[libreoffice/f20] Resolves: rhbz#1089207 crash in OOXML import
Michael Stahl
mstahl at fedoraproject.org
Tue Jul 1 13:45:08 UTC 2014
commit 1935b44a2545dfbcfd1a7910b228845f888688ec
Author: Michael Stahl <mstahl at redhat.com>
Date: Tue Jul 1 15:44:58 2014 +0200
Resolves: rhbz#1089207 crash in OOXML import
0001-Check-for-empty-before-calling-top.patch | 33 ++++++++++
...o-further-and-pop-the-stack-if-it-s-empty.patch | 34 ++++++++++
...ast-parser-instance-for-each-XML-fragment.patch | 65 ++++++++++++++++++++
libreoffice.spec | 8 ++-
4 files changed, 139 insertions(+), 1 deletions(-)
---
diff --git a/0001-Check-for-empty-before-calling-top.patch b/0001-Check-for-empty-before-calling-top.patch
new file mode 100644
index 0000000..80ebd3d
--- /dev/null
+++ b/0001-Check-for-empty-before-calling-top.patch
@@ -0,0 +1,33 @@
+From 8f59c9b4858cde1352eb60b2a3fe22853813b287 Mon Sep 17 00:00:00 2001
+From: Kohei Yoshida <kohei.yoshida at collabora.com>
+Date: Mon, 30 Jun 2014 14:01:16 -0400
+Subject: [PATCH 1/3] Check for empty() before calling top().
+
+Else it might crash sometimes.
+
+Change-Id: I6a24fff83c3d36346debae5c0f2b8c0646a15c01
+(cherry picked from commit 3f177756dbdb67d901453000c3f11694770d2761)
+Reviewed-on: https://gerrit.libreoffice.org/9991
+Tested-by: Michael Stahl <mstahl at redhat.com>
+Reviewed-by: Michael Stahl <mstahl at redhat.com>
+---
+ sax/source/fastparser/fastparser.cxx | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sax/source/fastparser/fastparser.cxx b/sax/source/fastparser/fastparser.cxx
+index 0cfdb14..577f414 100644
+--- a/sax/source/fastparser/fastparser.cxx
++++ b/sax/source/fastparser/fastparser.cxx
+@@ -682,6 +682,9 @@ sal_Int32 FastSaxParserImpl::GetTokenWithPrefix( const sal_Char*pPrefix, int nPr
+ sal_Int32 nNamespaceToken = FastToken::DONTKNOW;
+
+ Entity& rEntity = getEntity();
++ if (rEntity.maNamespaceCount.empty())
++ return nNamespaceToken;
++
+ sal_uInt32 nNamespace = rEntity.maNamespaceCount.top();
+ while( nNamespace-- )
+ {
+--
+1.9.3
+
diff --git a/0002-Don-t-go-further-and-pop-the-stack-if-it-s-empty.patch b/0002-Don-t-go-further-and-pop-the-stack-if-it-s-empty.patch
new file mode 100644
index 0000000..9cdb86f
--- /dev/null
+++ b/0002-Don-t-go-further-and-pop-the-stack-if-it-s-empty.patch
@@ -0,0 +1,34 @@
+From 45c73dfd98321dd1977cfa7b7cfb3a92c1fb9a29 Mon Sep 17 00:00:00 2001
+From: Kohei Yoshida <kohei.yoshida at collabora.com>
+Date: Mon, 30 Jun 2014 13:43:55 -0400
+Subject: [PATCH 2/3] Don't go further and pop the stack if it's empty.
+
+Change-Id: I27bd30ca65cf0066cd022b4b060757913ea01fed
+(cherry picked from commit 3ede68e1cc879e6adbf6336eccaf88ced974b8b6)
+Reviewed-on: https://gerrit.libreoffice.org/9989
+Tested-by: Michael Stahl <mstahl at redhat.com>
+Reviewed-by: Michael Stahl <mstahl at redhat.com>
+---
+ sax/source/fastparser/fastparser.cxx | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/sax/source/fastparser/fastparser.cxx b/sax/source/fastparser/fastparser.cxx
+index 577f414..4ddbd2a 100644
+--- a/sax/source/fastparser/fastparser.cxx
++++ b/sax/source/fastparser/fastparser.cxx
+@@ -492,6 +492,12 @@ void Entity::characters( const OUString& sChars )
+
+ void Entity::endElement()
+ {
++ if (maContextStack.empty())
++ {
++ // Malformed XML stream !?
++ return;
++ }
++
+ const SaxContext& aContext = maContextStack.top();
+ const Reference< XFastContextHandler >& xContext( aContext.mxContext );
+ if( xContext.is() ) try
+--
+1.9.3
+
diff --git a/0003-Use-a-new-fast-parser-instance-for-each-XML-fragment.patch b/0003-Use-a-new-fast-parser-instance-for-each-XML-fragment.patch
new file mode 100644
index 0000000..fca73a2
--- /dev/null
+++ b/0003-Use-a-new-fast-parser-instance-for-each-XML-fragment.patch
@@ -0,0 +1,65 @@
+From c14063522433306c9b7f598b623d54fefd2a443d Mon Sep 17 00:00:00 2001
+From: Kohei Yoshida <kohei.yoshida at collabora.com>
+Date: Mon, 30 Jun 2014 20:03:28 -0400
+Subject: [PATCH 3/3] Use a new fast parser instance for each XML fragment.
+
+Otherwise a crash ensues when the threaded XML parsing kicks in.
+
+Change-Id: Ic41e5a29bbb860d7b63b70f2f0d8896264d9d53e
+(cherry picked from commit dc93074f71f91efd8a615ad8f1a5289deb210b75)
+Reviewed-on: https://gerrit.libreoffice.org/10003
+Tested-by: Michael Stahl <mstahl at redhat.com>
+Reviewed-by: Michael Stahl <mstahl at redhat.com>
+---
+ oox/source/core/xmlfilterbase.cxx | 6 +++++-
+ sax/source/fastparser/fastparser.cxx | 3 +++
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/oox/source/core/xmlfilterbase.cxx b/oox/source/core/xmlfilterbase.cxx
+index cf996eb..1608aed 100644
+--- a/oox/source/core/xmlfilterbase.cxx
++++ b/oox/source/core/xmlfilterbase.cxx
+@@ -158,6 +158,7 @@ struct XmlFilterBaseImpl
+ {
+ typedef RefMap< OUString, Relations > RelationsMap;
+
++ Reference<XComponentContext> mxContext;
+ FastParser maFastParser;
+ const OUString maBinSuffix;
+ const OUString maVmlSuffix;
+@@ -170,6 +171,7 @@ struct XmlFilterBaseImpl
+
+
+ XmlFilterBaseImpl::XmlFilterBaseImpl( const Reference< XComponentContext >& rxContext ) throw( RuntimeException ) :
++ mxContext(rxContext),
+ maFastParser( rxContext ),
+ maBinSuffix( ".bin" ),
+ maVmlSuffix( ".vml" )
+@@ -268,7 +270,9 @@ OUString XmlFilterBase::getFragmentPathFromFirstTypeFromOfficeDoc( const OUStrin
+
+ bool XmlFilterBase::importFragment( const rtl::Reference<FragmentHandler>& rxHandler )
+ {
+- return importFragment(rxHandler, mxImpl->maFastParser);
++ FastParser aParser(mxImpl->mxContext);
++ registerNamespaces(aParser);
++ return importFragment(rxHandler, aParser);
+ }
+
+ bool XmlFilterBase::importFragment( const rtl::Reference<FragmentHandler>& rxHandler, FastParser& rParser )
+diff --git a/sax/source/fastparser/fastparser.cxx b/sax/source/fastparser/fastparser.cxx
+index 4ddbd2a..e10ce3f 100644
+--- a/sax/source/fastparser/fastparser.cxx
++++ b/sax/source/fastparser/fastparser.cxx
+@@ -1042,6 +1042,9 @@ void FastSaxParserImpl::produce( CallbackType aType )
+
+ bool FastSaxParserImpl::hasNamespaceURL( const OUString& rPrefix ) const
+ {
++ if (maEntities.empty())
++ return false;
++
+ const Entity& rEntity = getEntity();
+
+ if (rEntity.maNamespaceCount.empty())
+--
+1.9.3
+
diff --git a/libreoffice.spec b/libreoffice.spec
index 6b37033..68cf044 100644
--- a/libreoffice.spec
+++ b/libreoffice.spec
@@ -36,7 +36,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice
Epoch: 1
Version: %{libo_version}.2
-Release: 2%{?libo_prerelease}%{?dist}
+Release: 3%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and Artistic and MPLv2.0
Group: Applications/Productivity
URL: http://www.libreoffice.org/
@@ -297,6 +297,9 @@ Patch39: 0001-Resolves-rhbz-1104068-crash-converting-fontwork-to-c.patch
Patch40: 0001-rhbz-1105376-move-FlatODF-filter-config-to-right-pla.patch
Patch41: 0001-move-UOF-and-Office-2003-filters-to-xsltfilter-modul.patch
Patch42: 0001-fix-detection-of-Salesforce-html.patch
+Patch43: 0001-Check-for-empty-before-calling-top.patch
+Patch44: 0002-Don-t-go-further-and-pop-the-stack-if-it-s-empty.patch
+Patch45: 0003-Use-a-new-fast-parser-instance-for-each-XML-fragment.patch
%define instdir %{_libdir}
%define baseinstdir %{instdir}/libreoffice
@@ -2247,6 +2250,9 @@ update-desktop-database %{_datadir}/applications &> /dev/null || :
%endif
%changelog
+* Tue Jul 01 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.2.5.2-3-UNBUILT
+- Resolves: rhbz#1089207 crash in OOXML import
+
* Tue Jul 01 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.2.5.2-2
- fix detection of salesforce html pretending to be .xls by stripping
leading whitespace before <!DOCTYPE line
More information about the scm-commits
mailing list