On Fri, 2012-03-30 at 09:46 +0200, Stephan Bergmann wrote: > For other string constructors, the question is whether there /is/ code > that, say, reads data from a user-supplied document and creates strings > from it, so could be fooled into trying to create excessively large > strings, but also establishes an exception handler that abandons loading > the document.
Related to that topic I tried to find and merge the .doc/.xls etc vast collection of custom methods that constructed strings from a stream based on a document provided potentially large count, i.e. read_uInt16s_ToOUString and friends. Those ones now use the (non-memset-0-ing) comphelper::string::rtl_uString_alloc (which I moved out of i18npool or i18nutil or something) and that alternative rtl_uString/rtl_String builder throws on alloc failure. C. _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice