->property.contrast = hmem->read1b(); - hdo->property.greyscale = hmem->read1b(); - common_size += 5; - } - else{ - hdo->property.luminance = 0; - hdo->property.contrast = 0; - hdo->property.greyscale = 0; + if (size - common_size >= 5) + hmem->skipBlock(2); + unsigned char tmp8; + if (!hmem->read1b(tmp8)) + return false; + hdo->property.luminance = tmp8; + if (!hmem->read1b(tmp8)) + return false; + hdo->property.contrast = tmp8; + if (!hmem->read1b(tmp8)) + return false; + hdo->property.greyscale = tmp8; + + common_size += 5; + } + else + { + hdo->property.luminance = 0; + hdo->property.contrast = 0; + hdo->property.greyscale = 0; } - hdo->property.pPara = 0L; + hdo->property.pPara = 0L; - if( ( size > common_size ) && (hdo->property.flag & HWPDO_FLAG_AS_TEXTBOX) ) - { - hmem->skipBlock(8); - hdo->property.pPara = LoadParaList(); - if( hdo->property.pPara ) - return TRUE; - else - return FALSE; + if( ( size > common_size ) && (hdo->property.flag & HWPDO_FLAG_AS_TEXTBOX) ) + { + hmem->skipBlock(8); + hdo->property.pPara = LoadParaList(); + if( hdo->property.pPara ) + return true; + else + return false; } - if( size <= common_size ) - return TRUE; + if (size <= common_size) + return true; return hmem->skipBlock(size - common_size ) != 0; } - static HWPDrawingObject *LoadDrawingObject(void) { + fprintf(stderr, "LoadDrawingObject\n"); + HWPDrawingObject *hdo, *head, *prev; int res; - WORD link_info; + unsigned short link_info; head = prev = NULL; do @@ -365,6 +418,11 @@ static HWPDrawingObject *LoadDrawingObject(void) if (hdo != NULL) { + if (hdo->type < 0 || hdo->type >= HWPDO_NITEMS) + { + hdo->type = HWPDO_RECT; + } + HWPDOFunc(hdo, OBJFUNC_FREE, NULL, 0); delete hdo; } @@ -380,17 +438,25 @@ static HWPDrawingObject *LoadDrawingObject(void) static bool LoadDrawingObjectBlock(Picture * pic) { - int size = hmem->read4b(); + int size; + if (!hmem->read4b(size)) + return false; if (hmem->state() || size < HDOFILE_HEADER_SIZE) return false; - pic->picinfo.picdraw.zorder = hmem->read4b(); - pic->picinfo.picdraw.mbrcnt = hmem->read4b(); - pic->picinfo.picdraw.vrect.x = hmem->read4b(); - pic->picinfo.picdraw.vrect.y = hmem->read4b(); - pic->picinfo.picdraw.vrect.w = hmem->read4b(); - pic->picinfo.picdraw.vrect.h = hmem->read4b(); + if (!hmem->read4b(pic->picinfo.picdraw.zorder)) + return false; + if (!hmem->read4b(pic->picinfo.picdraw.mbrcnt)) + return false; + if (!hmem->read4b(pic->picinfo.picdraw.vrect.x)) + return false; + if (!hmem->read4b(pic->picinfo.picdraw.vrect.y)) + return false; + if (!hmem->read4b(pic->picinfo.picdraw.vrect.w)) + return false; + if (!hmem->read4b(pic->picinfo.picdraw.vrect.h)) + return false; if (size > HDOFILE_HEADER_SIZE && !hmem->skipBlock(size - HDOFILE_HEADER_SIZE)) @@ -402,9 +468,7 @@ static bool LoadDrawingObjectBlock(Picture * pic) return true; } - // object manipulation function - static int HWPDODefaultFunc(int , HWPDrawingObject * , int cmd, void *, int) { @@ -413,7 +477,6 @@ HWPDODefaultFunc(int , HWPDrawingObject * , int cmd, void *, int) return OBJRET_FILE_OK; } - static int HWPDOLineFunc(int type, HWPDrawingObject * hdo, int cmd, void *argp, int argv) { @@ -423,7 +486,8 @@ HWPDOLineFunc(int type, HWPDrawingObject * hdo, int cmd, void *argp, int argv) case OBJFUNC_LOAD: if (ReadSizeField(4) < 4) return OBJRET_FILE_ERROR; - hdo->u.line_arc.flip = hmem->read4b(); + if (!hmem->read4b(hdo->u.line_arc.flip)) + return OBJRET_FILE_ERROR; if (hmem->state()) return OBJRET_FILE_ERROR; if (!SkipUnusedField()) @@ -466,11 +530,14 @@ int cmd, void *argp, int argv) case OBJFUNC_LOAD: if (ReadSizeField(16) < 16) return OBJRET_FILE_ERROR; - hdo->u.arc.radial[0].x = hmem->read4b(); - hdo->u.arc.radial[0].y = hmem->read4b(); - hdo->u.arc.radial[1].x = hmem->read4b(); - hdo->u.arc.radial[1].y = hmem->read4b(); - + if (!hmem->read4b(hdo->u.arc.radial[0].x)) + return OBJRET_FILE_ERROR; + if (!hmem->read4b(hdo->u.arc.radial[0].y)) + return OBJRET_FILE_ERROR; + if (!hmem->read4b(hdo->u.arc.radial[1].x)) + return OBJRET_FILE_ERROR; + if (!hmem->read4b(hdo->u.arc.radial[1].y)) + return OBJRET_FILE_ERROR; if (ReadSizeField(0) < 0) return OBJRET_FILE_ERROR; break; @@ -491,7 +558,8 @@ HWPDOArcFunc(int type, HWPDrawingObject * hdo, int cmd, void *argp, int argv) case OBJFUNC_LOAD: if (ReadSizeField(4) < 4) return OBJRET_FILE_ERROR; - hdo->u.line_arc.flip = hmem->read4b(); + if (!hmem->read4b(hdo->u.line_arc.flip)) + return OBJRET_FILE_ERROR; if (hmem->state()) return OBJRET_FILE_ERROR; if (!SkipUnusedField()) @@ -532,7 +600,8 @@ int cmd, void *argp, int argv) hdo->u.freeform.pt = 0; if (ReadSizeField(4) < 4) return OBJRET_FILE_ERROR; - hdo->u.freeform.npt = hmem->read4b(); + if (!hmem->read4b(hdo->u.freeform.npt)) + return OBJRET_FILE_ERROR; if (hmem->state()) return OBJRET_FILE_ERROR; if (!SkipUnusedField()) @@ -551,11 +620,16 @@ int cmd, void *argp, int argv) hdo->u.freeform.npt = 0; return OBJRET_FILE_ERROR; } - for (int ii = 0; ii < hdo->u.freeform.npt; ii++) + for (int ii = 0; ii < hdo->u.freeform.npt; ++ii) { - hdo->u.freeform.pt[ii].x = hmem->read4b(); - hdo->u.freeform.pt[ii].y = hmem->read4b(); + bool bFailure = false; + if (!hmem->read4b(hdo->u.freeform.pt[ii].x)) + bFailure = true; + if (!hmem->read4b(hdo->u.freeform.pt[ii].y)) + bFailure = true; if (hmem->state()) + bFailure = true; + if (bFailure) { delete[]hdo->u.freeform.pt; hdo->u.freeform.npt = 0; diff --git a/hwpfilter/source/hbox.h b/hwpfilter/source/hbox.h index 4d6a23194fc7..c1e5f18db777 100644 --- a/hwpfilter/source/hbox.h +++ b/hwpfilter/source/hbox.h @@ -75,7 +75,7 @@ struct HBox */ struct SkipData: public HBox { - ulong data_block_len; + uint data_block_len; hchar dummy; char *data_block; @@ -623,7 +623,7 @@ struct Picture: public FBox * follow_block_size is the size information of the Drawing object of hwp. * It's value is greater than 0 if the pictype is PICTYPE_DRAW. */ - ulong follow_block_size; /* 추가정보 길이. */ + uint follow_block_size; /* 추가정보 길이. */ short dummy1; // to not change structure size */ short dummy2; // to not change structure size */ uchar reserved1; diff --git a/hwpfilter/source/hinfo.cxx b/hwpfilter/source/hinfo.cxx index 38d3b22fe659..3a5bb21d7429 100644 --- a/hwpfilter/source/hinfo.cxx +++ b/hwpfilter/source/hinfo.cxx @@ -84,15 +84,34 @@ bool HWPInfo::Read(HWPFile & hwpf) hwpf.Read1b(&paper.paper_direction, 1); /* 용지 방향 */ // paper geometry information - paper.paper_height = (short) hwpf.Read2b(); /* 용지 길이 */ - paper.paper_width = (short) hwpf.Read2b(); /* 용지 너비 */ - paper.top_margin = (short) hwpf.Read2b(); /* 위쪽 여백 */ - paper.bottom_margin = (short) hwpf.Read2b(); /* 아래쪽 여백 */ - paper.left_margin = (short) hwpf.Read2b(); /* 왼쪽 여백 */ - paper.right_margin = (short) hwpf.Read2b(); /* 오른쪽 여백 */ - paper.header_length = (short) hwpf.Read2b(); /* 머리말 길이 */ - paper.footer_length = (short) hwpf.Read2b(); /* 꼬리말 길이 */ - paper.gutter_length = (short) hwpf.Read2b(); /* 제본여백 */ + unsigned short tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + paper.paper_height = tmp16; /* 용지 길이 */ + if (!hwpf.Read2b(tmp16)) + return false; + paper.paper_width = tmp16; /* 용지 너비 */ + if (!hwpf.Read2b(tmp16)) + return false; + paper.top_margin = tmp16; /* 위쪽 여백 */ + if (!hwpf.Read2b(tmp16)) + return false; + paper.bottom_margin = tmp16; /* 아래쪽 여백 */ + if (!hwpf.Read2b(tmp16)) + return false; + paper.left_margin = tmp16; /* 왼쪽 여백 */ + if (!hwpf.Read2b(tmp16)) + return false; + paper.right_margin = tmp16; /* 오른쪽 여백 */ + if (!hwpf.Read2b(tmp16)) + return false; + paper.header_length = tmp16; /* 머리말 길이 */ + if (!hwpf.Read2b(tmp16)) + return false; + paper.footer_length = tmp16; /* 꼬리말 길이 */ + if (!hwpf.Read2b(tmp16)) + return false; + paper.gutter_length = tmp16; /* 제본여백 */ hwpf.Read2b(&readonly, 1); /* 예약 */ hwpf.Read1b(reserved1, 4); /* 예약 */ hwpf.Read1b(&chain_info.chain_page_no, 1); /* 쪽 번호 연결 1-연결, 0-새로시작 (연결인쇄에서 사용) */ @@ -108,14 +127,25 @@ bool HWPInfo::Read(HWPFile & hwpf) // footnote hwpf.Read2b(&beginfnnum,1); /* 각주 시작번호 */ hwpf.Read2b(&countfn,1); /* 각주 갯수 */ - splinetext = (short) hwpf.Read2b(); - splinefn = (short) hwpf.Read2b(); - spfnfn = (short) hwpf.Read2b(); + + if (!hwpf.Read2b(tmp16)) + return false; + splinetext = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + splinefn = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + spfnfn = tmp16; hwpf.Read1b(&fnchar, 1); hwpf.Read1b(&fnlinetype, 1); // border layout for (int ii = 0; ii < 4; ++ii) - bordermargin[ii] = (short) hwpf.Read2b(); + { + if (!hwpf.Read2b(tmp16)) + return false; + bordermargin[ii] = tmp16; + } hwpf.Read2b(&borderline, 1); hwpf.Read1b(&empty_line_hide, 1); @@ -170,12 +200,23 @@ bool HWPSummary::Read(HWPFile & hwpf) bool ParaShape::Read(HWPFile & hwpf) { - pagebreak = 0; - left_margin = (short) hwpf.Read2b(); - right_margin = (short) hwpf.Read2b(); - indent = (short) hwpf.Read2b(); - lspacing = (short) hwpf.Read2b(); - pspacing_next = (short) hwpf.Read2b(); + pagebreak = 0; + unsigned short tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + left_margin = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + right_margin = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + indent = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + lspacing = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + pspacing_next = tmp16; hwpf.Read1b(&condense, 1); hwpf.Read1b(&arrange_type, 1); @@ -183,17 +224,27 @@ bool ParaShape::Read(HWPFile & hwpf) { hwpf.Read1b(&tabs[ii].type, 1); hwpf.Read1b(&tabs[ii].dot_continue, 1); - tabs[ii].position = (short) hwpf.Read2b(); + if (!hwpf.Read2b(tmp16)) + return false; + tabs[ii].position = tmp16; } hwpf.Read1b(&coldef.ncols, 1); hwpf.Read1b(&coldef.separator, 1); - coldef.spacing = (short) hwpf.Read2b(); - coldef.columnlen = (short) hwpf.Read2b(); - coldef.columnlen0 = (short) hwpf.Read2b(); + if (!hwpf.Read2b(tmp16)) + return false; + coldef.spacing = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + coldef.columnlen = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + coldef.columnlen0 = tmp16; hwpf.Read1b(&shade, 1); hwpf.Read1b(&outline, 1); hwpf.Read1b(&outline_continue, 1); - pspacing_prev = (short) hwpf.Read2b(); + if (!hwpf.Read2b(tmp16)) + return false; + pspacing_prev = tmp16; hwpf.Read1b(reserved, 2); return (!hwpf.State()); @@ -202,7 +253,10 @@ bool ParaShape::Read(HWPFile & hwpf) bool CharShape::Read(HWPFile & hwpf) { - size = (short) hwpf.Read2b(); + unsigned short tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + size = tmp16; hwpf.Read1b(font, NLanguage); hwpf.Read1b(ratio, NLanguage); hwpf.Read1b(space, NLanguage); diff --git a/hwpfilter/source/hiodev.cxx b/hwpfilter/source/hiodev.cxx index 8edba9226c0a..18471a26ea26 100644 --- a/hwpfilter/source/hiodev.cxx +++ b/hwpfilter/source/hiodev.cxx @@ -64,14 +64,14 @@ int HIODev::read1b(void *ptr, int nmemb) return -1; for (ii = 0; ii < nmemb; ii++) { - p[ii] = sal::static_int_cast(read1b()); + if (!read1b(p[ii])) + break; if (state()) break; } return ii; } - int HIODev::read2b(void *ptr, int nmemb) { ushort *p = (ushort *) ptr; @@ -81,24 +81,25 @@ int HIODev::read2b(void *ptr, int nmemb) return -1; for (ii = 0; ii < nmemb; ii++) { - p[ii] = sal::static_int_cast(read2b()); + if (!read2b(p[ii])) + break; if (state()) break; } return ii; } - int HIODev::read4b(void *ptr, int nmemb) { - ulong *p = (ulong *) ptr; + uint *p = (uint *) ptr; int ii; if (state()) return -1; for (ii = 0; ii < nmemb; ii++) { - p[ii] = read4b(); + if (!read4b(p[ii])) + break; if (state()) break; } @@ -177,39 +178,57 @@ bool HStreamIODev::setCompressed(bool flag) #define GZREAD(ptr,len) (_gzfp?gz_read(_gzfp,ptr,len):0) -int HStreamIODev::read1b() +bool HStreamIODev::read1b(unsigned char &out) { int res = (compressed) ? GZREAD(rBuf, 1) : _stream->readBytes(rBuf, 1); - if (res <= 0) - return -1; - else - return (unsigned char) rBuf[0]; + if (res < 1) + return false; + + out = (unsigned char)rBuf[0]; + return true; } +bool HStreamIODev::read1b(char &out) +{ + unsigned char tmp8; + if (!read1b(tmp8)) + return false; + out = tmp8; + return true; +} -int HStreamIODev::read2b() +bool HStreamIODev::read2b(unsigned short &out) { int res = (compressed) ? GZREAD(rBuf, 2) : _stream->readBytes(rBuf, 2); - if (res <= 0) - return -1; - else - return ((unsigned char) rBuf[1] << 8 | (unsigned char) rBuf[0]); -} + if (res < 2) + return false; + out = ((unsigned char) rBuf[1] << 8 | (unsigned char) rBuf[0]); + return true; +} -int HStreamIODev::read4b() +bool HStreamIODev::read4b(unsigned int &out) { int res = (compressed) ? GZREAD(rBuf, 4) : _stream->readBytes(rBuf, 4); - if (res <= 0) - return -1; - else - return ((unsigned char) rBuf[3] << 24 | (unsigned char) rBuf[2] << 16 | - (unsigned char) rBuf[1] << 8 | (unsigned char) rBuf[0]); + if (res < 4) + return false; + + out = ((unsigned char) rBuf[3] << 24 | (unsigned char) rBuf[2] << 16 | + (unsigned char) rBuf[1] << 8 | (unsigned char) rBuf[0]); + return true; } +bool HStreamIODev::read4b(int &out) +{ + unsigned int tmp32; + if (!read4b(tmp32)) + return false; + out = tmp32; + return true; +} int HStreamIODev::readBlock(void *ptr, int size) { @@ -221,7 +240,6 @@ int HStreamIODev::readBlock(void *ptr, int size) return count; } - int HStreamIODev::skipBlock(int size) { if (compressed){ @@ -296,36 +314,56 @@ bool HMemIODev::setCompressed(bool ) return false; } - -int HMemIODev::read1b() +bool HMemIODev::read1b(unsigned char &out) { if (pos <= length) - return ptr[pos++]; - else - return 0; + { + out = ptr[pos++]; + return true; + } + return false; } +bool HMemIODev::read1b(char &out) +{ + unsigned char tmp8; + if (!read1b(tmp8)) + return false; + out = tmp8; + return true; +} -int HMemIODev::read2b() +bool HMemIODev::read2b(unsigned short &out) { pos += 2; if (pos <= length) - return ptr[pos - 1] << 8 | ptr[pos - 2]; - else - return 0; + { + out = ptr[pos - 1] << 8 | ptr[pos - 2]; + return true; + } + return false; } - -int HMemIODev::read4b() +bool HMemIODev::read4b(unsigned int &out) { pos += 4; if (pos <= length) - return DWORD(ptr[pos - 1] << 24 | ptr[pos - 2] << 16 | - ptr[pos - 3] << 8 | ptr[pos - 4]); - else - return 0; + { + out = static_cast(ptr[pos - 1] << 24 | ptr[pos - 2] << 16 | + ptr[pos - 3] << 8 | ptr[pos - 4]); + return true; + } + return false; } +bool HMemIODev::read4b(int &out) +{ + unsigned int tmp32; + if (!read4b(tmp32)) + return false; + out = tmp32; + return true; +} int HMemIODev::readBlock(void *p, int size) { @@ -336,7 +374,6 @@ int HMemIODev::readBlock(void *p, int size) return size; } - int HMemIODev::skipBlock(int size) { if (length < pos + size) diff --git a/hwpfilter/source/hiodev.h b/hwpfilter/source/hiodev.h index def45bbed51c..967be2081cfc 100644 --- a/hwpfilter/source/hiodev.h +++ b/hwpfilter/source/hiodev.h @@ -52,9 +52,11 @@ class DLLEXPORT HIODev /* gzip routine wrapper */ virtual bool setCompressed( bool ) = 0; - virtual int read1b() = 0; - virtual int read2b() = 0; - virtual int read4b() = 0; + virtual bool read1b(unsigned char &out) = 0; + virtual bool read1b(char &out) = 0; + virtual bool read2b(unsigned short &out) = 0; + virtual bool read4b(unsigned int &out) = 0; + virtual bool read4b(int &out) = 0; virtual int readBlock( void *ptr, int size ) = 0; virtual int skipBlock( int size ) = 0; @@ -104,17 +106,19 @@ class HStreamIODev : public HIODev * Read one byte from stream */ using HIODev::read1b; - virtual int read1b() SAL_OVERRIDE; + virtual bool read1b(unsigned char &out) SAL_OVERRIDE; + virtual bool read1b(char &out) SAL_OVERRIDE; /** * Read 2 bytes from stream */ using HIODev::read2b; - virtual int read2b() SAL_OVERRIDE; + virtual bool read2b(unsigned short &out) SAL_OVERRIDE; /** * Read 4 bytes from stream */ using HIODev::read4b; - virtual int read4b() SAL_OVERRIDE; + virtual bool read4b(unsigned int &out) SAL_OVERRIDE; + virtual bool read4b(int &out) SAL_OVERRIDE; /** * Read some bytes from stream to given pointer as amount of size */ @@ -150,11 +154,13 @@ class HMemIODev : public HIODev /* gzip routine wrapper */ virtual bool setCompressed( bool ) SAL_OVERRIDE; using HIODev::read1b; - virtual int read1b() SAL_OVERRIDE; + virtual bool read1b(unsigned char &out) SAL_OVERRIDE; + virtual bool read1b(char &out) SAL_OVERRIDE; using HIODev::read2b; - virtual int read2b() SAL_OVERRIDE; + virtual bool read2b(unsigned short &out) SAL_OVERRIDE; using HIODev::read4b; - virtual int read4b() SAL_OVERRIDE; + virtual bool read4b(unsigned int &out) SAL_OVERRIDE; + virtual bool read4b(int &out) SAL_OVERRIDE; virtual int readBlock( void *ptr, int size ) SAL_OVERRIDE; virtual int skipBlock( int size ) SAL_OVERRIDE; protected: diff --git a/hwpfilter/source/hpara.cxx b/hwpfilter/source/hpara.cxx index 5a9be4eec83b..e26fb6f65cfd 100644 --- a/hwpfilter/source/hpara.cxx +++ b/hwpfilter/source/hpara.cxx @@ -31,14 +31,28 @@ bool LineInfo::Read(HWPFile & hwpf, HWPPara *pPara) { - pos = sal::static_int_cast(hwpf.Read2b()); - space_width = (short) hwpf.Read2b(); - height = (short) hwpf.Read2b(); + if (!hwpf.Read2b(pos)) + return false; + unsigned short tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + space_width = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + height = tmp16; // internal information - pgy = (short) hwpf.Read2b(); - sx = (short) hwpf.Read2b(); - psx = (short) hwpf.Read2b(); - pex = (short) hwpf.Read2b(); + if (!hwpf.Read2b(tmp16)) + return false; + pgy = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + sx = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + psx = tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + pex = tmp16; height_sp = 0; if( pex >> 15 & 0x01 ) @@ -202,7 +216,10 @@ CharShape *HWPPara::GetCharShape(int pos) HBox *HWPPara::readHBox(HWPFile & hwpf) { - hchar hh = sal::static_int_cast(hwpf.Read2b()); + hchar hh; + if (!hwpf.Read2b(hh)) + return 0; + HBox *hbox = 0; if (hwpf.State() != HWP_NoError) diff --git a/hwpfilter/source/htags.h b/hwpfilter/source/htags.h index a9c35fe1b569..9000d56068c0 100644 --- a/hwpfilter/source/htags.h +++ b/hwpfilter/source/htags.h @@ -54,7 +54,7 @@ struct HyperText struct OlePicture { int size; - ulong signature; + uint signature; #ifdef WIN32 IStorage *pis; #else diff --git a/hwpfilter/source/hwpfile.cxx b/hwpfilter/source/hwpfile.cxx index e248a3f46f99..862f85f6f364 100644 --- a/hwpfilter/source/hwpfile.cxx +++ b/hwpfilter/source/hwpfile.cxx @@ -132,40 +132,50 @@ int HWPFile::Open(HStream * stream) return HWP_NoError; } - - - int HWPFile::SetState(int errcode) { error_code = errcode; return error_code; } - -int HWPFile::Read1b(void) +bool HWPFile::Read1b(unsigned char &out) { - return hiodev ? hiodev->read1b() : -1; + return hiodev ? hiodev->read1b(out) : false; } - -int HWPFile::Read2b(void) +bool HWPFile::Read1b(char &out) { - return hiodev ? hiodev->read2b() : -1; + unsigned char tmp8; + if (!Read1b(tmp8)) + return false; + out = tmp8; + return true; } +bool HWPFile::Read2b(unsigned short &out) +{ + return hiodev ? hiodev->read2b(out) : false; +} -long HWPFile::Read4b(void) +bool HWPFile::Read4b(unsigned int &out) { - return hiodev ? hiodev->read4b() : -1; + return hiodev ? hiodev->read4b(out) : false; } +bool HWPFile::Read4b(int &out) +{ + unsigned int tmp32; + if (!Read4b(tmp32)) + return false; + out = tmp32; + return true; +} int HWPFile::Read1b(void *ptr, size_t nmemb) { return hiodev ? hiodev->read1b(ptr, nmemb) : 0; } - int HWPFile::Read2b(void *ptr, size_t nmemb) { return hiodev ? hiodev->read2b(ptr, nmemb) : 0; @@ -267,20 +277,23 @@ bool HWPFile::ReadParaList(std::list < HWPPara* > &aplist, unsigned char flag) return true; } - -bool HWPFile::TagsRead(void) +void HWPFile::TagsRead(void) { while (true) { - ulong tag = Read4b(); - long size = Read4b(); + uint tag; + if (!Read4b(tag)) + return; + uint size; + if (!Read4b(size)) + return; if (size <= 0 && tag > 0){ continue; } if (tag == FILETAG_END_OF_COMPRESSED || tag == FILETAG_END_OF_UNCOMPRESSED) - return true; + return; switch (tag) { case FILETAG_EMBEDDED_PICTURE: @@ -304,29 +317,39 @@ bool HWPFile::TagsRead(void) if( (size % 617) != 0 ) SkipBlock( size ); else - for( int i = 0 ; i < size/617 ; i++) { - HyperText *hypert = new HyperText; - hypert->Read(*this); - hyperlist.push_back(hypert); + for( uint i = 0 ; i < size/617 ; i++) + { + HyperText *hypert = new HyperText; + hypert->Read(*this); + hyperlist.push_back(hypert); + } } break; } case 6: { ReadBlock(_hwpInfo.back_info.reserved1, 8); - _hwpInfo.back_info.luminance = Read4b(); - _hwpInfo.back_info.contrast = Read4b(); - _hwpInfo.back_info.effect = sal::static_int_cast(Read1b()); + if (!Read4b(_hwpInfo.back_info.luminance)) + return; + if (!Read4b(_hwpInfo.back_info.contrast)) + return; + if (!Read1b(_hwpInfo.back_info.effect)) + return; ReadBlock(_hwpInfo.back_info.reserved2, 7); ReadBlock(_hwpInfo.back_info.filename, 260); ReadBlock(_hwpInfo.back_info.color, 3); - unsigned short nFlag = sal::static_int_cast(Read2b()); + unsigned short nFlag; + if (!Read2b(nFlag)) + return; _hwpInfo.back_info.flag = nFlag >> 8 ; - int nRange = Read4b(); + int nRange; + if (!Read4b(nRange)) + return; _hwpInfo.back_info.range = nRange >> 24; ReadBlock(_hwpInfo.back_info.reserved3, 27); - _hwpInfo.back_info.size = Read4b(); + if (!Read4b(_hwpInfo.back_info.size)) + return; _hwpInfo.back_info.data = new char[(unsigned int)_hwpInfo.back_info.size]; ReadBlock(_hwpInfo.back_info.data, _hwpInfo.back_info.size); @@ -654,7 +677,8 @@ int HWPFile::compareParaShape(ParaShape *shape) shape->outline == pshape->outline && shape->pagebreak == pshape->pagebreak) { - if( shape->cshape->size == pshape->cshape->size && + if( shape->cshape && pshape->cshape && + shape->cshape->size == pshape->cshape->size && shape->cshape->font[0] == pshape->cshape->font[0] && shape->cshape->ratio[0] == pshape->cshape->ratio[0] && shape->cshape->space[0] == pshape->cshape->space[0] && diff --git a/hwpfilter/source/hwpfile.h b/hwpfilter/source/hwpfile.h index 82ba103a991e..b28c2a440743 100644 --- a/hwpfilter/source/hwpfile.h +++ b/hwpfilter/source/hwpfile.h @@ -124,15 +124,17 @@ class DLLEXPORT HWPFile /** * Reads one byte from HIODev */ - int Read1b( void ); + bool Read1b(char &out); + bool Read1b(unsigned char &out); /** * Reads two byte from HIODev */ - int Read2b( void ); + bool Read2b(unsigned short &out); /** * Reads four byte from HIODev */ - long Read4b( void ); + bool Read4b(unsigned int &out); + bool Read4b(int &out); /** * Reads nmemb byte array from HIODev */ @@ -191,7 +193,7 @@ class DLLEXPORT HWPFile /** * Reads additional information like embedded image of hwp file from HIODev */ - bool TagsRead(void); + void TagsRead(); enum Paper { diff --git a/hwpfilter/source/hwplib.h b/hwpfilter/source/hwplib.h index 1adb748d960c..87a5bf9f936d 100644 --- a/hwpfilter/source/hwplib.h +++ b/hwpfilter/source/hwplib.h @@ -34,22 +34,11 @@ typedef int hunit; typedef unsigned char kchar; #endif // _HCHAR_ -#if !defined(WIN32) -#if !defined(_BOOL_T_) && !defined(OS2) -typedef unsigned short BOOL; -#endif /* _BOOL_T_ */ -typedef unsigned short WORD; -typedef int SIZE; -typedef unsigned long DWORD; -typedef long LONG; -#endif /* WIN32 */ - #ifndef _UTYPE_ #define _UTYPE_ typedef unsigned char uchar; typedef unsigned short ushort; typedef unsigned int uint; -typedef unsigned long ulong; #endif /* _UTYPE_ */ typedef ::std::basic_string hchar_string; diff --git a/hwpfilter/source/hwpread.cxx b/hwpfilter/source/hwpread.cxx index d72e919556eb..dbc49159af49 100644 --- a/hwpfilter/source/hwpread.cxx +++ b/hwpfilter/source/hwpread.cxx @@ -61,12 +61,12 @@ bool SkipData::Read(HWPFile & hwpf) // Field code(5) bool FieldCode::Read(HWPFile & hwpf) { - ulong size; + uint size; hchar dummy; - ulong len1; /* hchar타입의 문자열 테이터 #1의 길이 */ - ulong len2; /* hchar타입의 문자열 테이터 #2의 길이 */ - ulong len3; /* hchar타입의 문자열 테이터 #3의 길이 */ - ulong binlen; /* 임의 형식의 바이너리 데이타 길이 */ + uint len1; /* hchar타입의 문자열 테이터 #1의 길이 */ + uint len2; /* hchar타입의 문자열 테이터 #2의 길이 */ + uint len3; /* hchar타입의 문자열 테이터 #3의 길이 */ + uint binlen; /* 임의 형식의 바이너리 데이타 길이 */ hwpf.Read4b(&size, 1); hwpf.Read2b(&dummy, 1); @@ -79,9 +79,9 @@ bool FieldCode::Read(HWPFile & hwpf) hwpf.Read4b(&len3, 1); hwpf.Read4b(&binlen, 1); - ulong const len1_ = ((len1 > 1024) ? 1024 : len1) / sizeof(hchar); - ulong const len2_ = ((len2 > 1024) ? 1024 : len2) / sizeof(hchar); - ulong const len3_ = ((len3 > 1024) ? 1024 : len3) / sizeof(hchar); + uint const len1_ = ((len1 > 1024) ? 1024 : len1) / sizeof(hchar); + uint const len2_ = ((len2 > 1024) ? 1024 : len2) / sizeof(hchar); + uint const len3_ = ((len3 > 1024) ? 1024 : len3) / sizeof(hchar); str1 = new hchar[len1_ ? len1_ : 1]; str2 = new hchar[len2_ ? len2_ : 1]; @@ -114,14 +114,14 @@ bool FieldCode::Read(HWPFile & hwpf) return true; } - // book mark(6) bool Bookmark::Read(HWPFile & hwpf) { long len; hwpf.Read4b(&len, 1); - dummy = sal::static_int_cast(hwpf.Read2b()); + if (!hwpf.Read2b(dummy)) + return false; if (!(len == 34))// 2 * (BMK_COMMENT_LEN + 1) + 2 { @@ -133,31 +133,28 @@ bool Bookmark::Read(HWPFile & hwpf) hwpf.Read2b(id, BMK_COMMENT_LEN + 1); hwpf.Read2b(&type, 1); -//return hwpf.Read2b(&type, 1); return true; } - // date format(7) - bool DateFormat::Read(HWPFile & hwpf) { hwpf.Read2b(format, DATE_SIZE); - dummy = sal::static_int_cast(hwpf.Read2b()); + if (!hwpf.Read2b(dummy)) + return false; if (!(hh == dummy && CH_DATE_FORM == dummy)){ return hwpf.SetState(HWP_InvalidFileFormat); } return true; } - // date code(8) - bool DateCode::Read(HWPFile & hwpf) { hwpf.Read2b(format, DATE_SIZE); hwpf.Read2b(date, 6); - dummy = sal::static_int_cast(hwpf.Read2b()); + if (!hwpf.Read2b(dummy)) + return false; if (!(hh == dummy && CH_DATE_CODE == dummy)){ return hwpf.SetState(HWP_InvalidFileFormat); } @@ -165,30 +162,30 @@ bool DateCode::Read(HWPFile & hwpf) return true; } - // tab(9) - bool Tab::Read(HWPFile & hwpf) { - width = hwpf.Read2b(); - leader = sal::static_int_cast(hwpf.Read2b()); - dummy = sal::static_int_cast(hwpf.Read2b()); + unsigned short tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + width = tmp16; + if (!hwpf.Read2b(leader)) + return false; + if (!hwpf.Read2b(dummy)) + return false; if (!(hh == dummy && CH_TAB == dummy)){ return hwpf.SetState(HWP_InvalidFileFormat); } return true; } - // tbox(10) TABLE BOX MATH BUTTON HYPERTEXT - static void UpdateBBox(FBox * fbox) { fbox->boundsy = fbox->pgy; fbox->boundey = fbox->pgy + fbox->ys - 1; } - void Cell::Read(HWPFile & hwpf) { hwpf.Read2b(&p, 1); @@ -413,10 +410,19 @@ bool Picture::Read(HWPFile & hwpf) hwpf.Read1b(&pictype, 1); /* 그림종류 */ - skip[0] = (short) hwpf.Read2b(); /* 그림에서 실제 표시를 시작할 위치 가로 */ - skip[1] = (short) hwpf.Read2b(); /* 세로 */ - scale[0] = (short) hwpf.Read2b(); /* 확대비율 : 0 고정, 이외 퍼센트 단위 가로 */ - scale[1] = (short) hwpf.Read2b(); /* 세로 */ + unsigned short tmp16; + if (!hwpf.Read2b(tmp16)) /* 그림에서 실제 표시를 시작할 위치 가로 */ + return false; + skip[0] = tmp16; + if (!hwpf.Read2b(tmp16)) /* 세로 */ + return false; + skip[0] = tmp16; + if (!hwpf.Read2b(tmp16)) /* 확대비율 : 0 고정, 이외 퍼센트 단위 가로 */ + return false; + scale[0] = tmp16; + if (!hwpf.Read2b(tmp16)) /* 세로 */ + return false; + scale[1] = tmp16; hwpf.Read1b(picinfo.picun.path, 256); /* 그림파일 이름 : 종류가 Drawing이 아닐때. */ hwpf.Read1b(reserved3, 9); /* 밝기/명암/그림효과 등 */ @@ -602,7 +608,10 @@ bool Footnote::Read(HWPFile & hwpf) hwpf.Read1b(info, 8); hwpf.Read2b(&number, 1); hwpf.Read2b(&type, 1); - width = (short) hwpf.Read2b(); + unsigned short tmp16; + if (!hwpf.Read2b(tmp16)) + return false; + width = tmp16; hwpf.ReadParaList(plist, CH_FOOTNOTE); return !hwpf.State(); -- cgit