Bug#603868: Don't try to unpack empty associated strings

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#603868: Don't try to unpack empty associated strings
From: Olly Betts <olly@survex.com>
Date: Thu, 18 Nov 2010 12:55:43 +1300
Message-id: <[🔎] 20101117235543.GA21974@eisluft>
Reply-to: Olly Betts <olly@survex.com>, 603868@bugs.debian.org

Package: wv2
Version: 0.4.2.dfsg.1-1
Severity: normal
Tags: patch

If the length of the associated strings section is 0, libwv2 currently tries to
unpack it anyway, which tries to interpret whatever is after that point in the
files as a table of strings.  In some cases (such as the attached example
document) this results in garbage values for the metadata.

I've attached a patch to fix this by special casing when this size is 0.

I created the test document from scratch - I'm happy to license it under the
same licence as libwv2 if someone wants to use it in a testsuite.

Cheers,
    Olly

diff -ru wv2-0.4.2.dfsg.1/src/associatedstrings.cpp wv2-0.4.2.dfsg.1-tweaked/src/associatedstrings.cpp
--- wv2-0.4.2.dfsg.1/src/associatedstrings.cpp	2009-11-01 04:52:43.000000000 +1030
+++ wv2-0.4.2.dfsg.1-tweaked/src/associatedstrings.cpp	2010-11-17 22:28:50.263808931 +1030
@@ -27,6 +27,10 @@
 AssociatedStrings::AssociatedStrings( U32 fcSttbfAssoc, U32 lcbSttbfAssoc, U16 lid, OLEStreamReader* tableStream ) :
     m_sttbf( 0 )
 {
+    if ( lcbSttbfAssoc == 0 ) {
+	m_sttbf = new STTBF();
+	return;
+    }
     tableStream->push();
     tableStream->seek( fcSttbfAssoc );
     m_sttbf = new STTBF( lid, tableStream );
diff -ru wv2-0.4.2.dfsg.1/src/word_helper.cpp wv2-0.4.2.dfsg.1-tweaked/src/word_helper.cpp
--- wv2-0.4.2.dfsg.1/src/word_helper.cpp	2009-11-01 04:52:43.000000000 +1030
+++ wv2-0.4.2.dfsg.1-tweaked/src/word_helper.cpp	2010-11-17 22:27:14.126649654 +1030
@@ -24,6 +24,10 @@
 namespace wvWare
 {
 
+    STTBF::STTBF() : m_extraDataLength( 0 )
+    {
+    }
+
     STTBF::STTBF( U16 lid, OLEStreamReader* reader, bool preservePos )
     {
         if ( preservePos )
diff -ru wv2-0.4.2.dfsg.1/src/word_helper.h wv2-0.4.2.dfsg.1-tweaked/src/word_helper.h
--- wv2-0.4.2.dfsg.1/src/word_helper.h	2009-11-01 04:52:43.000000000 +1030
+++ wv2-0.4.2.dfsg.1-tweaked/src/word_helper.h	2010-11-17 22:25:41.591053581 +1030
@@ -44,6 +44,7 @@
     class STTBF
     {
     public:
+        STTBF();
         STTBF( U16 lid, OLEStreamReader* reader, bool preservePos = false );
         STTBF( U16 lid, const U8* ptr );
         STTBF( const STTBF& rhs );

Attachment: test97.doc
Description: MS-Word document

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Bug#603790: man page for akregator
Next by Date: Bug#603871: Build with debugging messages disabled
Previous by thread: Bug#603790: man page for akregator
Next by thread: Bug#603871: Build with debugging messages disabled
Index(es):
- Date
- Thread