basic/source/runtime/methods.cxx | 2 +-
basic/source/sbx/sbxscan.cxx | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
New commits:
commit 43109b751bf5fd36318de56b2fb686acc724673f
Author: Julien Nabet <serval2...@yahoo.fr>
Date: Sun Apr 10 09:41:56 2016 +0200
tdf#99089: avoid some crashes in Basic
First stacktrace:
soffice.bin:
/home/julien/compile-libreoffice/libreoffice/include/rtl/ustring.hxx:577:
sal_Unicode rtl::OUString::operator[](sal_Int32) const:
Assertion `index >= 0 && static_cast<sal_uInt32>(index) <
static_cast<sal_uInt32>(getLength())' failed.
...
3 0x00002aaaab327452 in __GI___assert_fail (assertion=0x2aaaaeea62a8
"index >= 0 && static_cast<sal_uInt32>(index) <
static_cast<sal_uInt32>(getLength())", file=0x2aaaaeea6260
"/home/julien/compile-libreoffice/libreoffice/include/rtl/ustring.hxx",
line=577, function=0x2aaaaeea6860 <rtl::OUString::operator[](int)
const::__PRETTY_FUNCTION__> "sal_Unicode rtl::OUString::operator[](sal_Int32)
const") at assert.c:101
4 0x00002aaaaed91e89 in rtl::OUString::operator[](int) const
(this=0x7fffffff2770, index=0) at
/home/julien/compile-libreoffice/libreoffice/include/rtl/ustring.hxx:577
5 0x00002aaaaee1c66f in SbRtl_Val(StarBASIC*, SbxArray&, bool)
(pBasic=0xa2a7ec0, rPar=..., bWrite=false)
at
/home/julien/compile-libreoffice/libreoffice/basic/source/runtime/methods.cxx:1792
Second stacktrace:
0x00002aaaaee6054d in printfmtstr (rStr="", rRes="", rFmt="\£0.##") at
/home/julien/compile-libreoffice/libreoffice/basic/source/sbx/sbxscan.cxx:534
534 while( *pFmt != '\' );
(gdb) bt
0 0x00002aaaaee6054d in printfmtstr(rtl::OUString const&, rtl::OUString&,
rtl::OUString const&) (rStr="", rRes="", rFmt="\£0.##")
at
/home/julien/compile-libreoffice/libreoffice/basic/source/sbx/sbxscan.cxx:534
1 0x00002aaaaee617ce in SbxValue::Format(rtl::OUString&, rtl::OUString
const*) const (this=0xb12dd60, rRes="", pFmt=0x7fffffff20e0)
at
/home/julien/compile-libreoffice/libreoffice/basic/source/sbx/sbxscan.cxx:883
2 0x00002aaaaee217af in SbRtl_Format(StarBASIC*, SbxArray&, bool)
(pBasic=0xa2cffa0, rPar=..., bWrite=false)
at
/home/julien/compile-libreoffice/libreoffice/basic/source/runtime/methods.cxx:3519
Change-Id: I1798a1545ce08efa9d6fc39f4696195f9dc96c67
Reviewed-on: https://gerrit.libreoffice.org/23956
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: Julien Nabet <serval2...@yahoo.fr>
diff --git a/basic/source/runtime/methods.cxx b/basic/source/runtime/methods.cxx
index 6e83e1c..49f277f 100644
--- a/basic/source/runtime/methods.cxx
+++ b/basic/source/runtime/methods.cxx
@@ -1789,7 +1789,7 @@ RTLFUNC(Val)
OUString aStr( rPar.Get(1)->GetOUString() );
FilterWhiteSpace( aStr );
- if ( aStr[0] == '&' && aStr.getLength() > 1 )
+ if ( aStr.getLength() > 1 && aStr[0] == '&' )
{
int nRadix = 10;
char aChar = (char)aStr[1];
diff --git a/basic/source/sbx/sbxscan.cxx b/basic/source/sbx/sbxscan.cxx
index f108946..e0c8559 100644
--- a/basic/source/sbx/sbxscan.cxx
+++ b/basic/source/sbx/sbxscan.cxx
@@ -531,7 +531,7 @@ static sal_uInt16 printfmtstr( const OUString& rStr,
OUString& rRes, const OUStr
aTemp.append( *pStr ? *pStr++ : static_cast< sal_Unicode >(' '));
pFmt++;
}
- while( *pFmt != '\\' );
+ while( pFmt && *pFmt != '\\' );
aTemp.append(*pStr ? *pStr++ : static_cast< sal_Unicode >(' '));
pFmt++; break;
case '&':
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
