From ad9d70e73394b1d0d2c1e1e4584c8bc6f3a5d8b3 Mon Sep 17 00:00:00 2001
From: Stephan Bergmann <sbergman@redhat.com>
Date: Thu, 25 Jan 2018 11:31:45 +0100
Subject: Fix Index::getIndexWeight for empty input

...which triggers the assertion `index >= 0 && static_cast<sal_uInt32>(index) <
static_cast<sal_uInt32>(getLength())' in rtl::OUString::operator[] at
include/rtl/ustring.hxx:669 (see below for a reproducer).

I am not sure whether the case of `startPos == rIndexEntry.getLength()` should
really go into the following for loop inspecting `tables`, with a somewhat
random `code` of U+0000 (or some other value even?), or should rather be handled
explicitly in some other way.

Reproducer in an empty Writer document: "Insert - Table of Contents and Index -
Bibliography Entry...": "Insert Bibliography Entry" dialog: "ARJ00", "Insert",
"AVV00", "Insert", "Close"; "Insert - Table of Contents and Index - Table of
Contents, Index or Bibliography...": "Table of Contents, Index or Bibliography"
dialog: "Type - Type and Title - Type: Bibliography", "Entries - Sort by -
Content", "Entries - Sort Keys - 1: Address", "OK": assert fires

Change-Id: I2c9fad2c37bfa7a3509c197e678311fb45cb991a
Reviewed-on: https://gerrit.libreoffice.org/48564
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Eike Rathke <erack@redhat.com>
---
 i18npool/source/indexentry/indexentrysupplier_default.cxx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/i18npool/source/indexentry/indexentrysupplier_default.cxx b/i18npool/source/indexentry/indexentrysupplier_default.cxx
index 40e06987fbb0..85533ae37e4c 100644
--- a/i18npool/source/indexentry/indexentrysupplier_default.cxx
+++ b/i18npool/source/indexentry/indexentrysupplier_default.cxx
@@ -138,7 +138,7 @@ sal_Int16 Index::getIndexWeight(const OUString& rIndexEntry)
                 return mkeys[i];
         }
     }
-    sal_Unicode code = rIndexEntry[startPos];
+    sal_Unicode code = startPos < rIndexEntry.getLength() ? rIndexEntry[startPos] : 0;
     for (sal_Int16 i = 0; i < table_count; i++) {
         if (tables[i].start <= code && code <= tables[i].end)
             return tables[i].table[code-tables[i].start];
-- 
cgit