[Libreoffice-commits] core.git: sw/source
Caolán McNamara
caolanm at redhat.com
Wed Oct 25 07:56:17 UTC 2017
sw/source/filter/ww8/ww8scan.cxx | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
New commits:
commit fbefa7cb11f4c76c198b724f506918f5c568518c
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue Oct 24 13:31:28 2017 +0100
ofz#3756 Integer-overflow
Change-Id: I2b3423941c3c25961aafc5c4b55c4cc76289c8cf
Reviewed-on: https://gerrit.libreoffice.org/43768
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 7e67fb9f5c1a..12cb59cd2698 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -3361,8 +3361,17 @@ void WW8PLCFx_Cp_FKP::GetSprms(WW8PLCFxDesc* p)
nFcStart,bIsUnicode );
}
- nLimitFC = nFcStart + (nCpEnd - nCpStart) *
- (bIsUnicode ? 2 : 1);
+ WW8_CP nCpLen = (nCpEnd - nCpStart);
+ if (bIsUnicode)
+ {
+ const bool bFail = o3tl::checked_multiply<WW8_CP>(nCpLen, 2, nCpLen);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ continue;
+ }
+ }
+ nLimitFC = nFcStart + nCpLen;
//if it doesn't exist, skip it
if (!SeekPos(nCpStart))
More information about the Libreoffice-commits
mailing list