[Libreoffice-commits] core.git: sw/source

Caolán McNamara caolanm at redhat.com
Thu Feb 15 14:07:44 UTC 2018 

 sw/source/filter/ww8/ww8par3.cxx |   18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

New commits:
commit cc2c2bb8001d48d2909ec4d418634ba00652bcf0
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Thu Feb 15 09:16:08 2018 +0000

    ofz#6368 Integer-overflow
    
    Change-Id: Id8c4fdb051467e0f3499dce94727e5a94f709ead
    Reviewed-on: https://gerrit.libreoffice.org/49799
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/sw/source/filter/ww8/ww8par3.cxx b/sw/source/filter/ww8/ww8par3.cxx
index ed52e72b00d2..515a2aaec72b 100644
--- a/sw/source/filter/ww8/ww8par3.cxx
+++ b/sw/source/filter/ww8/ww8par3.cxx
@@ -44,6 +44,7 @@
 #include <editeng/crossedoutitem.hxx>
 #include <editeng/udlnitem.hxx>
 #include <editeng/postitem.hxx>
+#include <o3tl/safeint.hxx>
 #include <unotextrange.hxx>
 #include <doc.hxx>
 #include <docary.hxx>
@@ -131,13 +132,20 @@ eF_ResT SwWW8ImplReader::Read_F_FormTextBox( WW8FieldDesc* pF, OUString& rStr )
             WW8_CP currentCP=pF->nSCode;
             WW8_CP currentLen=pF->nLen;
 
-            sal_uInt16 bkmFindIdx;
-            OUString aBookmarkFind=pB->GetBookmark(currentCP-1, currentCP+currentLen-1, bkmFindIdx);
+            WW8_CP nEnd;
+            if (o3tl::checked_add(currentCP, currentLen-1, nEnd)) {
+                SAL_WARN("sw.ww8", "broken offset, ignoring");
+            }
+            else
+            {
+                sal_uInt16 bkmFindIdx;
+                OUString aBookmarkFind=pB->GetBookmark(currentCP-1, nEnd, bkmFindIdx);
 
-            if (!aBookmarkFind.isEmpty()) {
-                pB->SetStatus(bkmFindIdx, BOOK_FIELD); // mark bookmark as consumed, such that tl'll not get inserted as a "normal" bookmark again
                 if (!aBookmarkFind.isEmpty()) {
-                    aBookmarkName=aBookmarkFind;
+                    pB->SetStatus(bkmFindIdx, BOOK_FIELD); // mark bookmark as consumed, such that tl'll not get inserted as a "normal" bookmark again
+                    if (!aBookmarkFind.isEmpty()) {
+                        aBookmarkName=aBookmarkFind;
+                    }
                 }
             }
         }

More information about the Libreoffice-commits mailing list