minutes of ESC call ...
caolanm at redhat.com
Fri Mar 30 05:24:47 PDT 2012
On Fri, 2012-03-30 at 09:46 +0200, Stephan Bergmann wrote:
> For other string constructors, the question is whether there /is/ code
> that, say, reads data from a user-supplied document and creates strings
> from it, so could be fooled into trying to create excessively large
> strings, but also establishes an exception handler that abandons loading
> the document.
Related to that topic I tried to find and merge the .doc/.xls etc vast
collection of custom methods that constructed strings from a stream
based on a document provided potentially large count, i.e.
read_uInt16s_ToOUString and friends. Those ones now use the
(non-memset-0-ing) comphelper::string::rtl_uString_alloc (which I moved
out of i18npool or i18nutil or something) and that alternative
rtl_uString/rtl_String builder throws on alloc failure.
More information about the LibreOffice