ofz various timeouts in ww8fuzzer

Change-Id: Id633b031d2856dab49bbedc6faf45670a3762c51
Reviewed-on: https://gerrit.libreoffice.org/42801Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>

sw/source/filter/ww8/ww8par2.cxx

@@ -4005,7 +4005,8 @@ void WW8RStyle::Import1Style( sal_uInt16 nNr )
 
     if ( !xStd || sName.isEmpty() || ((1 != xStd->sgc) && (2 != xStd->sgc)) )
     {
-        pStStrm->SeekRel( nSkip );
+        nSkip = std::min<sal_uInt64>(nSkip, pStStrm->remainingSize());
+        pStStrm->Seek(pStStrm->Tell() + nSkip);
         return;
     }
 
@@ -4100,7 +4101,8 @@ void WW8RStyle::ScanStyles()        // investigate style dependencies
             rSI = SwWW8StyInf();
 
         xStd.reset();
-        pStStrm->SeekRel( nSkip );              // skip Names and Sprms
+        nSkip = std::min<sal_uInt64>(nSkip, pStStrm->remainingSize());
+        pStStrm->Seek(pStStrm->Tell() + nSkip);              // skip Names and Sprms
     }
 }
 

sw/source/filter/ww8/ww8par5.cxx

@@ -961,7 +961,7 @@ long SwWW8ImplReader::Read_Field(WW8PLCFManResult* pRes)
     }
     else
     {                                   // read field
-        long nOldPos = m_pStrm->Tell();
+        auto nOldPos = m_pStrm->Tell();
         OUString aStr;
         if ( aF.nId == 6 && aF.bCodeNest )
         {
@@ -983,7 +983,7 @@ long SwWW8ImplReader::Read_Field(WW8PLCFManResult* pRes)
         }
 
         eF_ResT eRes = (this->*aWW8FieldTab[aF.nId])( &aF, aStr );
-        m_pStrm->Seek( nOldPos );
+        m_pStrm->Seek(nOldPos);
 
         switch ( eRes )
         {

sw/source/filter/ww8/ww8scan.cxx

@@ -1541,7 +1541,10 @@ WW8PLCFpcd* WW8ScannerBase::OpenPieceTable( SvStream* pStr, const WW8Fib* pWwF )
             m_aPieceGrpprls.push_back(p);    // add to array
         }
         else
-            pStr->SeekRel( nLen );         // non-Grpprl left
+        {
+            nLen = std::min<sal_uInt64>(nLen, pStr->remainingSize());
+            pStr->Seek(pStr->Tell() + nLen);         // non-Grpprl left
+        }
     }
 
     // read Piece Table PLCF
@@ -1845,6 +1848,12 @@ static bool WW8GetFieldPara(WW8PLCFspecial& rPLCF, WW8FieldDesc& rF)
         rF.nLen = rF.nSRes - rF.nSCode + 2;         // total length
     }
 
+    if (rF.nLen < 0)
+    {
+        rF.nLen = 0;
+        goto Err;
+    }
+
     rPLCF.advance();
     if((static_cast<sal_uInt8*>(pData)[0] & 0x1f ) == 0x15 )
     {
@@ -6583,7 +6592,7 @@ WW8_STD* WW8Style::Read1STDFixed(sal_uInt16& rSkip)
     WW8_STD* pStd = nullptr;
 
     sal_uInt16 cbStd(0);
-    rSt.ReadUInt16( cbStd );   // read length
+    rSt.ReadUInt16(cbStd);   // read length
 
     const sal_uInt16 nRead = cbSTDBaseInFile;
     if( cbStd >= cbSTDBaseInFile )
@@ -6628,14 +6637,20 @@ WW8_STD* WW8Style::Read1STDFixed(sal_uInt16& rSkip)
             pStd->fAutoRedef =   a16Bit & 0x0001       ;
             pStd->fHidden    = ( a16Bit & 0x0002 ) >> 1;
             // You never know: cautionary skipped
-            if( 10 < nRead )
-                rSt.SeekRel( nRead-10 );
+            if (nRead > 10)
+            {
+                auto nSkip = std::min<sal_uInt64>(nRead - 10, rSt.remainingSize());
+                rSt.Seek(rSt.Tell() + nSkip);
+            }
         }
         while( false ); // trick: the block above will passed through exactly one time
                     //   and can be left early with a "break"
 
-        if( (ERRCODE_NONE != rSt.GetError()) || !nRead )
-            DELETEZ( pStd );        // report error with NULL
+        if (!rSt.good() || !nRead)
+        {
+            delete pStd;
+            pStd = nullptr;       // report error with NULL
+        }
 
         rSkip = cbStd - cbSTDBaseInFile;
     }