[Libreoffice-commits] core.git: Branch 'libreoffice-7-0' - sal/rtl

[Eike Rathke (via logerrit)]

 sal/rtl/math.cxx |    6 ++++++
 1 file changed, 6 insertions(+)

New commits:
commit 52421298155eeea4f907a0a1f52e5725e9c8caf0
Author:     Eike Rathke <erack at redhat.com>
AuthorDate: Sun Oct 18 00:12:42 2020 +0200
Commit:     Xisco Fauli <xiscofauli at libreoffice.org>
CommitDate: Tue Oct 20 13:57:33 2020 +0200

    Limit nDecPlaces to a sensible value [-20, 20]
    
    Protect against callers using for example rtl_math_StringFormat_F
    with rtl_math_DecimalPlaces_Max in worst case..
    
    Change-Id: I9f143df6ae67b22e7732547c0f7a53b498caf2b8
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104472
    Reviewed-by: Eike Rathke <erack at redhat.com>
    Tested-by: Jenkins
    (cherry picked from commit 6ccf4dd2224e4beb567365903249858a2ca00082)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104489
    Reviewed-by: Xisco Fauli <xiscofauli at libreoffice.org>

diff --git a/sal/rtl/math.cxx b/sal/rtl/math.cxx
index 981009aa036c..b01253c70dfa 100644
--- a/sal/rtl/math.cxx
+++ b/sal/rtl/math.cxx
@@ -433,6 +433,12 @@ void doubleToString(typename T::String ** pResult,
         break;
     }
 
+    // Too large values for nDecPlaces make no sense; it might also be
+    // rtl_math_DecimalPlaces_Max was passed with rtl_math_StringFormat_F or
+    // others, but we don't want to allocate/deallocate 2GB just to fill it
+    // with trailing '0' characters..
+    nDecPlaces = std::max<sal_Int32>(std::min<sal_Int32>(nDecPlaces, 20), -20);
+
     sal_Int32 nDigits = nDecPlaces + 1;
 
     if (eFormat == rtl_math_StringFormat_F)