[Libreoffice-commits] core.git: sw/source
Caolán McNamara
caolanm at redhat.com
Sat Nov 25 16:56:12 UTC 2017
sw/source/filter/ww8/ww8scan.cxx | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
New commits:
commit 25622034bcef0b6bc3a8e6c150189f85672b2c9e
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Nov 25 15:03:02 2017 +0000
ofz#4419 Integer-overflow
Change-Id: I922fb5195e2ed9311ada006beac6918136154a19
Reviewed-on: https://gerrit.libreoffice.org/45270
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 4991e63fb6f5..e52a14b9671a 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -1498,11 +1498,18 @@ WW8_CP WW8ScannerBase::WW8Fc2Cp( WW8_FC nFcPos ) const
return nFallBackCpEnd;
}
+ WW8_FC nFcDiff;
+ if (o3tl::checked_sub(nFcPos, m_pWw8Fib->m_fcMin, nFcDiff))
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_CP_MAX;
+ }
+
// No complex file
if (!bIsUnicode)
- nFallBackCpEnd = (nFcPos - m_pWw8Fib->m_fcMin);
+ nFallBackCpEnd = nFcDiff;
else
- nFallBackCpEnd = (nFcPos - m_pWw8Fib->m_fcMin + 1) / 2;
+ nFallBackCpEnd = (nFcDiff + 1) / 2;
return nFallBackCpEnd;
}
More information about the Libreoffice-commits
mailing list