From 7eaf1e93889568b6cd9f721b42a3fd4bbe59f8b6 Mon Sep 17 00:00:00 2001
From: Stephan Bergmann <sbergman@redhat.com>
Date: Thu, 28 Mar 2013 13:06:36 +0100
Subject: Half-assed attempt at enforcing operator [] preconditions

...inspired by comments to <https://gerrit.libreoffice.org/#/c/3068/>
"String::AppendAscii cleanup in dbaccess," but it quickly becomes apparent that
lots of code rely on s[s.getLength()] == 0, so live with a weakened precondition
check for now.

Change-Id: Ifad96c706b14433df4a084ab8054b32433b8b5b6
---
 l10ntools/source/lngmerge.cxx | 6 ++++--
 sal/inc/rtl/string.hxx        | 9 ++++++++-
 sal/inc/rtl/ustring.hxx       | 9 ++++++++-
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/l10ntools/source/lngmerge.cxx b/l10ntools/source/lngmerge.cxx
index 052f9705ab1e..364087d4e9e3 100644
--- a/l10ntools/source/lngmerge.cxx
+++ b/l10ntools/source/lngmerge.cxx
@@ -194,7 +194,8 @@ sal_Bool LngParser::Merge(
     {
         rtl::OString sLine( *(*pLines)[ nPos ] );
         sLine = sLine.trim();
-        if (( sLine[0] == '[' ) &&
+        if (!sLine.isEmpty() &&
+            ( sLine[0] == '[' ) &&
             ( sLine[sLine.getLength() - 1] == ']' ))
         {
             sGroup = getBracketedContent(sLine).trim();
@@ -220,7 +221,8 @@ sal_Bool LngParser::Merge(
         {
             rtl::OString sLine( *(*pLines)[ nPos ] );
             sLine = sLine.trim();
-            if (( sLine[0] == '[' ) &&
+            if (!sLine.isEmpty() &&
+                ( sLine[0] == '[' ) &&
                 ( sLine[sLine.getLength() - 1] == ']' ))
             {
                 sGroup = getBracketedContent(sLine).trim();
diff --git a/sal/inc/rtl/string.hxx b/sal/inc/rtl/string.hxx
index f6cec59dc04e..f9eeda2d7799 100644
--- a/sal/inc/rtl/string.hxx
+++ b/sal/inc/rtl/string.hxx
@@ -388,7 +388,14 @@ public:
 
       @since LibreOffice 3.5
     */
-    sal_Char operator [](sal_Int32 index) const { return getStr()[index]; }
+    sal_Char operator [](sal_Int32 index) const {
+        assert(index >= 0 && index <= getLength());
+            //TODO: should really check for < getLength(), but there is quite
+            // some clever code out there that violates this function's
+            // documented precondition and relies on s[s.getLength()] == 0 and
+            // that would need to be fixed first
+        return getStr()[index];
+    }
 
     /**
       Compares two strings.
diff --git a/sal/inc/rtl/ustring.hxx b/sal/inc/rtl/ustring.hxx
index 768f5521303d..0af8b6d548ac 100644
--- a/sal/inc/rtl/ustring.hxx
+++ b/sal/inc/rtl/ustring.hxx
@@ -474,7 +474,14 @@ public:
 
       @since LibreOffice 3.5
     */
-    sal_Unicode operator [](sal_Int32 index) const { return getStr()[index]; }
+    sal_Unicode operator [](sal_Int32 index) const {
+        assert(index >= 0 && index <= getLength());
+            //TODO: should really check for < getLength(), but there is quite
+            // some clever code out there that violates this function's
+            // documented precondition and relies on s[s.getLength()] == 0 and
+            // that would need to be fixed first
+        return getStr()[index];
+    }
 
     /**
       Compares two strings.
-- 
cgit