[Libreoffice-commits] core.git: sw/source
Caolán McNamara
caolanm at redhat.com
Wed Oct 18 19:44:11 UTC 2017
sw/source/filter/ww8/ww8scan.cxx | 3 +++
1 file changed, 3 insertions(+)
New commits:
commit 86ed57911dffae4757058c410e4c5ac88ee8b160
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Oct 18 14:26:13 2017 +0100
ofz+ubsan: signed integer overflow
sw/source/filter/ww8/ww8scan.cxx:1816:15: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
Change-Id: I8dc79794c94c512ed1f73ea3f0e251cf2dc960bc
Reviewed-on: https://gerrit.libreoffice.org/43505
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 402319bce5cb..b3fdcd08ce04 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -1811,6 +1811,9 @@ static bool WW8GetFieldPara(WW8PLCFspecial& rPLCF, WW8FieldDesc& rF)
if( !rPLCF.Get( rF.nLCode, pData ) )
goto Err;
+ if (rF.nLCode < rF.nSCode)
+ goto Err;
+
rF.nSRes = rF.nLCode; // Default
rF.nSCode++; // without markers
rF.nLCode -= rF.nSCode; // Pos -> length
More information about the Libreoffice-commits
mailing list