vcl/source/control/ilstbox.cxx | 10 ++++++---- vcl/source/fontsubset/sft.cxx | 3 +++ 2 files changed, 9 insertions(+), 4 deletions(-)
New commits: commit c51d5706205cd0282c07d778ffac5f265c3eaf5f Author: Caolán McNamara <caol...@redhat.com> Date: Thu Jul 2 16:21:26 2015 +0100 Resolves: tdf#92467 crashes with empty history list on pressing down regression from some 16->32 bit listbox limit changing Change-Id: I045eeef935afed4154fe11bfd11916c2d6a722e9 diff --git a/vcl/source/control/ilstbox.cxx b/vcl/source/control/ilstbox.cxx index a0ff872..fde4faa 100644 --- a/vcl/source/control/ilstbox.cxx +++ b/vcl/source/control/ilstbox.cxx @@ -1613,8 +1613,9 @@ bool ImplListBoxWindow::ProcessKeyInput( const KeyEvent& rKEvt ) ) { DBG_ASSERT( !mpEntryList->IsEntryPosSelected( nSelect ) || mbMulti, "ImplListBox: Selecting same Entry" ); - if( nSelect >= mpEntryList->GetEntryCount() ) - nSelect = mpEntryList->GetEntryCount()-1; + sal_Int32 nCount = mpEntryList->GetEntryCount(); + if (nSelect >= nCount) + nSelect = nCount ? nCount-1 : LISTBOX_ENTRY_NOTFOUND; bool bCurPosChange = (mnCurrentPos != nSelect); mnCurrentPos = nSelect; if(SelectEntries( nSelect, eLET, bShift, bCtrl, bCurPosChange)) @@ -1674,8 +1675,9 @@ void ImplListBoxWindow::SelectEntry( vcl::StringEntryIdentifier _entry ) // normalize OSL_ENSURE( nSelect < mpEntryList->GetEntryCount(), "ImplListBoxWindow::SelectEntry: how that?" ); - if( nSelect >= mpEntryList->GetEntryCount() ) - nSelect = mpEntryList->GetEntryCount()-1; + sal_Int32 nCount = mpEntryList->GetEntryCount(); + if (nSelect >= nCount) + nSelect = nCount ? nCount-1 : LISTBOX_ENTRY_NOTFOUND; // make visible ShowProminentEntry( nSelect ); commit cd5fd80ebfa91e6546a10bc5e84f588ad8762add Author: Caolán McNamara <caol...@redhat.com> Date: Thu Jul 2 14:34:36 2015 +0100 coverity#1213369 Untrusted value as argument Change-Id: Ie929aee9c78a89d9ebed15cc59d33d7f2fdb3fad diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx index ede244c..999a697 100644 --- a/vcl/source/fontsubset/sft.cxx +++ b/vcl/source/fontsubset/sft.cxx @@ -1721,6 +1721,9 @@ static int doOpenTTFont( sal_uInt32 facenum, TrueTypeFont* t ) for( i = 0; i <= (int)t->nglyphs; ++i ) t->goffsets[i] = indexfmt ? GetUInt32(table, i << 2, 1) : (sal_uInt32)GetUInt16(table, i << 1, 1) << 1; } else if( getTable(t, O_CFF) ) { /* PS-OpenType */ + int k = getTableSize(t, O_CFF); /* set a limit here, presumably much lower than the table size, but establishes some sort of physical bound */ + if( k < (int)t->nglyphs ) + t->nglyphs = k; t->goffsets = static_cast<sal_uInt32 *>(calloc(1+t->nglyphs, sizeof(sal_uInt32))); /* TODO: implement to get subsetting */ assert(t->goffsets != 0);
_______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits