[Libreoffice-commits] core.git: Branch 'libreoffice-4-0' - sw/source

Michael Stahl mstahl at redhat.com
Tue Feb 19 01:01:10 PST 2013 

 sw/source/core/txtnode/txtedt.cxx |   17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

New commits:
commit 47211c07ebb9e56caeb57e4d879da6e67a1119df
Author: Michael Stahl <mstahl at redhat.com>
Date:   Fri Feb 15 16:27:34 2013 +0100

    fdo#60732: check max size in SwTxtNode::ReplaceTextOnly
    
    Change-Id: I1ca2075ab99fe1b09df700f55645b44f38cf5bcc
    (cherry picked from commit 0e49d87d92a3f1aeeeda547f1a7e710dcd4fee95)
    Reviewed-on: https://gerrit.libreoffice.org/2182
    Reviewed-by: Petr Mladek <pmladek at suse.cz>
    Tested-by: Petr Mladek <pmladek at suse.cz>

diff --git a/sw/source/core/txtnode/txtedt.cxx b/sw/source/core/txtnode/txtedt.cxx
index a538701..0cdacdb 100644
--- a/sw/source/core/txtnode/txtedt.cxx
+++ b/sw/source/core/txtnode/txtedt.cxx
@@ -1787,9 +1787,19 @@ void SwTxtNode::TransliterateText(
         {
             // now apply the changes from end to start to leave the offsets of the
             // yet unchanged text parts remain the same.
+            size_t nSum(m_Text.Len());
             for (size_t i = 0; i < aChanges.size(); ++i)
-            {
-                swTransliterationChgData &rData = aChanges[ aChanges.size() - 1 - i ];
+            {   // check this here since AddChanges cannot be moved below
+                // call to ReplaceTextOnly
+                swTransliterationChgData & rData =
+                    aChanges[ aChanges.size() - 1 - i ];
+                nSum = nSum + rData.sChanged.Len() - rData.nLen;
+                if (nSum > TXTNODE_MAX)
+                {
+                    SAL_WARN("sw.core", "SwTxtNode::ReplaceTextOnly: "
+                            "node text with insertion > TXTNODE_MAX.");
+                    return;
+                }
                 if (pUndo)
                     pUndo->AddChanges( *this, rData.nStart, rData.nLen, rData.aOffsets );
                 ReplaceTextOnly( rData.nStart, rData.nLen, rData.sChanged, rData.aOffsets );
@@ -1802,6 +1812,9 @@ void SwTxtNode::ReplaceTextOnly( xub_StrLen nPos, xub_StrLen nLen,
                                 const XubString& rText,
                                 const Sequence<sal_Int32>& rOffsets )
 {
+    assert(static_cast<size_t>(m_Text.Len()) +
+        static_cast<size_t>(rText.Len()) - nLen <= TXTNODE_MAX);
+
     m_Text.Replace( nPos, nLen, rText );
 
     xub_StrLen nTLen = rText.Len();

More information about the Libreoffice-commits mailing list