Half-assed attempt at enforcing operator [] preconditions

...inspired by comments to <https://gerrit.libreoffice.org/#/c/3068/>
"String::AppendAscii cleanup in dbaccess," but it quickly becomes apparent that
lots of code rely on s[s.getLength()] == 0, so live with a weakened precondition
check for now.

Change-Id: Ifad96c706b14433df4a084ab8054b32433b8b5b6

2 files changed, 16 insertions, 2 deletions

diff --git a/sal/inc/rtl/string.hxx b/sal/inc/rtl/string.hxx
index f6cec59dc04e..f9eeda2d7799 100644
--- a/sal/inc/rtl/string.hxx
+++ b/sal/inc/rtl/string.hxx
@@ -388,7 +388,14 @@ public:
 
       @since LibreOffice 3.5
     */
-    sal_Char operator [](sal_Int32 index) const { return getStr()[index]; }
+    sal_Char operator [](sal_Int32 index) const {
+        assert(index >= 0 && index <= getLength());
+            //TODO: should really check for < getLength(), but there is quite
+            // some clever code out there that violates this function's
+            // documented precondition and relies on s[s.getLength()] == 0 and
+            // that would need to be fixed first
+        return getStr()[index];
+    }
 
     /**
       Compares two strings.
diff --git a/sal/inc/rtl/ustring.hxx b/sal/inc/rtl/ustring.hxx
index 768f5521303d..0af8b6d548ac 100644
--- a/sal/inc/rtl/ustring.hxx
+++ b/sal/inc/rtl/ustring.hxx
@@ -474,7 +474,14 @@ public:
 
       @since LibreOffice 3.5
     */
-    sal_Unicode operator [](sal_Int32 index) const { return getStr()[index]; }
+    sal_Unicode operator [](sal_Int32 index) const {
+        assert(index >= 0 && index <= getLength());
+            //TODO: should really check for < getLength(), but there is quite
+            // some clever code out there that violates this function's
+            // documented precondition and relies on s[s.getLength()] == 0 and
+            // that would need to be fixed first
+        return getStr()[index];
+    }
 
     /**
       Compares two strings.