From bde75c036f34ce970a90991acde80f0d16007af6 Mon Sep 17 00:00:00 2001 From: Mike Kaganski Date: Tue, 11 Aug 2020 18:11:10 +0300 Subject: tdf#135639: check the return value of GetDim32 ... to avoid crash accessing non-existing element of pChildItem->vIndices Change-Id: I248a9301abd69883f940051d9d9671298dcc8453 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100540 Tested-by: Jenkins Reviewed-by: Mike Kaganski Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100565 Reviewed-by: Xisco Fauli --- basctl/source/basicide/baside2b.cxx | 63 +++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 30 deletions(-) diff --git a/basctl/source/basicide/baside2b.cxx b/basctl/source/basicide/baside2b.cxx index a1efc0bcd93c..d5cf4efe259e 100644 --- a/basctl/source/basicide/baside2b.cxx +++ b/basctl/source/basicide/baside2b.cxx @@ -2128,43 +2128,46 @@ IMPL_LINK(WatchWindow, RequestingChildrenHdl, const weld::TreeIter&, rParent, bo int nParentLevel = bArrayIsRootArray ? pItem->nDimLevel : 0; int nThisLevel = nParentLevel + 1; sal_Int32 nMin, nMax; - pArray->GetDim32( nThisLevel, nMin, nMax ); - for( sal_Int32 i = nMin ; i <= nMax ; i++ ) + if (pArray->GetDim32(nThisLevel, nMin, nMax)) { - WatchItem* pChildItem = new WatchItem(pItem->maName); + for (sal_Int32 i = nMin; i <= nMax; i++) + { + WatchItem* pChildItem = new WatchItem(pItem->maName); - // Copy data and create name + // Copy data and create name - OUStringBuffer aIndexStr = "("; - pChildItem->mpArrayParentItem = pItem; - pChildItem->nDimLevel = nThisLevel; - pChildItem->nDimCount = pItem->nDimCount; - pChildItem->vIndices.resize(pChildItem->nDimCount); - sal_Int32 j; - for( j = 0 ; j < nParentLevel ; j++ ) - { - sal_Int32 n = pChildItem->vIndices[j] = pItem->vIndices[j]; - aIndexStr.append(OUString::number( n )).append(","); - } - pChildItem->vIndices[nParentLevel] = i; - aIndexStr.append(OUString::number( i )).append(")"); + OUStringBuffer aIndexStr = "("; + pChildItem->mpArrayParentItem = pItem; + pChildItem->nDimLevel = nThisLevel; + pChildItem->nDimCount = pItem->nDimCount; + pChildItem->vIndices.resize(pChildItem->nDimCount); + sal_Int32 j; + for (j = 0; j < nParentLevel; j++) + { + sal_Int32 n = pChildItem->vIndices[j] = pItem->vIndices[j]; + aIndexStr.append(OUString::number(n)).append(","); + } + pChildItem->vIndices[nParentLevel] = i; + aIndexStr.append(OUString::number(i)).append(")"); - OUString aDisplayName; - WatchItem* pArrayRootItem = pChildItem->GetRootItem(); - if( pArrayRootItem && pArrayRootItem->mpArrayParentItem ) - aDisplayName = pItem->maDisplayName; - else - aDisplayName = pItem->maName; - aDisplayName += aIndexStr; - pChildItem->maDisplayName = aDisplayName; + OUString aDisplayName; + WatchItem* pArrayRootItem = pChildItem->GetRootItem(); + if (pArrayRootItem && pArrayRootItem->mpArrayParentItem) + aDisplayName = pItem->maDisplayName; + else + aDisplayName = pItem->maName; + aDisplayName += aIndexStr; + pChildItem->maDisplayName = aDisplayName; - OUString sId(OUString::number(reinterpret_cast(pChildItem))); + OUString sId(OUString::number(reinterpret_cast(pChildItem))); - m_xTreeListBox->insert(&rParent, -1, &aDisplayName, &sId, nullptr, nullptr, nullptr, false, xRet.get()); - m_xTreeListBox->set_text(*xRet, "", 1); - m_xTreeListBox->set_text(*xRet, "", 2); + m_xTreeListBox->insert(&rParent, -1, &aDisplayName, &sId, nullptr, nullptr, nullptr, + false, xRet.get()); + m_xTreeListBox->set_text(*xRet, "", 1); + m_xTreeListBox->set_text(*xRet, "", 2); - nElementCount++; + nElementCount++; + } } if (nElementCount > 0 && !m_nUpdateWatchesId) { -- cgit