[Libreoffice-commits] core.git: Branch 'libreoffice-4-3-0' - sw/source

[Michael Stahl]

 sw/source/filter/ww8/ww8par.cxx |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

New commits:
commit 471ea09b844761ab42926de7ca782e97ce3e8931
Author: Michael Stahl <mstahl at redhat.com>
Date:   Tue Jul 8 13:05:41 2014 +0200

    sw: do more input validation in SwWW8ImplReader::Read_And
    
    (to fix up f2945255df273404ee2457dcf761cb8f334b732b)
    
    Change-Id: Ie20fb9db4515b9737322ec7224ecd7e411d31c03
    (cherry picked from commit ae2e7ad276acb9394691a9d4a702ed7a6b07b508)
    Reviewed-on: https://gerrit.libreoffice.org/10137
    Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
    Tested-by: Miklos Vajna <vmiklos at collabora.co.uk>
    (cherry picked from commit f61ea10dde1b7e3173a96d40c2725e76765cfbc4)
    Reviewed-on: https://gerrit.libreoffice.org/10230
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>
    Reviewed-by: Zolnai Tamás <zolnaitamas2000 at gmail.com>

diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 21ee239..11fafbe 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -2179,7 +2179,9 @@ long SwWW8ImplReader::Read_And(WW8PLCFManResult* pRes)
                 //that relate to each annotation index as the parser passes
                 //those points.
                 sal_Int32 nLen = nEnd - nStart;
-                if( nLen )
+                // the start and end positions are apparently stored in
+                // different arrays, so in an invalid file only one could exist
+                if(SAL_MAX_INT32 != nEnd && SAL_MAX_INT32 != nStart && nLen > 0)
                 {
                     if (pPaM->GetPoint()->nContent.GetIndex() >= nLen)
                     {