[Libreoffice-commits] core.git: sal/rtl

Eike Rathke (via logerrit) logerrit at kemper.freedesktop.org
Sat Oct 17 23:47:34 UTC 2020


 sal/rtl/math.cxx |    6 ++++++
 1 file changed, 6 insertions(+)

New commits:
commit 6ccf4dd2224e4beb567365903249858a2ca00082
Author:     Eike Rathke <erack at redhat.com>
AuthorDate: Sun Oct 18 00:12:42 2020 +0200
Commit:     Eike Rathke <erack at redhat.com>
CommitDate: Sun Oct 18 01:46:58 2020 +0200

    Limit nDecPlaces to a sensible value [-20, 20]
    
    Protect against callers using for example rtl_math_StringFormat_F
    with rtl_math_DecimalPlaces_Max in worst case..
    
    Change-Id: I9f143df6ae67b22e7732547c0f7a53b498caf2b8
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104472
    Reviewed-by: Eike Rathke <erack at redhat.com>
    Tested-by: Jenkins

diff --git a/sal/rtl/math.cxx b/sal/rtl/math.cxx
index b7dc1cbbc7f0..fe81f4c5a7f7 100644
--- a/sal/rtl/math.cxx
+++ b/sal/rtl/math.cxx
@@ -433,6 +433,12 @@ void doubleToString(typename T::String ** pResult,
         break;
     }
 
+    // Too large values for nDecPlaces make no sense; it might also be
+    // rtl_math_DecimalPlaces_Max was passed with rtl_math_StringFormat_F or
+    // others, but we don't want to allocate/deallocate 2GB just to fill it
+    // with trailing '0' characters..
+    nDecPlaces = std::max<sal_Int32>(std::min<sal_Int32>(nDecPlaces, 20), -20);
+
     sal_Int32 nDigits = nDecPlaces + 1;
 
     if (eFormat == rtl_math_StringFormat_F)


More information about the Libreoffice-commits mailing list