mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sot: don't leak uninitialized memory into temp file

Browse Source 
Both valgrind and drmemory complain about this in
SdExportTest::testSwappedOutImageExport() via
SfxOleThumbnailProperty::ImplSave().

 Syscall param pwrite64(buf) points to uninitialised byte(s)

 UNINITIALIZED READ: reading 0x0455b1b4-0x0455b1c8 20 byte(s) within...

It appears that the stream writes out everything up to the seek position
anyway (otherwise the size check wouldn't work, with sparse files)
so make sure it's all zeroed.

Also fix SvMemoryStream::ReAllocateMemory() to zero it.

Change-Id: Id86dfa65ef6f7d1bba4810f121e01473c5fcf4c7
This commit is contained in:
Michael Stahl 2015-08-29 00:29:35 +02:00
parent 0c191e2b75
commit 6a223b9acf
2 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
sot/source/sdstor/stgstrms.cxx
View File

@ -1188,9 +1188,9 @@ void StgTmpStrm::SetSize(sal_uInt64 n)
SvFileStream* s = new SvFileStream( aName, STREAM_READWRITE ); SvFileStream* s = new SvFileStream( aName, STREAM_READWRITE );
sal_uLong nCur = Tell(); sal_uLong nCur = Tell();
sal_uLong i = nEndOfData; sal_uLong i = nEndOfData;
std::unique_ptr<sal_uInt8[]> p(new sal_uInt8[ 4096 ]);
if( i ) if( i )
{ {
std::unique_ptr<sal_uInt8[]> p(new sal_uInt8[ 4096 ]);
Seek( 0L ); Seek( 0L );
while( i ) while( i )
{ {
@ -1207,8 +1207,17 @@ void StgTmpStrm::SetSize(sal_uInt64 n)
// We have to write one byte at the end of the file // We have to write one byte at the end of the file
// if the file is bigger than the memstream to see // if the file is bigger than the memstream to see
// if it fits on disk // if it fits on disk
s->Seek( n - 1 ); s->Seek(nEndOfData);
s->Write( &i, 1 ); memset(p.get(), 0x00, 4096);
i = n - nEndOfData;
while (i)
{
sal_uLong const nb = (i > 4096) ? 4096 : i;
if (s->Write(p.get(), nb) == nb)
i -= nb;
else
break; // error
}
s->Flush(); s->Flush();
if( s->GetError() != SVSTREAM_OK ) if( s->GetError() != SVSTREAM_OK )
i = 1; i = 1;

8
tools/source/stream/stream.cxx
View File

@ -1899,9 +1899,13 @@ bool SvMemoryStream::ReAllocateMemory( long nDiff )
if( nEndOfData >= nNewSize ) if( nEndOfData >= nNewSize )
nEndOfData = nNewSize-1L; nEndOfData = nNewSize-1L;
} }
else if (nSize != 0) else
{ {
memcpy( pNewBuf, pBuf, (size_t)nSize ); if (nSize != 0)
{
memcpy( pNewBuf, pBuf, (size_t)nSize );
}
memset(pNewBuf + nSize, 0x00, nNewSize - nSize);
} }
FreeMemory(); FreeMemory();