[Libreoffice-commits] core.git: i18npool/source

Stephan Bergmann sbergman at redhat.com
Mon Oct 28 10:12:13 PDT 2013 

 i18npool/source/breakiterator/breakiterator_th.cxx |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

New commits:
commit b2ad9eecf1cda725b1d7fcabd1ebd06895843d20
Author: Stephan Bergmann <sbergman at redhat.com>
Date:   Mon Oct 28 18:03:47 2013 +0100

    Do not access nextCellIndex (nor Text) past the end
    
    At least for Winfried CppunitTest_sd_import_tests aborts with triggering the
    assert in OUString::operator[] at (presumably past-the-end) index 18 from
    
    com::sun::star::i18n::BreakIterator_th::makeIndex (this=0x2b775adf9440,
      Text=..., nStartPos=18) at
      i18npool/source/breakiterator/breakiterator_th.cxx:122
    com::sun::star::i18n::BreakIterator_CTL::previousCharacters
      (this=0x2b775adf9440, Text=..., nStartPos=18,
      rLocale=..., nCharacterIteratorMode=1, nCount=1, nDone=@0x7fff9a84a8fc: 0) at
      i18npool/source/breakiterator/breakiterator_ctl.cxx:62
    com::sun::star::i18n::BreakIteratorImpl::previousCharacters
      (this=0x2b775ae00a98, Text=..., nStartPos=18, rLocale=...,
      nCharacterIteratorMode=1, nCount=1, nDone=@0x7fff9a84a8fc: 0) at
      i18npool/source/breakiterator/breakiteratorImpl.cxx:65
    ServerFontLayout::setNeedFallback (this=0xfba5d0, rArgs=..., nCharPos=17,
      bRightToLeft=false) at vcl/generic/glyphs/gcach_layout.cxx:114
    HbLayoutEngine::layout (this=0xfba670, rLayout=..., rArgs=...) at
      vcl/generic/glyphs/gcach_layout.cxx:437
    ...
    
    and from the preceding if block in BreakIterator_th::makeIndex it indeed looks
    like the invariant is that nextCellIndex need not be larger than cellIndexSize
    which needs not be larger than Text (ake cachedText) getLength().
    
    Change-Id: Ib92a76020b2bb3902c5e58aa2e6c4e679e51b94a

diff --git a/i18npool/source/breakiterator/breakiterator_th.cxx b/i18npool/source/breakiterator/breakiterator_th.cxx
index 2e34af3..82d7b53 100644
--- a/i18npool/source/breakiterator/breakiterator_th.cxx
+++ b/i18npool/source/breakiterator/breakiterator_th.cxx
@@ -119,7 +119,8 @@ void SAL_CALL BreakIterator_th::makeIndex(const OUString& Text, sal_Int32 nStart
         // reset nextCell for new Text
         memset(nextCellIndex, 0, cellIndexSize * sizeof(sal_Int32));
     }
-    else if (nextCellIndex[nStartPos] > 0 || ! is_Thai(Text[nStartPos]))
+    else if (nStartPos >= Text.getLength() || nextCellIndex[nStartPos] > 0
+             || !is_Thai(Text[nStartPos]))
         return;
 
     const sal_Unicode* str = cachedText.getStr();

More information about the Libreoffice-commits mailing list