sw/source/filter/ww8/ww8scan.cxx | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
New commits:
commit 4fb14703e555b14507e4246e02859607f7aec07d
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Nov 5 14:20:03 2017 +0000
ofz#4068 Integer-overflow
Change-Id: Id61f4f82b66e7efa4d3ef062d2756acddcee43b8
Reviewed-on: https://gerrit.libreoffice.org/44327
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
Tested-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 623100c4f61a..25e99ba55afd 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -1481,6 +1481,8 @@ WW8_FC WW8ScannerBase::WW8Cp2Fc(WW8_CP nCpPos, bool*
pIsUnicode,
else
*pIsUnicode = m_pWw8Fib->m_fExtChar;
+ WW8_FC nRet;
+
if( m_pPieceIter )
{
// Complex File
@@ -1510,7 +1512,7 @@ WW8_FC WW8ScannerBase::WW8Cp2Fc(WW8_CP nCpPos, bool*
pIsUnicode,
if( pNextPieceCp )
*pNextPieceCp = nCpEnd;
- WW8_FC nRet = SVBT32ToUInt32( static_cast<WW8_PCD*>(pData)->fc );
+ nRet = SVBT32ToUInt32( static_cast<WW8_PCD*>(pData)->fc );
if (m_pWw8Fib->m_nVersion >= 8)
nRet = WW8PLCFx_PCD::TransformPieceAddress( nRet, *pIsUnicode );
else
@@ -1555,7 +1557,13 @@ WW8_FC WW8ScannerBase::WW8Cp2Fc(WW8_CP nCpPos, bool*
pIsUnicode,
}
// No complex file
- return m_pWw8Fib->m_fcMin + nCpPos;
+ const bool bFail = o3tl::checked_add(m_pWw8Fib->m_fcMin, nCpPos, nRet);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_CP_MAX;
+ }
+ return nRet;
}
// class WW8ScannerBase
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
