diff options
| author | Julien Nabet <serval2412@yahoo.fr> | 2021-06-30 22:55:46 +0200 |
|---|---|---|
| committer | Xisco Fauli <xiscofauli@libreoffice.org> | 2021-07-01 16:06:12 +0200 |
| commit | 89e19634a775d53ea855db8767113f3ab08a3479 (patch) | |
| tree | eafee506a17cca6e13eaf6dcb8494f37d6c9275f /basic | |
| parent | 306ff415cb19b1a3f01a6deda0f5f0d41c60594a (diff) | |
tdf#143081: fix Basic Replace() function crashes LO
0x00007f19c0aa6e57 in rtl::OUStringBuffer::append(char16_t const*, int) (this=0x7fff100d0748, str=0x6f6f46a u"晦饖香©", len=-1) at include/rtl/ustrbuf.hxx:659
0x00007f19c0c3c8a8 in SbRtl_Replace(StarBASIC*, SbxArray&, bool) (rPar=...) at basic/source/runtime/methods.cxx:1321
see bt here:
https://bugs.documentfoundation.org/attachment.cgi?id=173298
Calling xCharClass->toUpper may change words, eg: "Straße" becomes "Strasse"
so the length of the word increases.
In brief, we want to use the length of aSrcStr not aExpStr
Change-Id: Ia291d47a2021efc7dd9162ca5cc72b7940fdd71e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118202
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
(cherry picked from commit 4a0b40f1be9f6773c8ebc5331c257911a76a5cee)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118178
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
Diffstat (limited to 'basic')
| -rw-r--r-- | basic/source/runtime/methods.cxx | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/basic/source/runtime/methods.cxx b/basic/source/runtime/methods.cxx index fce05bf3e4d1..7cd9b4716141 100644 --- a/basic/source/runtime/methods.cxx +++ b/basic/source/runtime/methods.cxx @@ -1285,8 +1285,6 @@ void SbRtl_Replace(StarBASIC *, SbxArray & rPar, bool) const OUString aExpStr = rPar.Get(1)->GetOUString(); OUString aFindStr = rPar.Get(2)->GetOUString(); const OUString aReplaceStr = rPar.Get(3)->GetOUString(); - const sal_Int32 nExpStrLen = aExpStr.getLength(); - const sal_Int32 nFindStrLen = aFindStr.getLength(); OUString aSrcStr(aExpStr); if (bCaseInsensitive) @@ -1298,10 +1296,12 @@ void SbRtl_Replace(StarBASIC *, SbxArray & rPar, bool) aSrcStr = xCharClass->toUpper(aSrcStr, 0, aSrcStr.getLength(), rLocale); aFindStr = xCharClass->toUpper(aFindStr, 0, aFindStr.getLength(), rLocale); } + const sal_Int32 nSrcStrLen = aSrcStr.getLength(); + const sal_Int32 nFindStrLen = aFindStr.getLength(); // Note: the result starts from lStartPos, removing everything to the left. See i#94895. - sal_Int32 nPrevPos = std::min(lStartPos - 1, nExpStrLen); - OUStringBuffer sResult(nExpStrLen - nPrevPos); + sal_Int32 nPrevPos = std::min(lStartPos - 1, nSrcStrLen); + OUStringBuffer sResult(nSrcStrLen - nPrevPos); sal_Int32 nCounts = 0; while (lCount == -1 || lCount > nCounts) { @@ -1318,7 +1318,7 @@ void SbRtl_Replace(StarBASIC *, SbxArray & rPar, bool) break; } } - sResult.append(aExpStr.getStr() + nPrevPos, nExpStrLen - nPrevPos); + sResult.append(aExpStr.getStr() + nPrevPos, nSrcStrLen - nPrevPos); rPar.Get(0)->PutString(sResult.makeStringAndClear()); } |