diff options
author | Eike Rathke <erack@redhat.com> | 2014-08-18 14:09:20 +0200 |
---|---|---|
committer | David Tardon <dtardon@redhat.com> | 2014-08-18 12:37:54 -0500 |
commit | f3e7a49e2c7ea235b724c157f8d05a23c675913a (patch) | |
tree | 965c5a7cdda77b6f7da1bc4594687e588daff094 /svl | |
parent | d2e69f454a30e64acb04f88a5d753169dbfc5259 (diff) |
prevent out-of-bounds string access
... while entering a * star symbol format code and there's no fill
character following the * yet, for example "xxx"*
(cherry picked from commit 839cc63e7d1b78c56e04bafb46037e898ce2c455)
more out-of-bounds string accesses
(cherry picked from commit 349c93e0f5c9f231b2ff6854fcb795ca5881ca2d)
Change-Id: I006f125ceefccba6a95ea033fd434d98e5d4f1c2
Reviewed-on: https://gerrit.libreoffice.org/10994
Reviewed-by: David Tardon <dtardon@redhat.com>
Tested-by: David Tardon <dtardon@redhat.com>
Diffstat (limited to 'svl')
-rw-r--r-- | svl/source/numbers/zformat.cxx | 56 |
1 files changed, 32 insertions, 24 deletions
diff --git a/svl/source/numbers/zformat.cxx b/svl/source/numbers/zformat.cxx index ef94a236ec93..a48c0293df1d 100644 --- a/svl/source/numbers/zformat.cxx +++ b/svl/source/numbers/zformat.cxx @@ -2241,6 +2241,30 @@ short SvNumberformat::ImpCheckCondition(double& fNumber, } } +static bool lcl_appendStarFillChar( OUStringBuffer& rBuf, const OUString& rStr ) +{ + // Right during user input the star symbol is the very + // last character before the user enters another one. + if (rStr.getLength() > 1) + { + rBuf.append((sal_Unicode) 0x1B); + rBuf.append(rStr[1]); + return true; + } + return false; +} + +static bool lcl_insertStarFillChar( OUStringBuffer& rBuf, sal_Int32 nPos, const OUString& rStr ) +{ + if (rStr.getLength() > 1) + { + rBuf.insert( nPos, rStr[1]); + rBuf.insert( nPos, (sal_Unicode) 0x1B); + return true; + } + return false; +} + bool SvNumberformat::GetOutputString(const OUString& sString, OUString& OutString, Color** ppColor) @@ -2273,9 +2297,7 @@ bool SvNumberformat::GetOutputString(const OUString& sString, case NF_SYMBOLTYPE_STAR: if( bStarFlag ) { - sOutBuff.append((sal_Unicode) 0x1B); - sOutBuff.append(rInfo.sStrArray[i][1]); - bRes = true; + bRes = lcl_appendStarFillChar( sOutBuff, rInfo.sStrArray[i]); } break; case NF_SYMBOLTYPE_BLANK: @@ -2588,9 +2610,7 @@ bool SvNumberformat::GetOutputString(double fNumber, case NF_SYMBOLTYPE_STAR: if( bStarFlag ) { - sBuff.append((sal_Unicode) 0x1B); - sBuff.append(rInfo.sStrArray[i][1]); - bRes = true; + bRes = lcl_appendStarFillChar( sBuff, rInfo.sStrArray[i]); } break; case NF_SYMBOLTYPE_BLANK: @@ -3214,9 +3234,7 @@ bool SvNumberformat::ImpGetTimeOutput(double fNumber, case NF_SYMBOLTYPE_STAR: if( bStarFlag ) { - sBuff.append((sal_Unicode)0x1B); - sBuff.append(rInfo.sStrArray[i][1]); - bRes = true; + bRes = lcl_appendStarFillChar( sBuff, rInfo.sStrArray[i]); } break; case NF_SYMBOLTYPE_BLANK: @@ -3712,9 +3730,7 @@ bool SvNumberformat::ImpGetDateOutput(double fNumber, case NF_SYMBOLTYPE_STAR: if( bStarFlag ) { - sBuff.append((sal_Unicode) 0x1B); - sBuff.append(rInfo.sStrArray[i][1]); - bRes = true; + bRes = lcl_appendStarFillChar( sBuff, rInfo.sStrArray[i]); } break; case NF_SYMBOLTYPE_BLANK: @@ -4007,9 +4023,7 @@ bool SvNumberformat::ImpGetDateTimeOutput(double fNumber, case NF_SYMBOLTYPE_STAR: if( bStarFlag ) { - sBuff.append((sal_Unicode) 0x1B); - sBuff.append(rInfo.sStrArray[i][1]); - bRes = true; + bRes = lcl_appendStarFillChar( sBuff, rInfo.sStrArray[i]); } break; case NF_SYMBOLTYPE_BLANK: @@ -4340,9 +4354,7 @@ bool SvNumberformat::ImpGetNumberOutput(double fNumber, case NF_SYMBOLTYPE_STAR: if( bStarFlag ) { - sStr.insert(k, rInfo.sStrArray[j][1]); - sStr.insert(k, (sal_Unicode) 0x1B); - bRes = true; + bRes = lcl_insertStarFillChar( sStr, k, rInfo.sStrArray[j]); } break; case NF_SYMBOLTYPE_BLANK: @@ -4475,9 +4487,7 @@ bool SvNumberformat::ImpNumberFillWithThousands( OUStringBuffer& sBuff, // numb case NF_SYMBOLTYPE_STAR: if( bStarFlag ) { - sBuff.insert(k, rInfo.sStrArray[j][1]); - sBuff.insert(k, (sal_Unicode) 0x1B); - bRes = true; + bRes = lcl_insertStarFillChar( sBuff, k, rInfo.sStrArray[j]); } break; case NF_SYMBOLTYPE_BLANK: @@ -4651,9 +4661,7 @@ bool SvNumberformat::ImpNumberFill( OUStringBuffer& sBuff, // number string case NF_SYMBOLTYPE_STAR: if( bStarFlag ) { - sBuff.insert(k, rInfo.sStrArray[j][1]); - sBuff.insert(k, sal_Unicode(0x1B)); - bRes = true; + bRes = lcl_insertStarFillChar( sBuff, k, rInfo.sStrArray[j]); } break; case NF_SYMBOLTYPE_BLANK: |