TianZD
/
QtXlsxWriter
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Prevent while() from causing potential infinite loops 

If xml files don't have proper close tags, don't generate an infinite
loop in our library.
master
Debao Zhang 11 years ago
parent
39483f77d7
commit
11e8d7c48a
8 changed files with 44 additions and 48 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      src/xlsx/xlsxsharedstrings.cpp
  2. 28
      src/xlsx/xlsxstyles.cpp
  3. 18
      src/xlsx/xlsxworksheet.cpp

6
src/xlsx/xlsxsharedstrings.cpp
View File

@ -253,7 +253,7 @@ void SharedStrings::readString(QXmlStreamReader &reader)
RichString richString; RichString richString;
while (!(reader.name() == QLatin1String("si") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("si") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("r")) if (reader.name() == QLatin1String("r"))
@ -274,7 +274,7 @@ void SharedStrings::readRichStringPart(QXmlStreamReader &reader, RichString &ric
QString text; QString text;
Format format; Format format;
while (!(reader.name() == QLatin1String("r") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("r") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("rPr")) { if (reader.name() == QLatin1String("rPr")) {
@ -301,7 +301,7 @@ Format SharedStrings::readRichStringPart_rPr(QXmlStreamReader &reader)
{ {
Q_ASSERT(reader.name() == QLatin1String("rPr")); Q_ASSERT(reader.name() == QLatin1String("rPr"));
Format format; Format format;
while (!(reader.name() == QLatin1String("rPr") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("rPr") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
QXmlStreamAttributes attributes = reader.attributes(); QXmlStreamAttributes attributes = reader.attributes();

28
src/xlsx/xlsxstyles.cpp
View File

@ -749,7 +749,9 @@ bool Styles::readFonts(QXmlStreamReader &reader)
bool Styles::readFont(QXmlStreamReader &reader, Format &format) bool Styles::readFont(QXmlStreamReader &reader, Format &format)
{ {
Q_ASSERT(reader.name() == QLatin1String("font")); Q_ASSERT(reader.name() == QLatin1String("font"));
while((reader.readNextStartElement(), true)) { //read until font endelement. while (!reader.atEnd() && !(reader.tokenType() == QXmlStreamReader::EndElement
&& reader.name() == QLatin1String("font"))) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
QXmlStreamAttributes attributes = reader.attributes(); QXmlStreamAttributes attributes = reader.attributes();
if (reader.name() == QLatin1String("name")) { if (reader.name() == QLatin1String("name")) {
@ -799,9 +801,6 @@ bool Styles::readFont(QXmlStreamReader &reader, Format &format)
format.setProperty(FormatPrivate::P_Font_Scheme, attributes.value(QLatin1String("val")).toString()); format.setProperty(FormatPrivate::P_Font_Scheme, attributes.value(QLatin1String("val")).toString());
} }
} }
if (reader.tokenType() == QXmlStreamReader::EndElement && reader.name() == QLatin1String("font"))
break;
} }
return true; return true;
} }
@ -862,7 +861,8 @@ bool Styles::readFill(QXmlStreamReader &reader, Format &fill)
patternValues[QStringLiteral("lightGrid")] = Format::PatternLightGrid; patternValues[QStringLiteral("lightGrid")] = Format::PatternLightGrid;
} }
while((reader.readNextStartElement(), true)) { //read until fill endelement while (!reader.atEnd() && !(reader.tokenType() == QXmlStreamReader::EndElement && reader.name() == QLatin1String("fill"))) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("patternFill")) { if (reader.name() == QLatin1String("patternFill")) {
QXmlStreamAttributes attributes = reader.attributes(); QXmlStreamAttributes attributes = reader.attributes();
@ -886,9 +886,6 @@ bool Styles::readFill(QXmlStreamReader &reader, Format &fill)
fill.setProperty(FormatPrivate::P_Fill_BgColor, c); fill.setProperty(FormatPrivate::P_Fill_BgColor, c);
} }
} }
if (reader.tokenType() == QXmlStreamReader::EndElement && reader.name() == QLatin1String("fill"))
break;
} }
return true; return true;
@ -939,7 +936,8 @@ bool Styles::readBorder(QXmlStreamReader &reader, Format &border)
else if (isDown) else if (isDown)
border.setDiagonalBorderType(Format::DiagonalBorderDown); border.setDiagonalBorderType(Format::DiagonalBorderDown);
while((reader.readNextStartElement(), true)) { //read until border endelement while (!reader.atEnd() && !(reader.tokenType() == QXmlStreamReader::EndElement && reader.name() == QLatin1String("border"))) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("left") || reader.name() == QLatin1String("right") if (reader.name() == QLatin1String("left") || reader.name() == QLatin1String("right")
|| reader.name() == QLatin1String("top") || reader.name() == QLatin1String("bottom") || reader.name() == QLatin1String("top") || reader.name() == QLatin1String("bottom")
@ -1007,13 +1005,11 @@ bool Styles::readSubBorder(QXmlStreamReader &reader, const QString &name, Format
if (stylesStringsMap.contains(styleString)) { if (stylesStringsMap.contains(styleString)) {
//get style //get style
style = stylesStringsMap[styleString]; style = stylesStringsMap[styleString];
while((reader.readNextStartElement(),true)) { while (!reader.atEnd() && !(reader.tokenType() == QXmlStreamReader::EndElement && reader.name() == name)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("color")) if (reader.name() == QLatin1String("color"))
color.loadFromXml(reader, this); color.loadFromXml(reader, this);
} else if (reader.tokenType() == QXmlStreamReader::EndElement) {
if (reader.name() == name)
break;
} }
} }
} }
@ -1180,7 +1176,7 @@ bool Styles::readDxf(QXmlStreamReader &reader)
{ {
Q_ASSERT(reader.name() == QLatin1String("dxf")); Q_ASSERT(reader.name() == QLatin1String("dxf"));
Format format; Format format;
while (!(reader.name() == QLatin1String("dxf") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("dxf") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("numFmt")) { if (reader.name() == QLatin1String("numFmt")) {
@ -1204,7 +1200,7 @@ bool Styles::readDxf(QXmlStreamReader &reader)
bool Styles::readColors(QXmlStreamReader &reader) bool Styles::readColors(QXmlStreamReader &reader)
{ {
Q_ASSERT(reader.name() == QLatin1String("colors")); Q_ASSERT(reader.name() == QLatin1String("colors"));
while (!(reader.name() == QLatin1String("colors") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("colors") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("indexedColors")) { if (reader.name() == QLatin1String("indexedColors")) {
@ -1220,7 +1216,7 @@ bool Styles::readColors(QXmlStreamReader &reader)
bool Styles::readIndexedColors(QXmlStreamReader &reader) bool Styles::readIndexedColors(QXmlStreamReader &reader)
{ {
Q_ASSERT(reader.name() == QLatin1String("indexedColors")); Q_ASSERT(reader.name() == QLatin1String("indexedColors"));
while (!(reader.name() == QLatin1String("indexedColors") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("indexedColors") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("rgbColor")) { if (reader.name() == QLatin1String("rgbColor")) {

18
src/xlsx/xlsxworksheet.cpp
View File

@ -1795,7 +1795,7 @@ QSharedPointer<Cell> WorksheetPrivate::readNumericCellData(QXmlStreamReader &rea
QString v_str; QString v_str;
QString f_str; QString f_str;
QSharedPointer<Cell> cell; QSharedPointer<Cell> cell;
while (!(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("v")) { if (reader.name() == QLatin1String("v")) {
@ -1833,7 +1833,7 @@ void WorksheetPrivate::readSheetData(QXmlStreamReader &reader)
Q_Q(Worksheet); Q_Q(Worksheet);
Q_ASSERT(reader.name() == QLatin1String("sheetData")); Q_ASSERT(reader.name() == QLatin1String("sheetData"));
while(!(reader.name() == QLatin1String("sheetData") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("sheetData") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
@ -1886,7 +1886,7 @@ void WorksheetPrivate::readSheetData(QXmlStreamReader &reader)
QString type = attributes.value(QLatin1String("t")).toString(); QString type = attributes.value(QLatin1String("t")).toString();
if (type == QLatin1String("s")) { if (type == QLatin1String("s")) {
//string type //string type
while (!(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.name() == QLatin1String("v")) { if (reader.name() == QLatin1String("v")) {
int sst_idx = reader.readElementText().toInt(); int sst_idx = reader.readElementText().toInt();
@ -1900,7 +1900,7 @@ void WorksheetPrivate::readSheetData(QXmlStreamReader &reader)
} }
} else if (type == QLatin1String("inlineStr")) { } else if (type == QLatin1String("inlineStr")) {
//inline string type //inline string type
while (!(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
//:Todo, add rich text read support //:Todo, add rich text read support
@ -1928,7 +1928,7 @@ void WorksheetPrivate::readSheetData(QXmlStreamReader &reader)
} else if (type == QLatin1String("e")) { } else if (type == QLatin1String("e")) {
//error type, such as #DIV/0! #NULL! #REF! etc //error type, such as #DIV/0! #NULL! #REF! etc
QString v_str, f_str; QString v_str, f_str;
while (!(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("v")) if (reader.name() == QLatin1String("v"))
@ -1963,7 +1963,7 @@ void WorksheetPrivate::readColumnsInfo(QXmlStreamReader &reader)
{ {
Q_ASSERT(reader.name() == QLatin1String("cols")); Q_ASSERT(reader.name() == QLatin1String("cols"));
while(!(reader.name() == QLatin1String("cols") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("cols") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("col")) { if (reader.name() == QLatin1String("col")) {
@ -2007,7 +2007,7 @@ void WorksheetPrivate::readMergeCells(QXmlStreamReader &reader)
QXmlStreamAttributes attributes = reader.attributes(); QXmlStreamAttributes attributes = reader.attributes();
int count = attributes.value(QLatin1String("count")).toString().toInt(); int count = attributes.value(QLatin1String("count")).toString().toInt();
while(!(reader.name() == QLatin1String("mergeCells") && reader.tokenType() == QXmlStreamReader::EndElement)) { while (!reader.atEnd() && !(reader.name() == QLatin1String("mergeCells") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) { if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("mergeCell")) { if (reader.name() == QLatin1String("mergeCell")) {
@ -2036,7 +2036,7 @@ void WorksheetPrivate::readDataValidations(QXmlStreamReader &reader)
QXmlStreamAttributes attributes = reader.attributes(); QXmlStreamAttributes attributes = reader.attributes();
int count = attributes.value(QLatin1String("count")).toString().toInt(); int count = attributes.value(QLatin1String("count")).toString().toInt();
while(!(reader.name() == QLatin1String("dataValidations") while (!reader.atEnd() && !(reader.name() == QLatin1String("dataValidations")
&& reader.tokenType() == QXmlStreamReader::EndElement)) { && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement if (reader.tokenType() == QXmlStreamReader::StartElement
@ -2053,7 +2053,7 @@ void WorksheetPrivate::readSheetViews(QXmlStreamReader &reader)
{ {
Q_ASSERT(reader.name() == QLatin1String("sheetViews")); Q_ASSERT(reader.name() == QLatin1String("sheetViews"));
while(!(reader.name() == QLatin1String("sheetViews") while (!reader.atEnd() && !(reader.name() == QLatin1String("sheetViews")
&& reader.tokenType() == QXmlStreamReader::EndElement)) { && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement(); reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement && reader.name() == QLatin1String("sheetView")) { if (reader.tokenType() == QXmlStreamReader::StartElement && reader.name() == QLatin1String("sheetView")) {

Write Preview
Loading…
Cancel
Save