[koffice/f16] backport msword-odf filter overflow fix

[Rex Dieter]

commit 249c65108cc01252d09a62b8f4b853a80122ae24
Author: Rex Dieter <rdieter at fedoraproject.org>
Date:   Sun Aug 5 17:18:01 2012 -0500

    backport msword-odf filter overflow fix

 koffice-2.3.3-msword_filter_overflow.patch |   15 +++++++++++++++
 koffice.spec                               |    9 ++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)
---
diff --git a/koffice-2.3.3-msword_filter_overflow.patch b/koffice-2.3.3-msword_filter_overflow.patch
new file mode 100644
index 0000000..9e36bdf
--- /dev/null
+++ b/koffice-2.3.3-msword_filter_overflow.patch
@@ -0,0 +1,15 @@
+diff -up koffice-2.3.3/filters/kword/msword-odf/wv2/src/styles.cpp.fix_overflow koffice-2.3.3/filters/kword/msword-odf/wv2/src/styles.cpp
+--- koffice-2.3.3/filters/kword/msword-odf/wv2/src/styles.cpp.fix_overflow	2011-02-17 06:12:35.000000000 -0600
++++ koffice-2.3.3/filters/kword/msword-odf/wv2/src/styles.cpp	2012-08-05 17:12:39.742921542 -0500
+@@ -193,6 +193,11 @@ bool STD::read( U16 baseSize, U16 totalS
+ #ifdef WV2_DEBUG_STYLESHEET
+         wvlog << "cbUPX: " << cbUPX << endl;
+ #endif
++        // do not overflow the allocated buffer grupx
++        if (offset + cbUPX > grupxLen) {
++            wvlog << "====> Error: grupx would overflow!" << endl;
++            return false;
++        }
+         for ( U16 j = 0; j < cbUPX; ++j ) {
+             grupx[ offset + j ] = stream->readU8();  // read the whole UPX
+ #ifdef WV2_DEBUG_STYLESHEET
diff --git a/koffice.spec b/koffice.spec
index b5feae5..905f180 100644
--- a/koffice.spec
+++ b/koffice.spec
@@ -14,7 +14,7 @@
 Name:           koffice
 Epoch:          3 
 Version:        2.3.3
-Release:        21%{?dist}
+Release:        22%{?dist}
 Summary:        An integrated office suite
 
 Group:          Applications/Productivity
@@ -43,6 +43,8 @@ Patch102: http://kexi-project.org/download/patches/2.3/fix-form-color-properties
 # 
 Patch103: http://kexi-project.org/download/patches/2.3/fix-crash-in-kexidb-queries-2.3.patch
 Patch104: koffice-2.3.3-krita_fitscreen.patch
+# 
+Patch105: koffice-2.3.3-msword_filter_overflow.patch
 
 #-- The following OPTIONAL packages could NOT be located on your system.
 #-- Consider installing them to enable more features from this software.
@@ -56,8 +58,6 @@ Patch104: koffice-2.3.3-krita_fitscreen.patch
 #   * LibRCPS (0.3 or higher)  <http://www.librcps.org>
 #     Resource Conflict Project Scheduling Library
 #     Required by KPlato RCPS Plugin
-#   * LittleCMS (2.0 or higher)  <http://www.littlecms.com>
-#     Color management engine
 #     Required for color management and Krita
 #   * Spnav  <http://spacenav.sourceforge.net/>
 #     3Dconnexion device driver and SDK
@@ -1223,6 +1223,9 @@ fi
 
 
 %changelog
+* Sun Aug 05 2012 Rex Dieter <rdieter at fedoraproject.org> 3:2.3.3-22
+- backport msword-odf filter overflow fix
+
 * Sat Feb 11 2012 Rex Dieter <rdieter at fedoraproject.org> 3:2.3.3-21 
 - backport krita_fitscreen patch (#788327)