TianZD
/
QtXlsxWriter
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Prevent while() from causing potential infinite loops 

If xml files don't have proper close tags, don't generate an infinite
loop in our library.
master
Debao Zhang 11 years ago
parent
39483f77d7
commit
11e8d7c48a
8 changed files with 44 additions and 48 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      src/xlsx/xlsxsharedstrings.cpp
  2. 28
      src/xlsx/xlsxstyles.cpp
  3. 18
      src/xlsx/xlsxworksheet.cpp

6
src/xlsx/xlsxsharedstrings.cpp
View File

@ -253,7 +253,7 @@ void SharedStrings::readString(QXmlStreamReader &reader)
RichString richString;
while (!(reader.name() == QLatin1String("si") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("si") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("r"))
@ -274,7 +274,7 @@ void SharedStrings::readRichStringPart(QXmlStreamReader &reader, RichString &ric
QString text;
Format format;
while (!(reader.name() == QLatin1String("r") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("r") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("rPr")) {
@ -301,7 +301,7 @@ Format SharedStrings::readRichStringPart_rPr(QXmlStreamReader &reader)
{
Q_ASSERT(reader.name() == QLatin1String("rPr"));
Format format;
while (!(reader.name() == QLatin1String("rPr") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("rPr") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
QXmlStreamAttributes attributes = reader.attributes();

28
src/xlsx/xlsxstyles.cpp
View File

@ -749,7 +749,9 @@ bool Styles::readFonts(QXmlStreamReader &reader)
bool Styles::readFont(QXmlStreamReader &reader, Format &format)
{
Q_ASSERT(reader.name() == QLatin1String("font"));
while((reader.readNextStartElement(), true)) { //read until font endelement.
while (!reader.atEnd() && !(reader.tokenType() == QXmlStreamReader::EndElement
&& reader.name() == QLatin1String("font"))) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
QXmlStreamAttributes attributes = reader.attributes();
if (reader.name() == QLatin1String("name")) {
@ -799,9 +801,6 @@ bool Styles::readFont(QXmlStreamReader &reader, Format &format)
format.setProperty(FormatPrivate::P_Font_Scheme, attributes.value(QLatin1String("val")).toString());
}
}
if (reader.tokenType() == QXmlStreamReader::EndElement && reader.name() == QLatin1String("font"))
break;
}
return true;
}
@ -862,7 +861,8 @@ bool Styles::readFill(QXmlStreamReader &reader, Format &fill)
patternValues[QStringLiteral("lightGrid")] = Format::PatternLightGrid;
}
while((reader.readNextStartElement(), true)) { //read until fill endelement
while (!reader.atEnd() && !(reader.tokenType() == QXmlStreamReader::EndElement && reader.name() == QLatin1String("fill"))) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("patternFill")) {
QXmlStreamAttributes attributes = reader.attributes();
@ -886,9 +886,6 @@ bool Styles::readFill(QXmlStreamReader &reader, Format &fill)
fill.setProperty(FormatPrivate::P_Fill_BgColor, c);
}
}
if (reader.tokenType() == QXmlStreamReader::EndElement && reader.name() == QLatin1String("fill"))
break;
}
return true;
@ -939,7 +936,8 @@ bool Styles::readBorder(QXmlStreamReader &reader, Format &border)
else if (isDown)
border.setDiagonalBorderType(Format::DiagonalBorderDown);
while((reader.readNextStartElement(), true)) { //read until border endelement
while (!reader.atEnd() && !(reader.tokenType() == QXmlStreamReader::EndElement && reader.name() == QLatin1String("border"))) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("left") || reader.name() == QLatin1String("right")
|| reader.name() == QLatin1String("top") || reader.name() == QLatin1String("bottom")
@ -1007,13 +1005,11 @@ bool Styles::readSubBorder(QXmlStreamReader &reader, const QString &name, Format
if (stylesStringsMap.contains(styleString)) {
//get style
style = stylesStringsMap[styleString];
while((reader.readNextStartElement(),true)) {
while (!reader.atEnd() && !(reader.tokenType() == QXmlStreamReader::EndElement && reader.name() == name)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("color"))
color.loadFromXml(reader, this);
} else if (reader.tokenType() == QXmlStreamReader::EndElement) {
if (reader.name() == name)
break;
}
}
}
@ -1180,7 +1176,7 @@ bool Styles::readDxf(QXmlStreamReader &reader)
{
Q_ASSERT(reader.name() == QLatin1String("dxf"));
Format format;
while (!(reader.name() == QLatin1String("dxf") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("dxf") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("numFmt")) {
@ -1204,7 +1200,7 @@ bool Styles::readDxf(QXmlStreamReader &reader)
bool Styles::readColors(QXmlStreamReader &reader)
{
Q_ASSERT(reader.name() == QLatin1String("colors"));
while (!(reader.name() == QLatin1String("colors") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("colors") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("indexedColors")) {
@ -1220,7 +1216,7 @@ bool Styles::readColors(QXmlStreamReader &reader)
bool Styles::readIndexedColors(QXmlStreamReader &reader)
{
Q_ASSERT(reader.name() == QLatin1String("indexedColors"));
while (!(reader.name() == QLatin1String("indexedColors") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("indexedColors") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("rgbColor")) {

18
src/xlsx/xlsxworksheet.cpp
View File

@ -1795,7 +1795,7 @@ QSharedPointer<Cell> WorksheetPrivate::readNumericCellData(QXmlStreamReader &rea
QString v_str;
QString f_str;
QSharedPointer<Cell> cell;
while (!(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("v")) {
@ -1833,7 +1833,7 @@ void WorksheetPrivate::readSheetData(QXmlStreamReader &reader)
Q_Q(Worksheet);
Q_ASSERT(reader.name() == QLatin1String("sheetData"));
while(!(reader.name() == QLatin1String("sheetData") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("sheetData") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
@ -1886,7 +1886,7 @@ void WorksheetPrivate::readSheetData(QXmlStreamReader &reader)
QString type = attributes.value(QLatin1String("t")).toString();
if (type == QLatin1String("s")) {
//string type
while (!(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.name() == QLatin1String("v")) {
int sst_idx = reader.readElementText().toInt();
@ -1900,7 +1900,7 @@ void WorksheetPrivate::readSheetData(QXmlStreamReader &reader)
}
} else if (type == QLatin1String("inlineStr")) {
//inline string type
while (!(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
//:Todo, add rich text read support
@ -1928,7 +1928,7 @@ void WorksheetPrivate::readSheetData(QXmlStreamReader &reader)
} else if (type == QLatin1String("e")) {
//error type, such as #DIV/0! #NULL! #REF! etc
QString v_str, f_str;
while (!(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("c") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("v"))
@ -1963,7 +1963,7 @@ void WorksheetPrivate::readColumnsInfo(QXmlStreamReader &reader)
{
Q_ASSERT(reader.name() == QLatin1String("cols"));
while(!(reader.name() == QLatin1String("cols") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("cols") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("col")) {
@ -2007,7 +2007,7 @@ void WorksheetPrivate::readMergeCells(QXmlStreamReader &reader)
QXmlStreamAttributes attributes = reader.attributes();
int count = attributes.value(QLatin1String("count")).toString().toInt();
while(!(reader.name() == QLatin1String("mergeCells") && reader.tokenType() == QXmlStreamReader::EndElement)) {
while (!reader.atEnd() && !(reader.name() == QLatin1String("mergeCells") && reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement) {
if (reader.name() == QLatin1String("mergeCell")) {
@ -2036,7 +2036,7 @@ void WorksheetPrivate::readDataValidations(QXmlStreamReader &reader)
QXmlStreamAttributes attributes = reader.attributes();
int count = attributes.value(QLatin1String("count")).toString().toInt();
while(!(reader.name() == QLatin1String("dataValidations")
while (!reader.atEnd() && !(reader.name() == QLatin1String("dataValidations")
&& reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement
@ -2053,7 +2053,7 @@ void WorksheetPrivate::readSheetViews(QXmlStreamReader &reader)
{
Q_ASSERT(reader.name() == QLatin1String("sheetViews"));
while(!(reader.name() == QLatin1String("sheetViews")
while (!reader.atEnd() && !(reader.name() == QLatin1String("sheetViews")
&& reader.tokenType() == QXmlStreamReader::EndElement)) {
reader.readNextStartElement();
if (reader.tokenType() == QXmlStreamReader::StartElement && reader.name() == QLatin1String("sheetView")) {

Write Preview
Loading…
Cancel
Save