sw/source/filter/ww8/ww8scan.cxx | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-)
New commits: commit 25622034bcef0b6bc3a8e6c150189f85672b2c9e Author: Caolán McNamara <caol...@redhat.com> Date: Sat Nov 25 15:03:02 2017 +0000 ofz#4419 Integer-overflow Change-Id: I922fb5195e2ed9311ada006beac6918136154a19 Reviewed-on: https://gerrit.libreoffice.org/45270 Reviewed-by: Caolán McNamara <caol...@redhat.com> Tested-by: Caolán McNamara <caol...@redhat.com> diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx index 4991e63fb6f5..e52a14b9671a 100644 --- a/sw/source/filter/ww8/ww8scan.cxx +++ b/sw/source/filter/ww8/ww8scan.cxx @@ -1498,11 +1498,18 @@ WW8_CP WW8ScannerBase::WW8Fc2Cp( WW8_FC nFcPos ) const return nFallBackCpEnd; } + WW8_FC nFcDiff; + if (o3tl::checked_sub(nFcPos, m_pWw8Fib->m_fcMin, nFcDiff)) + { + SAL_WARN("sw.ww8", "broken offset, ignoring"); + return WW8_CP_MAX; + } + // No complex file if (!bIsUnicode) - nFallBackCpEnd = (nFcPos - m_pWw8Fib->m_fcMin); + nFallBackCpEnd = nFcDiff; else - nFallBackCpEnd = (nFcPos - m_pWw8Fib->m_fcMin + 1) / 2; + nFallBackCpEnd = (nFcDiff + 1) / 2; return nFallBackCpEnd; }
_______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits