desktop/source/lib/init.cxx | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
New commits:
commit 2bf894e91adf8783baaabc2203f7e97c4b8f3ca7
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Sat Nov 4 17:53:47 2023 +0300
Commit: Mike Kaganski <mike.kagan...@collabora.com>
CommitDate: Sat Nov 4 20:06:26 2023 +0100
External data must be checked when parsed
Change-Id: I8bc5afb29fe22a4b06462a7c61b689c88c41003f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158938
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx
index 92628177cb66..71eeabcbc380 100644
--- a/desktop/source/lib/init.cxx
+++ b/desktop/source/lib/init.cxx
@@ -542,34 +542,38 @@ RectangleAndPart RectangleAndPart::Create(const OString&
rPayload)
const char* pos = rPayload.getStr();
const char* end = rPayload.getStr() + rPayload.getLength();
tools::Long nLeft = rtl_str_toInt64_WithLength(pos, 10, end - pos);
- while( *pos != ',' )
+ while (pos < end && *pos != ',')
+ ++pos;
+ if (pos < end)
++pos;
- ++pos;
assert(pos < end);
tools::Long nTop = rtl_str_toInt64_WithLength(pos, 10, end - pos);
- while( *pos != ',' )
+ while (pos < end && *pos != ',')
+ ++pos;
+ if (pos < end)
++pos;
- ++pos;
assert(pos < end);
tools::Long nWidth = rtl_str_toInt64_WithLength(pos, 10, end - pos);
- while( *pos != ',' )
+ while (pos < end && *pos != ',')
+ ++pos;
+ if (pos < end)
++pos;
- ++pos;
assert(pos < end);
tools::Long nHeight = rtl_str_toInt64_WithLength(pos, 10, end - pos);
tools::Long nPart = INT_MIN;
tools::Long nMode = 0;
if (comphelper::LibreOfficeKit::isPartInInvalidation())
{
- while( *pos != ',' )
+ while (pos < end && *pos != ',')
+ ++pos;
+ if (pos < end)
++pos;
- ++pos;
assert(pos < end);
nPart = rtl_str_toInt64_WithLength(pos, 10, end - pos);
- while( *pos && *pos != ',' )
+ while (pos < end && *pos != ',')
++pos;
- if (*pos)
+ if (pos < end)
{
++pos;
assert(pos < end);
