Half-assed attempt at enforcing operator [] preconditions

...inspired by comments to <https://gerrit.libreoffice.org/#/c/3068/> "String::AppendAscii cleanup in dbaccess," but it quickly becomes apparent that lots of code rely on s[s.getLength()] == 0, so live with a weakened precondition check for now. Change-Id: Ifad96c706b14433df4a084ab8054b32433b8b5b6
author: Stephan Bergmann <sbergman@redhat.com> 2013-03-28 13:06:36 +0100
committer: Stephan Bergmann <sbergman@redhat.com> 2013-03-28 13:30:41 +0100
commit: 7eaf1e93889568b6cd9f721b42a3fd4bbe59f8b6 (patch)
tree: 6618876ad976f6701e1a3915ce071ab95b78872f
parent: 4fb6281270302e26664c2aa09e63b6838dc67d87 (diff)
3 files changed, 20 insertions, 4 deletions
diff --git a/l10ntools/source/lngmerge.cxx b/l10ntools/source/lngmerge.cxx
index 052f9705ab1e..364087d4e9e3 100644
--- a/l10ntools/source/lngmerge.cxx
+++ b/l10ntools/source/lngmerge.cxx
@@ -194,7 +194,8 @@ sal_Bool LngParser::Merge(
     {
         rtl::OString sLine( *(*pLines)[ nPos ] );
         sLine = sLine.trim();
-        if (( sLine[0] == '[' ) &&
+        if (!sLine.isEmpty() &&
+            ( sLine[0] == '[' ) &&
             ( sLine[sLine.getLength() - 1] == ']' ))
         {
             sGroup = getBracketedContent(sLine).trim();
@@ -220,7 +221,8 @@ sal_Bool LngParser::Merge(
         {
             rtl::OString sLine( *(*pLines)[ nPos ] );
             sLine = sLine.trim();
-            if (( sLine[0] == '[' ) &&
+            if (!sLine.isEmpty() &&
+                ( sLine[0] == '[' ) &&
                 ( sLine[sLine.getLength() - 1] == ']' ))
             {
                 sGroup = getBracketedContent(sLine).trim();
diff --git a/sal/inc/rtl/string.hxx b/sal/inc/rtl/string.hxx
index f6cec59dc04e..f9eeda2d7799 100644
--- a/sal/inc/rtl/string.hxx
+++ b/sal/inc/rtl/string.hxx
@@ -388,7 +388,14 @@ public:
 
       @since LibreOffice 3.5
     */
-    sal_Char operator [](sal_Int32 index) const { return getStr()[index]; }
+    sal_Char operator [](sal_Int32 index) const {
+        assert(index >= 0 && index <= getLength());
+            //TODO: should really check for < getLength(), but there is quite
+            // some clever code out there that violates this function's
+            // documented precondition and relies on s[s.getLength()] == 0 and
+            // that would need to be fixed first
+        return getStr()[index];
+    }
 
     /**
       Compares two strings.
diff --git a/sal/inc/rtl/ustring.hxx b/sal/inc/rtl/ustring.hxx
index 768f5521303d..0af8b6d548ac 100644
--- a/sal/inc/rtl/ustring.hxx
+++ b/sal/inc/rtl/ustring.hxx
@@ -474,7 +474,14 @@ public:
 
       @since LibreOffice 3.5
     */
-    sal_Unicode operator [](sal_Int32 index) const { return getStr()[index]; }
+    sal_Unicode operator [](sal_Int32 index) const {
+        assert(index >= 0 && index <= getLength());
+            //TODO: should really check for < getLength(), but there is quite
+            // some clever code out there that violates this function's
+            // documented precondition and relies on s[s.getLength()] == 0 and
+            // that would need to be fixed first
+        return getStr()[index];
+    }
 
     /**
       Compares two strings.
author	Stephan Bergmann <sbergman@redhat.com>	2013-03-28 13:06:36 +0100
committer	Stephan Bergmann <sbergman@redhat.com>	2013-03-28 13:30:41 +0100
commit	7eaf1e93889568b6cd9f721b42a3fd4bbe59f8b6 (patch)
tree	6618876ad976f6701e1a3915ce071ab95b78872f
parent	4fb6281270302e26664c2aa09e63b6838dc67d87 (diff)