RICHED20: truncation and elongation fixes

Mon Oct 3 09:32:21 CDT 2005

ChangeLog:
 * Remove another potential sources of infinite loops caused by EOF in 
the middle of the font and color tables
 * Closing brace on text level is treated as EOF (effectively protecting 
the control from trash after the end of RTF)
 * Removed misleading comment about incomplete buffers (I was definitely 
wrong)

Hope it's OK this time - I've tried to run it on some truncated RTF and 
it looks like it works. Testing on usual suspects seems to have 
confirmed that.

Krzysztof

-------------- next part --------------
Index: reader.c
===================================================================
RCS file: /home/wine/wine/dlls/riched20/reader.c,v
retrieving revision 1.18
diff -u -r1.18 reader.c

--- reader.c	26 Sep 2005 09:53:49 -0000	1.18
+++ reader.c	3 Oct 2005 13:45:25 -0000
@@ -127,13 +127,6 @@
 
 	TRACE("\n");
 
-	/* Doc says, that if the last buffer wasn't full, it's EOF.
-	Actually, that's not true. */
-/*
-	if (stream->dwSize > 0 && stream->dwSize == stream->dwUsed
-            && stream->dwSize < sizeof(stream->buffer))
-		return EOF;
-*/
 	if (stream->dwSize <= stream->dwUsed)
 	{
                 ME_StreamInFill(stream);
@@ -455,6 +448,10 @@
 	RTFFuncPtr	p;
 
 	TRACE("\n");
+	/* don't try to return anything once EOF is reached */
+	if (info->rtfClass == rtfEOF) {
+		return rtfEOF;
+	}
 
 	for (;;)
 	{
@@ -885,6 +882,8 @@
 	for (;;)
 	{
 		RTFGetToken (info);
+		if (info->rtfClass == rtfEOF)
+			break;
 		if (RTFCheckCM (info, rtfGroup, rtfEndGroup))
 			break;
 		if (old < 0)		/* first entry - determine tbl type */
@@ -901,6 +900,8 @@
 			if (!RTFCheckCM (info, rtfGroup, rtfBeginGroup))
 				RTFPanic (info, "%s: missing \"{\"", fn);
 			RTFGetToken (info);	/* yes, skip to next token */
+			if (info->rtfClass == rtfEOF)
+				break;
 		}
 		fp = New (RTFFont);
 		if (fp == NULL)
@@ -1002,12 +1003,18 @@
 							fn,info->rtfTextBuf);
 			}
 			RTFGetToken (info);
+			if (info->rtfClass == rtfEOF)
+				break;
 		}
+		if (info->rtfClass == rtfEOF)
+			break;
 		if (old == 0)	/* need to see "}" here */
 		{
 			RTFGetToken (info);
 			if (!RTFCheckCM (info, rtfGroup, rtfEndGroup))
 				RTFPanic (info, "%s: missing \"}\"", fn);
+			if (info->rtfClass == rtfEOF)
+				break;
 		}
 
                 /* Apply the real properties of the default font */
@@ -1055,6 +1062,8 @@
 	for (;;)
 	{
 		RTFGetToken (info);
+		if (info->rtfClass == rtfEOF)
+			break;
 		if (RTFCheckCM (info, rtfGroup, rtfEndGroup))
 			break;
 		cp = New (RTFColor);
@@ -1074,6 +1083,8 @@
 			}
 			RTFGetToken (info);
 		}
+		if (info->rtfClass == rtfEOF)
+			break;
 		if (!RTFCheckCM (info, rtfText, ';'))
 			RTFPanic (info,"%s: malformed entry", fn);
 	}
Index: editor.c
===================================================================
RCS file: /home/wine/wine/dlls/riched20/editor.c,v
retrieving revision 1.58
diff -u -r1.58 editor.c
--- editor.c	3 Oct 2005 11:03:48 -0000	1.58
+++ editor.c	3 Oct 2005 13:45:25 -0000
@@ -483,7 +483,12 @@
         {
           ME_Style *s;
           RTFFlushOutputBuffer(info);
+          if (info->stackTop<=1) {
+            info->rtfClass = rtfEOF;
+            return;
+          }
           info->stackTop--;
+          assert(info->stackTop >= 0);
           if (info->styleChanged)
           {
             /* FIXME too slow ? how come ? */
