[Libreoffice-commits] core.git: sw/source

Caolán McNamara caolanm at redhat.com
Sun Oct 29 10:03:35 UTC 2017 

 sw/source/filter/ww8/ww8scan.cxx |   17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

New commits:
commit 98c7ab9531af4848dc289e38c5f4291788ad3d6e
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Sat Oct 28 16:12:41 2017 +0100

    ofz#3871 Integer-overflow
    
    Change-Id: I5358835671fa1a57f6db5f5aeb9eec87e22c6e39
    Reviewed-on: https://gerrit.libreoffice.org/44010
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 8074ada87347..6d6137e151d1 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -1205,17 +1205,10 @@ WW8_FC WW8PLCFx_PCD::AktPieceStartCp2Fc( WW8_CP nCp )
     if( !bVer67 )
         nFC = WW8PLCFx_PCD::TransformPieceAddress( nFC, bIsUnicode );
 
-    WW8_CP nDistance;
-    bool bFail = o3tl::checked_sub(nCp, nCpStart, nDistance);
-    if (bFail)
-    {
-        SAL_WARN("sw.ww8", "broken offset, ignoring");
-        return WW8_FC_MAX;
-    }
-
+    WW8_CP nDistance = nCp - nCpStart;
     if (bIsUnicode)
     {
-        bFail = o3tl::checked_multiply<WW8_CP>(nDistance, 2, nDistance);
+        const bool bFail = o3tl::checked_multiply<WW8_CP>(nDistance, 2, nDistance);
         if (bFail)
         {
             SAL_WARN("sw.ww8", "broken offset, ignoring");
@@ -1224,7 +1217,7 @@ WW8_FC WW8PLCFx_PCD::AktPieceStartCp2Fc( WW8_CP nCp )
     }
 
     WW8_FC nRet;
-    bFail = o3tl::checked_add(nFC, nDistance, nRet);
+    const bool bFail = o3tl::checked_add(nFC, nDistance, nRet);
     if (bFail)
     {
         SAL_WARN("sw.ww8", "broken offset, ignoring");
@@ -1893,7 +1886,7 @@ static bool WW8GetFieldPara(WW8PLCFspecial& rPLCF, WW8FieldDesc& rF)
     {
         rPLCF.advance();
 
-        if( !rPLCF.Get( rF.nLRes, pData ) )
+        if (!rPLCF.Get(rF.nLRes, pData) || rF.nLRes < 0)
             goto Err;
 
         while((static_cast<sal_uInt8*>(pData)[0] & 0x1f ) == 0x13 )
@@ -1901,7 +1894,7 @@ static bool WW8GetFieldPara(WW8PLCFspecial& rPLCF, WW8FieldDesc& rF)
             // still new (nested) beginnings ?
             WW8SkipField( rPLCF );              // nested Field in results
             rF.bResNest = true;
-            if( !rPLCF.Get( rF.nLRes, pData ) )
+            if (!rPLCF.Get(rF.nLRes, pData) || rF.nLRes < 0)
                 goto Err;
         }
         rF.nLen = rF.nLRes - rF.nSCode + 2;         // nLRes is still the final position

More information about the Libreoffice-commits mailing list