sw/source/filter/ww8/ww8scan.cxx | 37 +++++++++++++++++++++++++++++++++++--
1 file changed, 35 insertions(+), 2 deletions(-)
New commits:
commit 43e17bdc6efa2ddcb1f08e5d2c40e7dc636c80fb
Author: Caolán McNamara <caol...@redhat.com>
Date: Tue Nov 14 21:22:13 2017 +0000
ofz#4213 Integer-overflow
Change-Id: Ice22ad92a82971f34c01d2c16fc3d4805b1fd5f3
Reviewed-on: https://gerrit.libreoffice.org/44742
Reviewed-by: Caolán McNamara <caol...@redhat.com>
Tested-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index e7d37be5fd87..1b24c6686aad 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -1264,8 +1264,41 @@ WW8_CP WW8PLCFx_PCD::AktPieceStartFc2Cp( WW8_FC
nStartPos )
if( nStartPos < nFcStart )
nStartPos = nFcStart;
- if( nStartPos >= nFcStart + (nCpEnd - nCpStart) * nUnicodeFactor )
- nStartPos = nFcStart + (nCpEnd - nCpStart - 1) * nUnicodeFactor;
+ WW8_CP nCpLen;
+ bool bFail = o3tl::checked_sub(nCpEnd, nCpStart, nCpLen);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_CP_MAX;
+ }
+
+ WW8_CP nCpLenBytes;
+ bFail = o3tl::checked_multiply(nCpLen, nUnicodeFactor, nCpLenBytes);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_CP_MAX;
+ }
+
+ WW8_FC nFcLen;
+ bFail = o3tl::checked_add(nFcStart, nCpLenBytes, nFcLen);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_CP_MAX;
+ }
+
+ WW8_FC nFcEnd;
+ bFail = o3tl::checked_add(nFcStart, nFcLen, nFcEnd);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ return WW8_CP_MAX;
+ }
+
+
+ if (nStartPos >= nFcEnd)
+ nStartPos = nFcEnd - (1 * nUnicodeFactor);
return nCpStart + (nStartPos - nFcStart) / nUnicodeFactor;
}
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
