From 56616073d2044520cd4eb21e9e4a6bc363d03ee0 Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Tue, 24 Oct 2017 15:29:40 +0100 Subject: ofz#3768 Integer-overflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I37067d29bb18b3afe01397f161d7b135de91146a Reviewed-on: https://gerrit.libreoffice.org/43780 Tested-by: Jenkins Reviewed-by: Caolán McNamara Tested-by: Caolán McNamara --- sc/source/ui/docshell/impex.cxx | 49 ++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 18 deletions(-) (limited to 'sc/source/ui/docshell/impex.cxx') diff --git a/sc/source/ui/docshell/impex.cxx b/sc/source/ui/docshell/impex.cxx index 80069b4eef59..6aa1e4c1dfa2 100644 --- a/sc/source/ui/docshell/impex.cxx +++ b/sc/source/ui/docshell/impex.cxx @@ -53,6 +53,7 @@ #include #include +#include #include #include @@ -1752,37 +1753,45 @@ bool ScImportExport::Sylk2Doc( SvStream& rStrm ) switch( ch ) { case 'X': - nCol = static_cast(OUString(p).toInt32()) + nStartCol - 1; - if (nCol < 0 || MAXCOL < nCol) + { + bool bFail = o3tl::checked_add(OUString(p).toInt32(), nStartCol - 1, nCol); + if (bFail || nCol < 0 || MAXCOL < nCol) { SAL_WARN("sc.ui","ScImportExport::Sylk2Doc - ;X invalid nCol=" << nCol); - nCol = std::max( 0, std::min( nCol, MAXCOL)); + nCol = std::max(0, std::min(nCol, MAXCOL)); } break; + } case 'Y': - nRow = OUString(p).toInt32() + nStartRow - 1; - if (nRow < 0 || MAXROW < nRow) + { + bool bFail = o3tl::checked_add(OUString(p).toInt32(), nStartRow - 1, nRow); + if (bFail || nRow < 0 || MAXROW < nRow) { SAL_WARN("sc.ui","ScImportExport::Sylk2Doc - ;Y invalid nRow=" << nRow); - nRow = std::max( 0, std::min( nRow, MAXROW)); + nRow = std::max(0, std::min(nRow, MAXROW)); } break; + } case 'C': - nRefCol = static_cast(OUString(p).toInt32()) + nStartCol - 1; - if (nRefCol < 0 || MAXCOL < nRefCol) + { + bool bFail = o3tl::checked_add(OUString(p).toInt32(), nStartCol - 1, nRefCol); + if (bFail || nRefCol < 0 || MAXCOL < nRefCol) { SAL_WARN("sc.ui","ScImportExport::Sylk2Doc - ;C invalid nRefCol=" << nRefCol); - nRefCol = std::max( 0, std::min( nRefCol, MAXCOL)); + nRefCol = std::max(0, std::min(nRefCol, MAXCOL)); } break; + } case 'R': - nRefRow = OUString(p).toInt32() + nStartRow - 1; - if (nRefRow < 0 || MAXROW < nRefRow) + { + bool bFail = o3tl::checked_add(OUString(p).toInt32(), nStartRow - 1, nRefRow); + if (bFail || nRefRow < 0 || MAXROW < nRefRow) { SAL_WARN("sc.ui","ScImportExport::Sylk2Doc - ;R invalid nRefRow=" << nRefRow); - nRefRow = std::max( 0, std::min( nRefRow, MAXROW)); + nRefRow = std::max(0, std::min(nRefRow, MAXROW)); } break; + } case 'K': { if( !bSingle && @@ -1892,21 +1901,25 @@ bool ScImportExport::Sylk2Doc( SvStream& rStrm ) switch( ch ) { case 'X': - nCol = static_cast(OUString(p).toInt32()) + nStartCol - 1; - if (nCol < 0 || MAXCOL < nCol) + { + bool bFail = o3tl::checked_add(OUString(p).toInt32(), nStartCol - 1, nCol); + if (bFail || nCol < 0 || MAXCOL < nCol) { SAL_WARN("sc.ui","ScImportExport::Sylk2Doc - ;X invalid nCol=" << nCol); - nCol = std::max( 0, std::min( nCol, MAXCOL)); + nCol = std::max(0, std::min(nCol, MAXCOL)); } break; + } case 'Y': - nRow = OUString(p).toInt32() + nStartRow - 1; - if (nRow < 0 || MAXROW < nRow) + { + bool bFail = o3tl::checked_add(OUString(p).toInt32(), nStartRow - 1, nRow); + if (bFail || nRow < 0 || MAXROW < nRow) { SAL_WARN("sc.ui","ScImportExport::Sylk2Doc - ;Y invalid nRow=" << nRow); - nRow = std::max( 0, std::min( nRow, MAXROW)); + nRow = std::max(0, std::min(nRow, MAXROW)); } break; + } case 'P' : if ( bData ) { -- cgit