[Libreoffice-commits] core.git: Branch 'libreoffice-4-3' - cui/source svl/source
Eike Rathke
erack at redhat.com
Mon Aug 18 10:38:15 PDT 2014
cui/source/tabpages/numfmt.cxx | 18 ++++++++++---
svl/source/numbers/zformat.cxx | 56 +++++++++++++++++++++++------------------
2 files changed, 47 insertions(+), 27 deletions(-)
New commits:
commit f3e7a49e2c7ea235b724c157f8d05a23c675913a
Author: Eike Rathke <erack at redhat.com>
Date: Mon Aug 18 14:09:20 2014 +0200
prevent out-of-bounds string access
... while entering a * star symbol format code and there's no fill
character following the * yet, for example "xxx"*
(cherry picked from commit 839cc63e7d1b78c56e04bafb46037e898ce2c455)
more out-of-bounds string accesses
(cherry picked from commit 349c93e0f5c9f231b2ff6854fcb795ca5881ca2d)
Change-Id: I006f125ceefccba6a95ea033fd434d98e5d4f1c2
Reviewed-on: https://gerrit.libreoffice.org/10994
Reviewed-by: David Tardon <dtardon at redhat.com>
Tested-by: David Tardon <dtardon at redhat.com>
diff --git a/cui/source/tabpages/numfmt.cxx b/cui/source/tabpages/numfmt.cxx
index 52d2356..d4af55c 100644
--- a/cui/source/tabpages/numfmt.cxx
+++ b/cui/source/tabpages/numfmt.cxx
@@ -112,9 +112,21 @@ void SvxNumberPreview::NotifyChange( const OUString& rPrevStr,
mnPos = aPrevStr.indexOf( 0x1B );
if ( mnPos != -1 )
{
- mnChar = aPrevStr[ mnPos + 1 ];
- // delete placeholder and char to repeat
- aPrevStr = aPrevStr.replaceAt( mnPos, 2, "" );
+ // Right during user input the star symbol is the very
+ // last character before the user enters another one.
+ if (mnPos < aPrevStr.getLength() - 1)
+ {
+ mnChar = aPrevStr[ mnPos + 1 ];
+ // delete placeholder and char to repeat
+ aPrevStr = aPrevStr.replaceAt( mnPos, 2, "" );
+ }
+ else
+ {
+ // delete placeholder
+ aPrevStr = aPrevStr.replaceAt( mnPos, 1, "" );
+ // do not attempt to draw a 0 fill character
+ mnPos = -1;
+ }
}
svtools::ColorConfig aColorConfig;
Color aWindowTextColor( aColorConfig.GetColorValue( svtools::FONTCOLOR ).nColor );
diff --git a/svl/source/numbers/zformat.cxx b/svl/source/numbers/zformat.cxx
index ef94a23..a48c029 100644
--- a/svl/source/numbers/zformat.cxx
+++ b/svl/source/numbers/zformat.cxx
@@ -2241,6 +2241,30 @@ short SvNumberformat::ImpCheckCondition(double& fNumber,
}
}
+static bool lcl_appendStarFillChar( OUStringBuffer& rBuf, const OUString& rStr )
+{
+ // Right during user input the star symbol is the very
+ // last character before the user enters another one.
+ if (rStr.getLength() > 1)
+ {
+ rBuf.append((sal_Unicode) 0x1B);
+ rBuf.append(rStr[1]);
+ return true;
+ }
+ return false;
+}
+
+static bool lcl_insertStarFillChar( OUStringBuffer& rBuf, sal_Int32 nPos, const OUString& rStr )
+{
+ if (rStr.getLength() > 1)
+ {
+ rBuf.insert( nPos, rStr[1]);
+ rBuf.insert( nPos, (sal_Unicode) 0x1B);
+ return true;
+ }
+ return false;
+}
+
bool SvNumberformat::GetOutputString(const OUString& sString,
OUString& OutString,
Color** ppColor)
@@ -2273,9 +2297,7 @@ bool SvNumberformat::GetOutputString(const OUString& sString,
case NF_SYMBOLTYPE_STAR:
if( bStarFlag )
{
- sOutBuff.append((sal_Unicode) 0x1B);
- sOutBuff.append(rInfo.sStrArray[i][1]);
- bRes = true;
+ bRes = lcl_appendStarFillChar( sOutBuff, rInfo.sStrArray[i]);
}
break;
case NF_SYMBOLTYPE_BLANK:
@@ -2588,9 +2610,7 @@ bool SvNumberformat::GetOutputString(double fNumber,
case NF_SYMBOLTYPE_STAR:
if( bStarFlag )
{
- sBuff.append((sal_Unicode) 0x1B);
- sBuff.append(rInfo.sStrArray[i][1]);
- bRes = true;
+ bRes = lcl_appendStarFillChar( sBuff, rInfo.sStrArray[i]);
}
break;
case NF_SYMBOLTYPE_BLANK:
@@ -3214,9 +3234,7 @@ bool SvNumberformat::ImpGetTimeOutput(double fNumber,
case NF_SYMBOLTYPE_STAR:
if( bStarFlag )
{
- sBuff.append((sal_Unicode)0x1B);
- sBuff.append(rInfo.sStrArray[i][1]);
- bRes = true;
+ bRes = lcl_appendStarFillChar( sBuff, rInfo.sStrArray[i]);
}
break;
case NF_SYMBOLTYPE_BLANK:
@@ -3712,9 +3730,7 @@ bool SvNumberformat::ImpGetDateOutput(double fNumber,
case NF_SYMBOLTYPE_STAR:
if( bStarFlag )
{
- sBuff.append((sal_Unicode) 0x1B);
- sBuff.append(rInfo.sStrArray[i][1]);
- bRes = true;
+ bRes = lcl_appendStarFillChar( sBuff, rInfo.sStrArray[i]);
}
break;
case NF_SYMBOLTYPE_BLANK:
@@ -4007,9 +4023,7 @@ bool SvNumberformat::ImpGetDateTimeOutput(double fNumber,
case NF_SYMBOLTYPE_STAR:
if( bStarFlag )
{
- sBuff.append((sal_Unicode) 0x1B);
- sBuff.append(rInfo.sStrArray[i][1]);
- bRes = true;
+ bRes = lcl_appendStarFillChar( sBuff, rInfo.sStrArray[i]);
}
break;
case NF_SYMBOLTYPE_BLANK:
@@ -4340,9 +4354,7 @@ bool SvNumberformat::ImpGetNumberOutput(double fNumber,
case NF_SYMBOLTYPE_STAR:
if( bStarFlag )
{
- sStr.insert(k, rInfo.sStrArray[j][1]);
- sStr.insert(k, (sal_Unicode) 0x1B);
- bRes = true;
+ bRes = lcl_insertStarFillChar( sStr, k, rInfo.sStrArray[j]);
}
break;
case NF_SYMBOLTYPE_BLANK:
@@ -4475,9 +4487,7 @@ bool SvNumberformat::ImpNumberFillWithThousands( OUStringBuffer& sBuff, // numb
case NF_SYMBOLTYPE_STAR:
if( bStarFlag )
{
- sBuff.insert(k, rInfo.sStrArray[j][1]);
- sBuff.insert(k, (sal_Unicode) 0x1B);
- bRes = true;
+ bRes = lcl_insertStarFillChar( sBuff, k, rInfo.sStrArray[j]);
}
break;
case NF_SYMBOLTYPE_BLANK:
@@ -4651,9 +4661,7 @@ bool SvNumberformat::ImpNumberFill( OUStringBuffer& sBuff, // number string
case NF_SYMBOLTYPE_STAR:
if( bStarFlag )
{
- sBuff.insert(k, rInfo.sStrArray[j][1]);
- sBuff.insert(k, sal_Unicode(0x1B));
- bRes = true;
+ bRes = lcl_insertStarFillChar( sBuff, k, rInfo.sStrArray[j]);
}
break;
case NF_SYMBOLTYPE_BLANK:
More information about the Libreoffice-commits
mailing list