[Libreoffice-commits] core.git: Branch 'libreoffice-7-1' - basic/source

[Julien Nabet (via logerrit)]

 basic/source/runtime/methods.cxx |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

New commits:
commit bf3c4e49a48178849f75e6449ec47ab3ff456878
Author:     Julien Nabet <serval2...@yahoo.fr>
AuthorDate: Wed Jun 30 22:55:46 2021 +0200
Commit:     Xisco Fauli <xiscofa...@libreoffice.org>
CommitDate: Thu Jul 1 17:34:24 2021 +0200

    tdf#143081: fix Basic Replace() function crashes LO
    
    0x00007f19c0aa6e57 in rtl::OUStringBuffer::append(char16_t const*, int) 
(this=0x7fff100d0748, str=0x6f6f46a u"晦饖香©", len=-1) at 
include/rtl/ustrbuf.hxx:659
    0x00007f19c0c3c8a8 in SbRtl_Replace(StarBASIC*, SbxArray&, bool) (rPar=...) 
at basic/source/runtime/methods.cxx:1321
    
    see bt here:
    https://bugs.documentfoundation.org/attachment.cgi?id=173298
    
    Calling xCharClass->toUpper may change words, eg: "Straße" becomes "Strasse"
    so the length of the word increases.
    In brief, we want to use the length of aSrcStr not aExpStr
    
    Change-Id: Ia291d47a2021efc7dd9162ca5cc72b7940fdd71e
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118202
    Tested-by: Jenkins
    Reviewed-by: Noel Grandin <noel.gran...@collabora.co.uk>
    (cherry picked from commit 4a0b40f1be9f6773c8ebc5331c257911a76a5cee)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118178
    Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
    Signed-off-by: Xisco Fauli <xiscofa...@libreoffice.org>
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118229

diff --git a/basic/source/runtime/methods.cxx b/basic/source/runtime/methods.cxx
index 1a598490d68a..ebd48c9cc473 100644
--- a/basic/source/runtime/methods.cxx
+++ b/basic/source/runtime/methods.cxx
@@ -1276,8 +1276,6 @@ void SbRtl_Replace(StarBASIC *, SbxArray & rPar, bool)
     const OUString aExpStr = rPar.Get32(1)->GetOUString();
     OUString aFindStr = rPar.Get32(2)->GetOUString();
     const OUString aReplaceStr = rPar.Get32(3)->GetOUString();
-    const sal_Int32 nExpStrLen = aExpStr.getLength();
-    const sal_Int32 nFindStrLen = aFindStr.getLength();
 
     OUString aSrcStr(aExpStr);
     if (bCaseInsensitive)
@@ -1288,10 +1286,12 @@ void SbRtl_Replace(StarBASIC *, SbxArray & rPar, bool)
         aSrcStr = xCharClass->toUpper(aSrcStr, 0, aSrcStr.getLength(), 
rLocale);
         aFindStr = xCharClass->toUpper(aFindStr, 0, aFindStr.getLength(), 
rLocale);
     }
+    const sal_Int32 nSrcStrLen = aSrcStr.getLength();
+    const sal_Int32 nFindStrLen = aFindStr.getLength();
 
     // Note: the result starts from lStartPos, removing everything to the 
left. See i#94895.
-    sal_Int32 nPrevPos = std::min(lStartPos - 1, nExpStrLen);
-    OUStringBuffer sResult(nExpStrLen - nPrevPos);
+    sal_Int32 nPrevPos = std::min(lStartPos - 1, nSrcStrLen);
+    OUStringBuffer sResult(nSrcStrLen - nPrevPos);
     sal_Int32 nCounts = 0;
     while (lCount == -1 || lCount > nCounts)
     {
@@ -1308,7 +1308,7 @@ void SbRtl_Replace(StarBASIC *, SbxArray & rPar, bool)
             break;
         }
     }
-    sResult.append(aExpStr.getStr() + nPrevPos, nExpStrLen - nPrevPos);
+    sResult.append(aExpStr.getStr() + nPrevPos, nSrcStrLen - nPrevPos);
     rPar.Get32(0)->PutString(sResult.makeStringAndClear());
 }
 
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits