sc/source/core/tool/interpr1.cxx | 2 ++
1 file changed, 2 insertions(+)
New commits:
commit 52de00024e84c063ab292890256cda59fe259ef5
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Jan 4 17:19:47 2021 +0000
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Tue Jan 5 15:10:53 2021 +0100
ofz#29234 Integer-overflow
sc/source/core/tool/interpr1.cxx:9578:39: runtime error: signed integer
overflow: 1 + 2147483647 cannot be represented in type 'int'
Change-Id: I2975ae1daab826f10f0e52e7d7421ac8dcc9fffc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108677
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sc/source/core/tool/interpr1.cxx b/sc/source/core/tool/interpr1.cxx
index b55f1172f704..b9050787dfd9 100644
--- a/sc/source/core/tool/interpr1.cxx
+++ b/sc/source/core/tool/interpr1.cxx
@@ -9563,6 +9563,8 @@ void ScInterpreter::ScMid()
OUString aStr = GetString().getString();
if ( nStart < 1 || nSubLen < 0 )
PushIllegalArgument();
+ else if (nStart > kScInterpreterMaxStrLen || nSubLen >
kScInterpreterMaxStrLen)
+ PushError(FormulaError::StringOverflow);
else
{
sal_Int32 nLen = aStr.getLength();
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
