sc/source/core/tool/address.cxx | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
New commits:
commit be7813b880def3aaea9ae00664067b9946235b59
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri May 10 11:02:21 2024 +0100
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Fri May 10 14:48:37 2024 +0200
ofz#68874 avoid Integer-overflow
rather than detect it after the fact to keep ubsan happy
Change-Id: I1336f7a23fa7170b754b818c1ec42ca85f5c27d2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167445
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
diff --git a/sc/source/core/tool/address.cxx b/sc/source/core/tool/address.cxx
index b976443fc649..c419d9f3a312 100644
--- a/sc/source/core/tool/address.cxx
+++ b/sc/source/core/tool/address.cxx
@@ -136,7 +136,7 @@ const sal_Unicode* parseQuotedName( const sal_Unicode* p,
OUString& rName )
static sal_Int64 sal_Unicode_strtol ( const sal_Unicode* p, const
sal_Unicode** pEnd )
{
- sal_Int64 accum = 0, prev = 0;
+ sal_Int64 accum = 0;
bool is_neg = false;
if( *p == '-' )
@@ -147,15 +147,20 @@ static sal_Int64 sal_Unicode_strtol ( const sal_Unicode*
p, const sal_Unicode**
else if( *p == '+' )
p++;
+ const sal_Int64 cutoff = is_neg ? -(std::numeric_limits<sal_Int64>::min()
/ 10)
+ : std::numeric_limits<sal_Int64>::max() /
10;
+ const sal_Int64 cutlim = is_neg ? -(std::numeric_limits<sal_Int64>::min()
% 10)
+ : std::numeric_limits<sal_Int64>::max() %
10;
+
while (rtl::isAsciiDigit( *p ))
{
- accum = accum * 10 + *p - '0';
- if( accum < prev )
+ int val = *p - '0';
+ if (accum > cutoff || (accum == cutoff && val > cutlim))
{
*pEnd = nullptr;
return 0;
}
- prev = accum;
+ accum = accum * 10 + val;
p++;
}
