hwpfilter/source/hbox.cxx | 131 +++++++++++++++++++++++-----------------------
1 file changed, 67 insertions(+), 64 deletions(-)
New commits:
commit f88056b02164fee4b8ce56554f71daf33eb07482
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Dec 18 16:31:44 2022 +0000
Commit: Xisco Fauli <xiscofa...@libreoffice.org>
CommitDate: Mon Dec 19 09:52:35 2022 +0000
ofz#54402 check bounds
git show -w
Change-Id: I8e7c719a9f1c38f151eb7e59ec222849eb2e28f9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144403
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
diff --git a/hwpfilter/source/hbox.cxx b/hwpfilter/source/hbox.cxx
index ea8d46e5f59e..c5a10fb36a7d 100644
--- a/hwpfilter/source/hbox.cxx
+++ b/hwpfilter/source/hbox.cxx
@@ -614,7 +614,7 @@ OUString Outline::GetUnicode() const
{
char dest[80];
int l = 0;
- int i = level;
+ unsigned int i = level;
if( deco[i][0] ){
buffer[l++] = deco[i][0];
}
@@ -622,73 +622,76 @@ OUString Outline::GetUnicode() const
number has the value. ex) '1.2.1' has '1,2,1'
style has the value which starts from 1 according to the definition in
hbox.h
*/
- switch( user_shape[i] )
+ if (i < std::size(user_shape))
{
- case 0:
- buffer[l++] = '1' + number[i] - 1;
- break;
- case 1: /* Uppercase Roman */
- case 2: /* Lowercase Roman */
- num2roman(number[i], dest);
- if( user_shape[i] == 1 ){
- char *ptr = dest;
- while( *ptr )
- {
- *ptr =
sal::static_int_cast<char>(rtl::toAsciiUpperCase(static_cast<unsigned
char>(*ptr)));
- ptr++;
+ switch( user_shape[i] )
+ {
+ case 0:
+ buffer[l++] = '1' + number[i] - 1;
+ break;
+ case 1: /* Uppercase Roman */
+ case 2: /* Lowercase Roman */
+ num2roman(number[i], dest);
+ if( user_shape[i] == 1 ){
+ char *ptr = dest;
+ while( *ptr )
+ {
+ *ptr =
sal::static_int_cast<char>(rtl::toAsciiUpperCase(static_cast<unsigned
char>(*ptr)));
+ ptr++;
+ }
}
+ str2hstr(dest, buffer + l);
+ l += strlen(dest);
+ break;
+ case 3:
+ buffer[l++] = 'A' + number[i] -1;
+ break;
+ case 4:
+ buffer[l++] = 'a' + number[i] -1;
+ break;
+ case 5:
+ buffer[l++] = olHanglJaso(number[i] -1,
OL_HANGL_KANATA);
+ break;
+ case 6:
+ buffer[l++] = olHanglJaso(number[i] -1,
OL_HANGL_JASO);
+ break;
+ case 7: /* Chinese numbers: the number represented
by the general */
+ buffer[l++] = '1' + number[i] -1;
+ break;
+ case 8: /* Circled numbers */
+ buffer[l++] = 0x2e00 + number[i];
+ break;
+ case 9: /* Circled lowercase alphabet */
+ buffer[l++] = 0x2c20 + number[i];
+ break;
+ case 10: /* Circled Korean Alphabet */
+ buffer[l++] = 0x2c50 + number[i] -1;
+ break;
+ case 11: /* Circled Korean Characters */
+ buffer[l++] = 0x2c40 + number[i] -1;
+ break;
+ case 12: /* Sequenced numbers. */
+ {
+ char cur_num_str[10],buf[80];
+ int j;
+ buf[0] = 0;
+ for (j = 0; j <= level; j++)
+ {
+ levelnum = ((number[j] < 1) ? 1 :
number[j]);
+ if ((j && j == level) || (j == level &&
deco[i][1]))
+ sprintf(cur_num_str, "%d%c",
levelnum, 0);
+ else
+ sprintf(cur_num_str, "%d%c",
levelnum, '.');
+ strcat(buf, cur_num_str);
+ }
+ str2hstr(buf, buffer + l);
+ l += strlen(buf);
+ break;
}
- str2hstr(dest, buffer + l);
- l += strlen(dest);
- break;
- case 3:
- buffer[l++] = 'A' + number[i] -1;
- break;
- case 4:
- buffer[l++] = 'a' + number[i] -1;
- break;
- case 5:
- buffer[l++] = olHanglJaso(number[i] -1,
OL_HANGL_KANATA);
- break;
- case 6:
- buffer[l++] = olHanglJaso(number[i] -1,
OL_HANGL_JASO);
- break;
- case 7: /* Chinese numbers: the number represented by
the general */
- buffer[l++] = '1' + number[i] -1;
- break;
- case 8: /* Circled numbers */
- buffer[l++] = 0x2e00 + number[i];
- break;
- case 9: /* Circled lowercase alphabet */
- buffer[l++] = 0x2c20 + number[i];
- break;
- case 10: /* Circled Korean Alphabet */
- buffer[l++] = 0x2c50 + number[i] -1;
- break;
- case 11: /* Circled Korean Characters */
- buffer[l++] = 0x2c40 + number[i] -1;
- break;
- case 12: /* Sequenced numbers. */
- {
- char cur_num_str[10],buf[80];
- int j;
- buf[0] = 0;
- for (j = 0; j <= level; j++)
- {
- levelnum = ((number[j] < 1) ? 1 : number[j]);
- if ((j && j == level) || (j == level &&
deco[i][1]))
- sprintf(cur_num_str, "%d%c", levelnum,
0);
- else
- sprintf(cur_num_str, "%d%c", levelnum,
'.');
- strcat(buf, cur_num_str);
- }
- str2hstr(buf, buffer + l);
- l += strlen(buf);
- break;
+ default:
+ buffer[l++] = user_shape[i];
+ break;
}
- default:
- buffer[l++] = user_shape[i];
- break;
}
if( deco[i][1] ){
buffer[l++] = deco[i][1];
