diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2013-10-28 18:03:47 +0100 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2013-11-03 09:31:33 +0100 |
| commit | 60f1b154e680ba2d2945a9e9c1fddcc535d1b206 (patch) | |
| tree | 9c7d5e8820121876518c38660d9f6010e63b3486 | |
| parent | 16c945883e4f9ea35ece9bb52fc4fed3774388c6 (diff) | |
Do not access nextCellIndex (nor Text) past the end
At least for Winfried CppunitTest_sd_import_tests aborts with triggering the
assert in OUString::operator[] at (presumably past-the-end) index 18 from
com::sun::star::i18n::BreakIterator_th::makeIndex (this=0x2b775adf9440,
Text=..., nStartPos=18) at
i18npool/source/breakiterator/breakiterator_th.cxx:122
com::sun::star::i18n::BreakIterator_CTL::previousCharacters
(this=0x2b775adf9440, Text=..., nStartPos=18,
rLocale=..., nCharacterIteratorMode=1, nCount=1, nDone=@0x7fff9a84a8fc: 0) at
i18npool/source/breakiterator/breakiterator_ctl.cxx:62
com::sun::star::i18n::BreakIteratorImpl::previousCharacters
(this=0x2b775ae00a98, Text=..., nStartPos=18, rLocale=...,
nCharacterIteratorMode=1, nCount=1, nDone=@0x7fff9a84a8fc: 0) at
i18npool/source/breakiterator/breakiteratorImpl.cxx:65
ServerFontLayout::setNeedFallback (this=0xfba5d0, rArgs=..., nCharPos=17,
bRightToLeft=false) at vcl/generic/glyphs/gcach_layout.cxx:114
HbLayoutEngine::layout (this=0xfba670, rLayout=..., rArgs=...) at
vcl/generic/glyphs/gcach_layout.cxx:437
...
and from the preceding if block in BreakIterator_th::makeIndex it indeed looks
like the invariant is that nextCellIndex need not be larger than cellIndexSize
which needs not be larger than Text (ake cachedText) getLength().
Change-Id: Ib92a76020b2bb3902c5e58aa2e6c4e679e51b94a
(cherry picked from commit b2ad9eecf1cda725b1d7fcabd1ebd06895843d20)
Reviewed-on: https://gerrit.libreoffice.org/6467
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
| -rw-r--r-- | i18npool/source/breakiterator/breakiterator_th.cxx | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/i18npool/source/breakiterator/breakiterator_th.cxx b/i18npool/source/breakiterator/breakiterator_th.cxx index b5683d254a2f..74527f6a064a 100644 --- a/i18npool/source/breakiterator/breakiterator_th.cxx +++ b/i18npool/source/breakiterator/breakiterator_th.cxx @@ -119,7 +119,8 @@ void SAL_CALL BreakIterator_th::makeIndex(const OUString& Text, sal_Int32 nStart // reset nextCell for new Text memset(nextCellIndex, 0, cellIndexSize * sizeof(sal_Int32)); } - else if (nextCellIndex[nStartPos] > 0 || ! is_Thai(Text[nStartPos])) + else if (nStartPos >= Text.getLength() || nextCellIndex[nStartPos] > 0 + || !is_Thai(Text[nStartPos])) return; const sal_Unicode* str = cachedText.getStr(); |