sc/source/core/tool/reffind.cxx | 5 +++++
1 file changed, 5 insertions(+)
New commits:
commit 232b93e7f0e0ca90b54fe96d2c1adc5766d6706c
Author: Kohei Yoshida <kohei.yosh...@gmail.com>
Date: Tue Feb 5 15:23:44 2013 -0500
fdo#39135: Prevent integer overflow & update the character during loop.
These two errors in the code contributed to the reported bug. Let's
fix them.
Change-Id: If82a1bd4d1e27145b48e722b30388cc9dc4a8a6e
Reviewed-on: https://gerrit.libreoffice.org/2007
Reviewed-by: Eike Rathke <er...@redhat.com>
Tested-by: Eike Rathke <er...@redhat.com>
diff --git a/sc/source/core/tool/reffind.cxx b/sc/source/core/tool/reffind.cxx
index 2fe76fc..c4621f0 100644
--- a/sc/source/core/tool/reffind.cxx
+++ b/sc/source/core/tool/reffind.cxx
@@ -155,15 +155,20 @@ void ExpandToTextR1C1(const sal_Unicode* p, xub_StrLen
nLen, xub_StrLen& rStartP
if (c == '\'')
break;
}
+ if (rStartPos == 0)
+ break;
}
else if (c == ']')
{
// Skip until the opening braket.
for (--rStartPos; rStartPos > 0; --rStartPos)
{
+ c = p[rStartPos];
if (c == '[')
break;
}
+ if (rStartPos == 0)
+ break;
}
else if (!IsText(c))
{
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
