Date: prev next · Thread: first prev next last
2013 Archives by date, by thread · List index


Hi,

I have submitted a patch for review:

    https://gerrit.libreoffice.org/3562

To pull it, you can do:

    git pull ssh://gerrit.libreoffice.org:29418/core refs/changes/62/3562/1

fixed a mess of out of bounds string accesses

(cherry picked from commit 5cd4300f7ffc24d6bc0ed5704f37a04852fd322b)

Conflicts:
        svl/source/numbers/zformat.cxx

Change-Id: I800840e1b3c0d97a049b3ceba0ec244365dc8e6b
---
M svl/source/numbers/zformat.cxx
1 file changed, 40 insertions(+), 21 deletions(-)



diff --git a/svl/source/numbers/zformat.cxx b/svl/source/numbers/zformat.cxx
index 1b12669..545d6cc 100644
--- a/svl/source/numbers/zformat.cxx
+++ b/svl/source/numbers/zformat.cxx
@@ -1412,6 +1412,21 @@
     return (cToken == ']' || nPos == nLen) ? LocaleType(nNum) : LocaleType();
 }
 
+static bool lcl_matchKeywordAndGetNumber( const OUString & rString, const sal_Int32 nPos,
+        const OUString & rKeyword, sal_Int32 & nNumber )
+{
+    if (0 <= nPos && nPos + rKeyword.getLength() < rString.getLength() && 
rString.matchIgnoreAsciiCase( rKeyword, nPos))
+    {
+        nNumber = rString.copy( nPos + rKeyword.getLength()).toInt32();
+        return true;
+    }
+    else
+    {
+        nNumber = 0;
+        return false;
+    }
+}
+
 short SvNumberformat::ImpNextSymbol(OUStringBuffer& rString,
                                     sal_Int32& nPos,
                                     OUString& sSymbol)
@@ -1514,43 +1529,47 @@
             {
                 const OUString aNatNum("NATNUM");
                 const OUString aDBNum("DBNUM");
-                OUString aUpperNatNum( rChrCls().uppercase( rString.toString(), nPos-1, 
aNatNum.getLength() ) );
-                OUString aUpperDBNum( rChrCls().uppercase( rString.toString(), nPos-1, 
aDBNum.getLength() ) );
-                sal_Unicode cUpper = aUpperNatNum[0];
-                sal_Int32 nNatNumNum = rString.toString().copy( nPos - 1 + aNatNum.getLength() 
).toInt32();
-                sal_Unicode cDBNum = rString[ nPos - 1 + aDBNum.getLength()];
-                if ( aUpperNatNum == aNatNum && 0 <= nNatNumNum && nNatNumNum <= 19 )
+                const OUString aBufStr( rString.toString());
+                sal_Int32 nNatNumNum;
+                sal_Int32 nDBNum;
+                if ( lcl_matchKeywordAndGetNumber( aBufStr, nPos-1, aNatNum, nNatNumNum) &&
+                        0 <= nNatNumNum && nNatNumNum <= 19 )
                 {
                     sBuffSymbol.stripStart((sal_Unicode)'[');
-                    sBuffSymbol.append( rString.toString().copy( --nPos, aNatNum.getLength()+1 ));
+                    sBuffSymbol.append( aBufStr.copy( --nPos, aNatNum.getLength()+1 ));
                     nPos += aNatNum.getLength()+1;
                     //! SymbolType is negative
                     eSymbolType = (short) (BRACKET_SYMBOLTYPE_NATNUM0 - nNatNumNum);
                     eState = SsGetPrefix;
                 }
-                else if ( aUpperDBNum == aDBNum && '1' <= cDBNum && cDBNum <= '9' )
+                else if ( lcl_matchKeywordAndGetNumber( aBufStr, nPos-1, aDBNum, nDBNum) &&
+                        '1' <= nDBNum && nDBNum <= '9' )
                 {
                     sBuffSymbol.stripStart((sal_Unicode)'[');
                     sBuffSymbol.append(rString.toString().copy( --nPos, aDBNum.getLength()+1 ));
                     nPos += aDBNum.getLength()+1;
                     //! SymbolType is negative
-                    eSymbolType = sal::static_int_cast< short >( BRACKET_SYMBOLTYPE_DBNUM1 - 
(cDBNum - '1'));
+                    eSymbolType = sal::static_int_cast< short >( BRACKET_SYMBOLTYPE_DBNUM1 - 
(nDBNum - '1'));
                     eState = SsGetPrefix;
-                }
-                else if (cUpper == rKeywords[NF_KEY_H][0] ||  // H
-                         cUpper == rKeywords[NF_KEY_MI][0] ||  // M
-                         cUpper == rKeywords[NF_KEY_S][0] )   // S
-                {
-                    sBuffSymbol.append(cToken);
-                    eState = SsGetTime;
-                    cLetter = cToken;
                 }
                 else
                 {
-                    sBuffSymbol.stripStart((sal_Unicode)'[');
-                    sBuffSymbol.append(cToken);
-                    eSymbolType = BRACKET_SYMBOLTYPE_COLOR;
-                    eState = SsGetPrefix;
+                    sal_Unicode cUpper = rChrCls().uppercase( aBufStr, nPos-1, 1)[0];
+                    if (    cUpper == rKeywords[NF_KEY_H][0] ||     // H
+                            cUpper == rKeywords[NF_KEY_MI][0] ||    // M
+                            cUpper == rKeywords[NF_KEY_S][0] )      // S
+                    {
+                        sBuffSymbol.append(cToken);
+                        eState = SsGetTime;
+                        cLetter = cToken;
+                    }
+                    else
+                    {
+                        sBuffSymbol.stripStart((sal_Unicode)'[');
+                        sBuffSymbol.append(cToken);
+                        eSymbolType = BRACKET_SYMBOLTYPE_COLOR;
+                        eState = SsGetPrefix;
+                    }
                 }
             }
             }

-- 
To view, visit https://gerrit.libreoffice.org/3562
To unsubscribe, visit https://gerrit.libreoffice.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I800840e1b3c0d97a049b3ceba0ec244365dc8e6b
Gerrit-PatchSet: 1
Gerrit-Project: core
Gerrit-Branch: libreoffice-4-0
Gerrit-Owner: Eike Rathke <erack@redhat.com>


Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.