Date: prev next · Thread: first prev next last
2013 Archives by date, by thread · List index 

Hi,

I have submitted a patch for review:

    https://gerrit.libreoffice.org/2182

To pull it, you can do:

    git pull ssh://gerrit.libreoffice.org:29418/core refs/changes/82/2182/1

fdo#60732: check max size in SwTxtNode::ReplaceTextOnly

Change-Id: I1ca2075ab99fe1b09df700f55645b44f38cf5bcc
(cherry picked from commit 0e49d87d92a3f1aeeeda547f1a7e710dcd4fee95)
---
M sw/source/core/txtnode/txtedt.cxx
1 file changed, 15 insertions(+), 2 deletions(-)



diff --git a/sw/source/core/txtnode/txtedt.cxx b/sw/source/core/txtnode/txtedt.cxx
index a538701..0cdacdb 100644
--- a/sw/source/core/txtnode/txtedt.cxx
+++ b/sw/source/core/txtnode/txtedt.cxx
@@ -1787,9 +1787,19 @@
         {
             // now apply the changes from end to start to leave the offsets of the
             // yet unchanged text parts remain the same.
+            size_t nSum(m_Text.Len());
             for (size_t i = 0; i < aChanges.size(); ++i)
-            {
-                swTransliterationChgData &rData = aChanges[ aChanges.size() - 1 - i ];
+            {   // check this here since AddChanges cannot be moved below
+                // call to ReplaceTextOnly
+                swTransliterationChgData & rData =
+                    aChanges[ aChanges.size() - 1 - i ];
+                nSum = nSum + rData.sChanged.Len() - rData.nLen;
+                if (nSum > TXTNODE_MAX)
+                {
+                    SAL_WARN("sw.core", "SwTxtNode::ReplaceTextOnly: "
+                            "node text with insertion > TXTNODE_MAX.");
+                    return;
+                }
                 if (pUndo)
                     pUndo->AddChanges( *this, rData.nStart, rData.nLen, rData.aOffsets );
                 ReplaceTextOnly( rData.nStart, rData.nLen, rData.sChanged, rData.aOffsets );
@@ -1802,6 +1812,9 @@
                                 const XubString& rText,
                                 const Sequence<sal_Int32>& rOffsets )
 {
+    assert(static_cast<size_t>(m_Text.Len()) +
+        static_cast<size_t>(rText.Len()) - nLen <= TXTNODE_MAX);
+
     m_Text.Replace( nPos, nLen, rText );
 
     xub_StrLen nTLen = rText.Len();

-- 
To view, visit https://gerrit.libreoffice.org/2182
To unsubscribe, visit https://gerrit.libreoffice.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1ca2075ab99fe1b09df700f55645b44f38cf5bcc
Gerrit-PatchSet: 1
Gerrit-Project: core
Gerrit-Branch: libreoffice-4-0
Gerrit-Owner: Michael Stahl <mstahl@redhat.com>

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.