From ad9d70e73394b1d0d2c1e1e4584c8bc6f3a5d8b3 Mon Sep 17 00:00:00 2001 From: Stephan Bergmann <sbergman@redhat.com> Date: Thu, 25 Jan 2018 11:31:45 +0100 Subject: Fix Index::getIndexWeight for empty input ...which triggers the assertion `index >= 0 && static_cast<sal_uInt32>(index) < static_cast<sal_uInt32>(getLength())' in rtl::OUString::operator[] at include/rtl/ustring.hxx:669 (see below for a reproducer). I am not sure whether the case of `startPos == rIndexEntry.getLength()` should really go into the following for loop inspecting `tables`, with a somewhat random `code` of U+0000 (or some other value even?), or should rather be handled explicitly in some other way. Reproducer in an empty Writer document: "Insert - Table of Contents and Index - Bibliography Entry...": "Insert Bibliography Entry" dialog: "ARJ00", "Insert", "AVV00", "Insert", "Close"; "Insert - Table of Contents and Index - Table of Contents, Index or Bibliography...": "Table of Contents, Index or Bibliography" dialog: "Type - Type and Title - Type: Bibliography", "Entries - Sort by - Content", "Entries - Sort Keys - 1: Address", "OK": assert fires Change-Id: I2c9fad2c37bfa7a3509c197e678311fb45cb991a Reviewed-on: https://gerrit.libreoffice.org/48564 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Eike Rathke <erack@redhat.com> --- i18npool/source/indexentry/indexentrysupplier_default.cxx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/i18npool/source/indexentry/indexentrysupplier_default.cxx b/i18npool/source/indexentry/indexentrysupplier_default.cxx index 40e06987fbb0..85533ae37e4c 100644 --- a/i18npool/source/indexentry/indexentrysupplier_default.cxx +++ b/i18npool/source/indexentry/indexentrysupplier_default.cxx @@ -138,7 +138,7 @@ sal_Int16 Index::getIndexWeight(const OUString& rIndexEntry) return mkeys[i]; } } - sal_Unicode code = rIndexEntry[startPos]; + sal_Unicode code = startPos < rIndexEntry.getLength() ? rIndexEntry[startPos] : 0; for (sal_Int16 i = 0; i < table_count; i++) { if (tables[i].start <= code && code <= tables[i].end) return tables[i].table[code-tables[i].start]; -- cgit