From f0c2e0d27ccdeaefb00b63e7462e1c25e18f73af Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Wed, 29 Jan 2020 17:17:24 +0000
Subject: cid#1458020 Untrusted loop bound
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

cid#1458018 Untrusted loop bound
cid#1242844 Untrusted loop bound

Change-Id: I9062240290708f4b51b0ce42a30897b50d1a2677
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87702
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
---
 svl/source/items/macitem.cxx | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'svl')

diff --git a/svl/source/items/macitem.cxx b/svl/source/items/macitem.cxx
index 64a22aa0039c..b0750212e3dc 100644
--- a/svl/source/items/macitem.cxx
+++ b/svl/source/items/macitem.cxx
@@ -86,28 +86,30 @@ void SvxMacroTableDtor::Read( SvStream& rStrm )
     sal_uInt16 nVersion;
     rStrm.ReadUInt16( nVersion );
 
-    short nMacro(0);
-    rStrm.ReadInt16(nMacro);
-    if (nMacro < 0)
+    short nReadMacro(0);
+    rStrm.ReadInt16(nReadMacro);
+    if (nReadMacro < 0)
     {
-        SAL_WARN("editeng", "Parsing error: negative value " << nMacro);
+        SAL_WARN("editeng", "Parsing error: negative value " << nReadMacro);
         return;
     }
 
+    auto nMacro = o3tl::make_unsigned(nReadMacro);
+
     const size_t nMinStringSize = rStrm.GetStreamCharSet() == RTL_TEXTENCODING_UNICODE ? 4 : 2;
     size_t nMinRecordSize = 2 + 2*nMinStringSize;
     if( SVX_MACROTBL_VERSION40 <= nVersion )
         nMinRecordSize+=2;
 
     const size_t nMaxRecords = rStrm.remainingSize() / nMinRecordSize;
-    if (o3tl::make_unsigned(nMacro) > nMaxRecords)
+    if (nMacro > nMaxRecords)
     {
         SAL_WARN("editeng", "Parsing error: " << nMaxRecords <<
                  " max possible entries, but " << nMacro<< " claimed, truncating");
         nMacro = nMaxRecords;
     }
 
-    for (short i = 0; i < nMacro; ++i)
+    for (decltype(nMacro) i = 0; i < nMacro; ++i)
     {
         sal_uInt16 nCurKey, eType = STARBASIC;
         OUString aLibName, aMacName;
@@ -122,7 +124,6 @@ void SvxMacroTableDtor::Read( SvStream& rStrm )
     }
 }
 
-
 SvStream& SvxMacroTableDtor::Write( SvStream& rStream ) const
 {
     sal_uInt16 nVersion = SOFFICE_FILEFORMAT_31 == rStream.GetVersion()
-- 
cgit