[Libreoffice-commits] core.git: registry/source
Stephan Bergmann
sbergman at redhat.com
Tue Nov 18 02:18:41 PST 2014
registry/source/reflread.cxx | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
New commits:
commit 24714f5eaa08016da3f8a74f4842b25eb37ad814
Author: Stephan Bergmann <sbergman at redhat.com>
Date: Tue Nov 18 11:18:04 2014 +0100
Fix memchr checks
(thanks caolan for spotting)
Change-Id: I17093b4173b9a2fca2760240375bcb14313224ef
diff --git a/registry/source/reflread.cxx b/registry/source/reflread.cxx
index e226fbf..838010c 100644
--- a/registry/source/reflread.cxx
+++ b/registry/source/reflread.cxx
@@ -363,7 +363,8 @@ const sal_Char* ConstantPool::readUTF8NameConstant(sal_uInt16 index)
if (readUINT16(m_pIndex[index - 1] + CP_OFFSET_ENTRY_TAG) == CP_TAG_UTF8_NAME)
{
sal_uInt32 n = m_pIndex[index - 1] + CP_OFFSET_ENTRY_DATA;
- if (n < m_bufferLen && std::memchr(m_pBuffer, 0, n) != nullptr)
+ if (n < m_bufferLen
+ && std::memchr(m_pBuffer + n, 0, m_bufferLen - n) != nullptr)
{
aName = (const sal_Char*) (m_pBuffer + n);
}
@@ -564,7 +565,9 @@ const sal_Unicode* ConstantPool::readStringConstant(sal_uInt16 index)
if (readUINT16(m_pIndex[index - 1] + CP_OFFSET_ENTRY_TAG) == CP_TAG_CONST_STRING)
{
sal_uInt32 n = m_pIndex[index - 1] + CP_OFFSET_ENTRY_DATA;
- if (n >= m_bufferLen || std::memchr(m_pBuffer, 0, n) == nullptr)
+ if (n >= m_bufferLen
+ || (std::memchr(m_pBuffer + n, 0, m_bufferLen - n)
+ == nullptr))
{
throw BoundsError();
}
More information about the Libreoffice-commits
mailing list