From 2bf894e91adf8783baaabc2203f7e97c4b8f3ca7 Mon Sep 17 00:00:00 2001 From: Mike Kaganski Date: Sat, 4 Nov 2023 17:53:47 +0300 Subject: External data must be checked when parsed Change-Id: I8bc5afb29fe22a4b06462a7c61b689c88c41003f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158938 Tested-by: Jenkins Reviewed-by: Mike Kaganski --- desktop/source/lib/init.cxx | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx index 92628177cb66..71eeabcbc380 100644 --- a/desktop/source/lib/init.cxx +++ b/desktop/source/lib/init.cxx @@ -542,34 +542,38 @@ RectangleAndPart RectangleAndPart::Create(const OString& rPayload) const char* pos = rPayload.getStr(); const char* end = rPayload.getStr() + rPayload.getLength(); tools::Long nLeft = rtl_str_toInt64_WithLength(pos, 10, end - pos); - while( *pos != ',' ) + while (pos < end && *pos != ',') + ++pos; + if (pos < end) ++pos; - ++pos; assert(pos < end); tools::Long nTop = rtl_str_toInt64_WithLength(pos, 10, end - pos); - while( *pos != ',' ) + while (pos < end && *pos != ',') + ++pos; + if (pos < end) ++pos; - ++pos; assert(pos < end); tools::Long nWidth = rtl_str_toInt64_WithLength(pos, 10, end - pos); - while( *pos != ',' ) + while (pos < end && *pos != ',') + ++pos; + if (pos < end) ++pos; - ++pos; assert(pos < end); tools::Long nHeight = rtl_str_toInt64_WithLength(pos, 10, end - pos); tools::Long nPart = INT_MIN; tools::Long nMode = 0; if (comphelper::LibreOfficeKit::isPartInInvalidation()) { - while( *pos != ',' ) + while (pos < end && *pos != ',') + ++pos; + if (pos < end) ++pos; - ++pos; assert(pos < end); nPart = rtl_str_toInt64_WithLength(pos, 10, end - pos); - while( *pos && *pos != ',' ) + while (pos < end && *pos != ',') ++pos; - if (*pos) + if (pos < end) { ++pos; assert(pos < end); -- cgit