[Libreoffice-commits] core.git: sw/source
Caolán McNamara
caolanm at redhat.com
Wed Oct 25 19:33:22 UTC 2017
sw/source/filter/ww8/ww8scan.cxx | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
New commits:
commit 933b66c1227bb9c0e6b80a16e45d9153cea9e8a8
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Oct 25 15:39:57 2017 +0100
ofz Integer-overflow
Change-Id: I12d0d5d33be273d85822883598c20c793bceb706
Reviewed-on: https://gerrit.libreoffice.org/43845
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 3055feca08a5..c3adbf485d8f 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -1509,17 +1509,30 @@ WW8_FC WW8ScannerBase::WW8Cp2Fc(WW8_CP nCpPos, bool* pIsUnicode,
else
*pIsUnicode = m_pWw8Fib->m_fExtChar;
- WW8_CP nCpLen = nCpPos - nCpStart;
+ WW8_CP nCpLen;
+ bool bFail = o3tl::checked_sub(nCpPos, nCpStart, nCpLen);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_CP_MAX;
+ }
+
if (*pIsUnicode)
{
- const bool bFail = o3tl::checked_multiply<WW8_CP>(nCpLen, 2, nCpLen);
+ bFail = o3tl::checked_multiply<WW8_CP>(nCpLen, 2, nCpLen);
if (bFail)
{
SAL_WARN("sw.ww8", "broken offset, ignoring");
return WW8_CP_MAX;
}
}
- nRet += nCpLen;
+
+ bFail = o3tl::checked_add(nRet, nCpLen, nRet);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_CP_MAX;
+ }
return nRet;
}
More information about the Libreoffice-commits
mailing list