[Libreoffice-commits] core.git: sw/source
Caolán McNamara
caolanm at redhat.com
Wed Oct 25 07:52:37 UTC 2017
sw/source/filter/ww8/ww8scan.cxx | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)
New commits:
commit 78a535a7a717320693a3bbff3679b36f0e0ae507
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue Oct 24 15:49:22 2017 +0100
ofz#3770 Integer-overflow
Change-Id: Ifd08bfe6a58d81a4d8ab1a7f768c2804abe5dfad
Reviewed-on: https://gerrit.libreoffice.org/43782
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 240ebbc3057e..ca018366d22e 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -1205,7 +1205,26 @@ WW8_FC WW8PLCFx_PCD::AktPieceStartCp2Fc( WW8_CP nCp )
if( !bVer67 )
nFC = WW8PLCFx_PCD::TransformPieceAddress( nFC, bIsUnicode );
- return nFC + (nCp - nCpStart) * (bIsUnicode ? 2 : 1);
+ WW8_CP nDistance = nCp - nCpStart;
+ if (bIsUnicode)
+ {
+ const bool bFail = o3tl::checked_multiply<WW8_CP>(nDistance, 2, nDistance);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_FC_MAX;
+ }
+ }
+
+ WW8_FC nRet;
+ const bool bFail = o3tl::checked_add(nFC, nDistance, nRet);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_FC_MAX;
+ }
+
+ return nRet;
}
void WW8PLCFx_PCD::AktPieceFc2Cp( WW8_CP& rStartPos, WW8_CP& rEndPos,
More information about the Libreoffice-commits
mailing list