Crash with gnome#627420-1.ods in string related function

[julien2412]

Hello Michael,

Reading this thread, I took a look at sal/rtl/source/strtmpl.cxx
    969 static IMPL_RTL_STRINGDATA* IMPL_RTL_STRINGNAME( ImplAlloc )(
sal_Int32 nLen )
    970 {
    971     IMPL_RTL_STRINGDATA * pData
    972         = (sal::static_int_cast< sal_uInt32 >(nLen)
    973            <= ((SAL_MAX_UINT32 - sizeof (IMPL_RTL_STRINGDATA))
    974                / sizeof (IMPL_RTL_STRCODE)))
    975         ? (IMPL_RTL_STRINGDATA *) rtl_allocateMemory(
    976             sizeof (IMPL_RTL_STRINGDATA) + nLen * sizeof
(IMPL_RTL_STRCODE))
    977         : NULL;
    978     if (pData != NULL) {
    979         pData->refCount = 1;
    980         pData->length = nLen;
    981         pData->buffer[nLen] = 0;
    982     }
    983     return pData;
    984 }

Since we cast "nLen" parameter in "sal_uInt32", could it help to add an
assert about nLen should be >= 0 ?
Of course, we don't expect a length to be negative but perhaps this function
is called with a negative value in very specific cases.
(advantage of the assert, it costs nothing in non debug)

Julien



--
View this message in context: http://nabble.documentfoundation.org/Re-Crash-with-gnome-627420-1-ods-in-string-related-function-tp4027116p4027774.html
Sent from the Dev mailing list archive at Nabble.com.