[Libreoffice-commits] core.git: sw/source
Caolán McNamara
caolanm at redhat.com
Wed Oct 25 13:18:43 UTC 2017
sw/source/filter/ww8/ww8scan.cxx | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
New commits:
commit 562aba2b26af31d378ab1b7ff023efa0e89b66f6
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Oct 25 10:04:20 2017 +0100
ofz#3780 Integer-overflow
Change-Id: Ia51ec4069249c26ea1ee469df42aa172f61587a9
Reviewed-on: https://gerrit.libreoffice.org/43814
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 684c9a00a2be..3eceb812aec5 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -1509,7 +1509,17 @@ WW8_FC WW8ScannerBase::WW8Cp2Fc(WW8_CP nCpPos, bool* pIsUnicode,
else
*pIsUnicode = m_pWw8Fib->m_fExtChar;
- nRet += (nCpPos - nCpStart) * (*pIsUnicode ? 2 : 1);
+ WW8_CP nCpLen = nCpPos - nCpStart;
+ if (*pIsUnicode)
+ {
+ const bool bFail = o3tl::checked_multiply<WW8_CP>(nCpLen, 2, nCpLen);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_CP_MAX;
+ }
+ }
+ nRet += nCpLen;
return nRet;
}
More information about the Libreoffice-commits
mailing list