[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#603868: marked as done (Don't try to unpack empty associated strings)

Your message dated Wed, 30 Nov 2011 12:48:19 +0000
with message-id <E1RVjaF-0004es-E8@franck.debian.org>
and subject line Bug#603868: fixed in wv2 0.4.2.dfsg.1-1.1
has caused the Debian Bug report #603868,
regarding Don't try to unpack empty associated strings
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
603868: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603868
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: wv2
Version: 0.4.2.dfsg.1-1
Severity: normal
Tags: patch

If the length of the associated strings section is 0, libwv2 currently tries to
unpack it anyway, which tries to interpret whatever is after that point in the
files as a table of strings.  In some cases (such as the attached example
document) this results in garbage values for the metadata.

I've attached a patch to fix this by special casing when this size is 0.

I created the test document from scratch - I'm happy to license it under the
same licence as libwv2 if someone wants to use it in a testsuite.

Cheers,
    Olly

diff -ru wv2-0.4.2.dfsg.1/src/associatedstrings.cpp wv2-0.4.2.dfsg.1-tweaked/src/associatedstrings.cpp
--- wv2-0.4.2.dfsg.1/src/associatedstrings.cpp	2009-11-01 04:52:43.000000000 +1030
+++ wv2-0.4.2.dfsg.1-tweaked/src/associatedstrings.cpp	2010-11-17 22:28:50.263808931 +1030
@@ -27,6 +27,10 @@
 AssociatedStrings::AssociatedStrings( U32 fcSttbfAssoc, U32 lcbSttbfAssoc, U16 lid, OLEStreamReader* tableStream ) :
     m_sttbf( 0 )
 {
+    if ( lcbSttbfAssoc == 0 ) {
+	m_sttbf = new STTBF();
+	return;
+    }
     tableStream->push();
     tableStream->seek( fcSttbfAssoc );
     m_sttbf = new STTBF( lid, tableStream );
diff -ru wv2-0.4.2.dfsg.1/src/word_helper.cpp wv2-0.4.2.dfsg.1-tweaked/src/word_helper.cpp
--- wv2-0.4.2.dfsg.1/src/word_helper.cpp	2009-11-01 04:52:43.000000000 +1030
+++ wv2-0.4.2.dfsg.1-tweaked/src/word_helper.cpp	2010-11-17 22:27:14.126649654 +1030
@@ -24,6 +24,10 @@
 namespace wvWare
 {
 
+    STTBF::STTBF() : m_extraDataLength( 0 )
+    {
+    }
+
     STTBF::STTBF( U16 lid, OLEStreamReader* reader, bool preservePos )
     {
         if ( preservePos )
diff -ru wv2-0.4.2.dfsg.1/src/word_helper.h wv2-0.4.2.dfsg.1-tweaked/src/word_helper.h
--- wv2-0.4.2.dfsg.1/src/word_helper.h	2009-11-01 04:52:43.000000000 +1030
+++ wv2-0.4.2.dfsg.1-tweaked/src/word_helper.h	2010-11-17 22:25:41.591053581 +1030
@@ -44,6 +44,7 @@
     class STTBF
     {
     public:
+        STTBF();
         STTBF( U16 lid, OLEStreamReader* reader, bool preservePos = false );
         STTBF( U16 lid, const U8* ptr );
         STTBF( const STTBF& rhs );

Attachment: test97.doc
Description: MS-Word document

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Source: wv2
Source-Version: 0.4.2.dfsg.1-1.1

We believe that the bug you reported is fixed in the latest version of
wv2, which is due to be installed in the Debian FTP archive:

libwv2-4_0.4.2.dfsg.1-1.1_amd64.deb
  to main/w/wv2/libwv2-4_0.4.2.dfsg.1-1.1_amd64.deb
libwv2-dev_0.4.2.dfsg.1-1.1_amd64.deb
  to main/w/wv2/libwv2-dev_0.4.2.dfsg.1-1.1_amd64.deb
wv2_0.4.2.dfsg.1-1.1.debian.tar.gz
  to main/w/wv2/wv2_0.4.2.dfsg.1-1.1.debian.tar.gz
wv2_0.4.2.dfsg.1-1.1.dsc
  to main/w/wv2/wv2_0.4.2.dfsg.1-1.1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 603868@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Olly Betts <olly@survex.com> (supplier of updated wv2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 30 Nov 2011 12:04:22 +0000
Source: wv2
Binary: libwv2-4 libwv2-dev
Architecture: source amd64
Version: 0.4.2.dfsg.1-1.1
Distribution: sid
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Olly Betts <olly@survex.com>
Description: 
 libwv2-4   - library for accessing Microsoft Word documents
 libwv2-dev - development files for Microsoft Word access library
Closes: 556686 603868 603871
Changes: 
 wv2 (0.4.2.dfsg.1-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Add patch fix-ftbfs-with-gold.patch to fix FTBFS with binutils-gold.
     (Closes: #556686)
   * Add patch fix-handling-empty-associatedstrings.patch to fix handling of
     .doc files with an empty associated strings section. (Closes: #603868)
   * Build with debugging messages disabled. (Closes: #603871)
   * Drop leading article from short description.
   * Actually run the testsuite, don't just build it (needs new patch
     fix-tests.patch)
   * "Standards-Version: 3.9.2":
     + Include the BSD licence in debian/copyright rather than referring to
       /usr/share/common-licenses/BSD.
Checksums-Sha1: 
 42bbc29a4137f8468f1ef49cabb61e430cba09dd 1949 wv2_0.4.2.dfsg.1-1.1.dsc
 79180154a68144a84c7c0659b1f666f9ecf53d67 7272 wv2_0.4.2.dfsg.1-1.1.debian.tar.gz
 5511b85b407c33fd65e9b62bd4d52590586708ec 421824 libwv2-4_0.4.2.dfsg.1-1.1_amd64.deb
 1e40b53311e3772909054cf35ea99d4f6361c32c 101632 libwv2-dev_0.4.2.dfsg.1-1.1_amd64.deb
Checksums-Sha256: 
 d5847e45989fdfc10ccec2004cadd6ad8df4f2c41f2b2ff36598125bc66679d0 1949 wv2_0.4.2.dfsg.1-1.1.dsc
 046b68a2252cce23ab5990e63bcf197b4614eb675c0b2479e5767a54d22bcdb0 7272 wv2_0.4.2.dfsg.1-1.1.debian.tar.gz
 d0c4efd6618f2fde576c3fb8cce8b51fcf6d5077497724121e68b7255b8dea82 421824 libwv2-4_0.4.2.dfsg.1-1.1_amd64.deb
 e502be6723f8f30c5389fc0fbd094506ce3a06d73793109e5a4e14d70927267b 101632 libwv2-dev_0.4.2.dfsg.1-1.1_amd64.deb
Files: 
 49603ee218cb8338068a46d728d6becc 1949 libs optional wv2_0.4.2.dfsg.1-1.1.dsc
 efc4ce6d9fb64adaf9453f95d7606a9b 7272 libs optional wv2_0.4.2.dfsg.1-1.1.debian.tar.gz
 db48c5098ae23c42c35b7fb49d6a099a 421824 libs optional libwv2-4_0.4.2.dfsg.1-1.1_amd64.deb
 797d478b9e2546c3c538c846c1ad03af 101632 libdevel optional libwv2-dev_0.4.2.dfsg.1-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJO1iQoAAoJEBgUewc7rSsH+EQQAIyLjVZBGrVP1IMMbghnXGou
7zwJJBL7tbxs8Bfghe/tfxKDXrnsjtwjvSw1xHo+TuItTLhNWvNI3Auavf7lCOaj
ZuuJi3WzAdInsveTGMnXVFXt9tgf8sdpzyLP4LdPh5BoI/a5K1v9j8WlKes+qH+Y
SoFkmmFEyjEMjjpOZZbEbcSCTQYIPvocVih3N4W+qXYECLF09Nr4Tmfkf2HEJfFl
4yTODK/hG+2GOLP46uMMHbWz5MxHkGmtf/FPlQB7Xs++SHeZ6Ce3RU1V++TSWKul
uzoSpW5adryP2k+QpE1KOcLq1VLxanhtThBlQ4Di+lAnzlXp/lX14Anzhahj38W9
WwTnbN/Ta/LNWsLe7InKVaJ/4S9s6Z1mD+TrD0ERBGInvt7etzXa37wjGnsBlGRM
moiWAwWG3tS+HqYVJni1g2tatSKhpmOS72OL20O2mOoLeCUsK8hDGl67sz/Jpi7C
obIAp+ScnvGh4Ov438aLas8orf4igpzfp+7GFszpG0Ts6gUuh7RLnh6SSLbZAiNd
MDoxSVDwueoIu83l0YKXZ0Cefy7h77Jx3faMNH8Y+vrDN4P8tICFxlph7VvLCL7/
58EMzEsZDUxw+j4GXwCKlJObmxnDiE3aGk9jz0zp+2vLSP4eRqfX5dK8A1HxoY93
xgbspi68zUVROP24PwFj
=CWcv
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: