[Libreoffice-commits] core.git: sw/source
Caolán McNamara
caolanm at redhat.com
Sun Feb 11 21:23:32 UTC 2018
sw/source/filter/ww8/ww8scan.cxx | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
New commits:
commit 0428340f9ce0f033391ceb23c6f3aecad981c950
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sun Feb 11 20:45:07 2018 +0000
ofz#6229 Integer-overflow
Change-Id: Ia049e96f84f179d1249ff63d03b58dad00e0be0e
Reviewed-on: https://gerrit.libreoffice.org/49570
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index ee21fc8f9410..9b9949f484aa 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -1483,8 +1483,20 @@ WW8_CP WW8ScannerBase::WW8Fc2Cp( WW8_FC nFcPos ) const
if (nFcPos >= nFcStart)
{
// found
- WW8_CP nTempCp =
- nCpStart + ((nFcPos - nFcStart) / (bIsUnicode ? 2 : 1));
+ WW8_FC nFcDiff;
+ if (o3tl::checked_sub(nFcPos, nFcStart, nFcDiff))
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_CP_MAX;
+ }
+ if (bIsUnicode)
+ nFcDiff /= 2;
+ WW8_CP nTempCp;
+ if (o3tl::checked_add(nCpStart, nFcDiff, nTempCp))
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_CP_MAX;
+ }
if (nFcPos < nFcStart + nLen)
{
m_pPieceIter->SetIdx( nOldPos );
More information about the Libreoffice-commits
mailing list