summaryrefslogtreecommitdiff
path: root/sw
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2017-11-01 11:23:35 +0000
committerCaolán McNamara <caolanm@redhat.com>2017-11-01 20:25:59 +0100
commit0b70e6b93b8cb2169fa372b555ae0c6b43a4ce43 (patch)
treed60e4e08828413b4dcf5ec98a3d9f3ae00a993a2 /sw
parentc4bac94488774c0d8b114075ee47307c96d017c2 (diff)
ofz#3945 Integer-overflow
Change-Id: I3cc8e91078289860d27ee77be3c24eabeb136909 Reviewed-on: https://gerrit.libreoffice.org/44163 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'sw')
-rw-r--r--sw/source/filter/ww8/ww8scan.cxx19
1 files changed, 17 insertions, 2 deletions
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index e07b12129518..3134c3bc2ed1 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -3382,8 +3382,23 @@ void WW8PLCFx_Cp_FKP::GetSprms(WW8PLCFxDesc* p)
if (nOldEndPos <= nLimitFC)
{
- p->nEndPos = nCpEnd -
- (nLimitFC-nOldEndPos) / (bIsUnicode ? 2 : 1);
+ bFail = o3tl::checked_sub(nLimitFC, nOldEndPos, nCpLen);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ pPieceIter->SetIdx(nOldPos);
+ return;
+ }
+
+ nCpLen /= (bIsUnicode ? 2 : 1);
+
+ bFail = o3tl::checked_sub(nCpEnd, nCpLen, p->nEndPos);
+ if (bFail)
+ {
+ SAL_WARN("sw.ww8", "broken offset, ignoring");
+ pPieceIter->SetIdx(nOldPos);
+ return;
+ }
}
else
{
generated by cgit (git 2.34.1) at 2025-02-25 11:24:39 +0000