[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-6-1+backports' - 2 commits - sc/source tools/source

Tue, 16 Nov 2021 10:40:31 -0800 

 sc/source/core/tool/compiler.cxx |    9 ++++++++-
 tools/source/generic/poly.cxx    |    2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

New commits:
commit 367ea0236340fa0b4ce69ab7df89aba4f2c720be
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Jun 27 19:08:36 2021 +0100
Commit:     Michael Stahl <michael.st...@allotropia.de>
CommitDate: Tue Nov 16 19:39:58 2021 +0100

    ofz#35504 Integer-overflow
    
    Change-Id: I7a462b821f286411d759b5259461fcdbf1741859
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117955
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    (cherry picked from commit 228cb26a6a1afe668dd17471bedf0ab52f133d5a)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125288
    Tested-by: Michael Stahl <michael.st...@allotropia.de>
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>

diff --git a/tools/source/generic/poly.cxx b/tools/source/generic/poly.cxx
index 1c5717e8ec86..9b09b5a2972b 100644
--- a/tools/source/generic/poly.cxx
+++ b/tools/source/generic/poly.cxx
@@ -251,7 +251,7 @@ ImplPolygon::ImplPolygon( const tools::Rectangle& rBound, 
const Point& rStart, c
         }
 
 
-        if( ( nRadX > 32 ) && ( nRadY > 32 ) && ( nRadX + nRadY ) < 8192 )
+        if (nRadX > 32 && nRadY > 32 && o3tl::saturating_add(nRadX, nRadY) < 
8192)
             nPoints >>= 1;
 
         // compute threshold
commit 577fb26e8b6242a099fb80e730c1efeb9dfed524
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Apr 2 14:28:37 2021 +0100
Commit:     Michael Stahl <michael.st...@allotropia.de>
CommitDate: Tue Nov 16 19:39:47 2021 +0100

    ofz: Segv on unknown address
    
    Change-Id: I6c69375a89781fc0b87230203335c861efb562f9
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113518
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    (cherry picked from commit 8de38977838d5a044271cb170730e3d557659f17)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125287
    Tested-by: Michael Stahl <michael.st...@allotropia.de>
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>

diff --git a/sc/source/core/tool/compiler.cxx b/sc/source/core/tool/compiler.cxx
index 70554ae93861..b307bc6dea12 100644
--- a/sc/source/core/tool/compiler.cxx
+++ b/sc/source/core/tool/compiler.cxx
@@ -2532,7 +2532,14 @@ Label_MaskStateMachine:
                                 if (eState != ssSkipReference)
                                 {
                                     *pSym++ = c;
-                                    *pSym++ = *pSrc++;
+
+                                    if( pSym == &cSymbol[ MAXSTRLEN ] )
+                                    {
+                                        SetError( 
FormulaError::StringOverflow);
+                                        eState = ssStop;
+                                    }
+                                    else
+                                        *pSym++ = *pSrc++;
                                 }
                                 bAddToSymbol = false;
                             }

Reply via email to