diff options
author | Caolán McNamara <caolan.mcnamara@collabora.com> | 2024-03-23 15:19:04 +0000 |
---|---|---|
committer | Michael Stahl <michael.stahl@allotropia.de> | 2024-06-27 18:23:10 +0200 |
commit | e6bc1729d93f5e657229eca96e18fc9aa6445fe6 (patch) | |
tree | 447d4f747ab43f8a4ffe92a64ef3a42bfbf90ea0 | |
parent | 0ad97420088544673b22d81c88157e54e67081ab (diff) |
ofz#67577 Integer-overflow
Change-Id: I3828bb76ab7808ac0717b33c231927730216b42b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165216
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
(cherry picked from commit 035f87f7ed8775c30c6f84d7d02bc72a66182c63)
-rw-r--r-- | sc/source/filter/html/htmlpars.cxx | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/sc/source/filter/html/htmlpars.cxx b/sc/source/filter/html/htmlpars.cxx index 57c06fc23dd0..1de06c9694b8 100644 --- a/sc/source/filter/html/htmlpars.cxx +++ b/sc/source/filter/html/htmlpars.cxx @@ -50,6 +50,7 @@ #include <osl/diagnose.h> #include <rtl/tencinfo.h> +#include <o3tl/safeint.hxx> #include <htmlpars.hxx> #include <global.hxx> @@ -434,8 +435,20 @@ void ScHTMLLayoutParser::SkipLocked( ScEEParseEntry* pE, bool bJoin ) { // Or else this would create a wrong value at ScAddress (chance for an infinite loop)! bool bBadCol = false; bool bAgain; - ScRange aRange( pE->nCol, pE->nRow, 0, - pE->nCol + pE->nColOverlap - 1, pE->nRow + pE->nRowOverlap - 1, 0 ); + + SCCOL nEndCol(0); + SCROW nEndRow(0); + bool bFail = o3tl::checked_add<SCCOL>(pE->nCol, pE->nColOverlap - 1, nEndCol) || + o3tl::checked_add<SCROW>(pE->nRow, pE->nRowOverlap - 1, nEndRow); + + if (bFail) + { + SAL_WARN("sc", "invalid range: " << pE->nCol << " " << pE->nColOverlap << + " " << pE->nRow << " " << pE->nRowOverlap); + return; + } + + ScRange aRange(pE->nCol, pE->nRow, 0, nEndCol, nEndRow, 0); do { bAgain = false; |