[Libreoffice-commits] core.git: sw/source
Stephan Bergmann
sbergman at redhat.com
Wed May 7 23:33:04 PDT 2014
sw/source/filter/ww8/ww8par6.cxx | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
New commits:
commit 9beda5ab8feaeb6d5e1c64e094065b02551532a4
Author: Stephan Bergmann <sbergman at redhat.com>
Date: Thu May 8 08:26:46 2014 +0200
Handle bad SwWW8ImplReader::GetCol input
With previously found offenders out of the way, looks like
sw/qa/core/data/ww8/pass/CVE-2009-3302-2.doc is the only case that triggers
this, and that is likely deliberately malformed input.
As the whole ww8 parser appears not to be build around robust eager input
validation and error signalling, there is little more we can do here than throw
up our hands in despair.
Change-Id: Idf61fcf14a784cef1539654f2825c013c218987f
diff --git a/sw/source/filter/ww8/ww8par6.cxx b/sw/source/filter/ww8/ww8par6.cxx
index 8836d30..772ee882 100644
--- a/sw/source/filter/ww8/ww8par6.cxx
+++ b/sw/source/filter/ww8/ww8par6.cxx
@@ -121,8 +121,10 @@ ColorData SwWW8ImplReader::GetCol(sal_uInt8 nIco)
COL_CYAN, COL_GREEN, COL_MAGENTA, COL_RED, COL_BROWN, COL_GRAY,
COL_LIGHTGRAY
};
-
- return eSwWW8ColA[nIco];
+ SAL_WARN_IF(
+ nIco >= SAL_N_ELEMENTS(eSwWW8ColA), "sw.ww8",
+ "ico " << sal_uInt32(nIco) << " >= " << SAL_N_ELEMENTS(eSwWW8ColA));
+ return nIco < SAL_N_ELEMENTS(eSwWW8ColA) ? eSwWW8ColA[nIco] : COL_AUTO;
}
inline sal_uInt32 MSRoundTweak(sal_uInt32 x)
More information about the Libreoffice-commits
mailing list