hwpfilter/source/hbox.cxx | 198 +++++++++++++++-------------
hwpfilter/source/hwpreader.cxx | 2
package/source/zipapi/XUnbufferedStream.cxx | 9 -
readlicense_oo/license/license.xml | 6
sc/source/filter/html/htmlpars.cxx | 54 +++++--
sc/source/filter/rtf/eeimpars.cxx | 2
sw/qa/extras/layout/data/ofz64109-1.fodt |binary
sw/qa/extras/layout/layout.cxx | 6
sw/source/core/text/porfld.cxx | 10 +
sw/source/filter/html/htmlftn.cxx | 4
sw/source/filter/html/swhtml.hxx | 21 ++
sw/source/filter/ww8/ww8par5.cxx | 18 ++
vcl/source/gdi/metaact.cxx | 121 +++++++++++++++++
13 files changed, 339 insertions(+), 112 deletions(-)
New commits:
commit b5c7d1fd75f29401c58fc4bc8e6a5897063e7f4f
Author: Taichi Haradaguchi <20001...@ymail.ne.jp>
AuthorDate: Mon Jun 24 01:54:01 2024 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:11 2024 +0200
licence: add zxing-cpp
Change-Id: Ia347ea638cb1ccdc4f0a351509f010c3444a4c62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169432
Tested-by: Jenkins
Reviewed-by: Taichi Haradaguchi <20001...@ymail.ne.jp>
(cherry picked from commit 72aa32b3c5ed7bc739d7567bf607d767f195b651)
(cherry picked from commit 157ce6a4c4c35dc06f19b6bd36895eac551c9760)
diff --git a/readlicense_oo/license/license.xml
b/readlicense_oo/license/license.xml
index 7ad0a91c67f1..bc1dc9e905e2 100644
--- a/readlicense_oo/license/license.xml
+++ b/readlicense_oo/license/license.xml
@@ -2169,6 +2169,12 @@
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.</p>
</div>
+ <div class="ZXING-CPP">
+ <h2>ZXing-C++</h2>
+ <p>The following software may be included in this product: ZXing-C++.
Use of any of this software is governed
+ by the terms of the license below:</p>
+ <p><a href="#a__Apache_License_version_2_0">Jump to Apache License
Version 2.0</a></p>
+ </div>
<div class="ZLIB">
<h2>zlib</h2>
<p>The following software may be included in this product: zlib. Use
of any of this software is governed by the
commit e90f55be7af45b93823293df36ac4344e31fdd8b
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Wed Apr 24 20:10:38 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:11 2024 +0200
ofz#68269 more fixes to sc html parser
Change-Id: I2fd889c438d4707a4e174a5a4300e742cd895d3b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166607
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit d5823f417248663d78072e2a0be162175def2235)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index 2fa508aef02e..32f468a7a0b0 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -588,7 +588,7 @@ void ScHTMLLayoutParser::Adjust()
if ( pE->nCol != nColBeforeSkip )
{
size_t nCount = maColOffset.size();
- if ( nCount <= o3tl::make_unsigned(pE->nCol) )
+ if (pE->nCol < 0 || nCount <= o3tl::make_unsigned(pE->nCol))
{
pE->nOffset = static_cast<sal_uInt16>(maColOffset[nCount-1]);
MakeCol( &maColOffset, pE->nOffset, pE->nWidth,
nOffsetTolerance, nOffsetTolerance );
commit 05b290d98f13af216450277a736c27846702a3fe
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Apr 5 10:40:36 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:11 2024 +0200
ofz#67854 UNKNOWN READ
Change-Id: I37d2bc6153a8bf616d19105645f91b8519890e61
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165813
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 79d1c80892b36d2c155aa6112de8b1a7b1e07ae8)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index cc3b794cc1ed..2fa508aef02e 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -587,8 +587,8 @@ void ScHTMLLayoutParser::Adjust()
SkipLocked(pE.get(), false);
if ( pE->nCol != nColBeforeSkip )
{
- SCCOL nCount = static_cast<SCCOL>(maColOffset.size());
- if ( nCount <= pE->nCol )
+ size_t nCount = maColOffset.size();
+ if ( nCount <= o3tl::make_unsigned(pE->nCol) )
{
pE->nOffset = static_cast<sal_uInt16>(maColOffset[nCount-1]);
MakeCol( &maColOffset, pE->nOffset, pE->nWidth,
nOffsetTolerance, nOffsetTolerance );
commit 94b23a1bc22b820f65deaf30539dee8abe6fa955
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Apr 16 17:34:35 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:11 2024 +0200
ofz#68081 keep within bounds
Change-Id: Ib7f11f2447d5a2cc6b9b559727f2a0127c15913e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166154
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit e16730a87c17d1a3e6219159d1d012caad4ebf13)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index ec467dddf0a0..cc3b794cc1ed 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -816,7 +816,7 @@ void ScHTMLLayoutParser::Colonize( ScEEParseEntry* pE )
{ // Replaced
nCol = pE->nCol - nColCntStart;
SCCOL nCount = static_cast<SCCOL>(pLocalColOffset->size());
- if ( nCol < nCount )
+ if (nCol >= 0 && nCol < nCount)
nColOffset = static_cast<sal_uInt16>((*pLocalColOffset)[nCol]);
else
nColOffset = static_cast<sal_uInt16>((*pLocalColOffset)[nCount -
1]);
commit 4b0931bb13e5721096a56744d361560367031bc8
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Apr 12 15:24:53 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:11 2024 +0200
ofz#68004 Unknown Read
Change-Id: Id3e50e3a8522523d2b665e394d8f4a65b7f4df5d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/166034
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 54d577ed22fd4bae093639be3056a722f5a40bb2)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index eff4a2cebc83..ec467dddf0a0 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -680,7 +680,7 @@ void ScHTMLLayoutParser::SetWidths()
if ( pE->nTab == nTable && pE->nWidth )
{
nCol = pE->nCol - nColCntStart;
- if ( nCol < nColsPerRow )
+ if (nCol >= 0 && nCol < nColsPerRow)
{
if ( pE->nColOverlap == 1 )
{
commit 981bd1627fe43bb245b9ff7bf839ae22a92b7ccd
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Apr 8 22:07:11 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:11 2024 +0200
ofz#67906 Integer-overflow
Change-Id: I459bdeef6bb7577c5388202374c981c7b01fa137
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165899
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 11e98a5087f39eb8ff6a0b8ce260169f213e7c67)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index b5ed0876f939..eff4a2cebc83 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -958,7 +958,7 @@ void ScHTMLLayoutParser::TableDataOn( HtmlImportInfo* pInfo
)
case HtmlOptionId::COLSPAN:
{
sal_Int32 nColOverlap = rOption.GetString().toInt32();
- if (nColOverlap >= 0 && nColOverlap <= SCCOL_MAX)
+ if (nColOverlap >= 0 && nColOverlap <= mpDoc->MaxCol())
mxActEntry->nColOverlap = static_cast<SCCOL>(nColOverlap);
else
SAL_WARN("sc", "ScHTMLLayoutParser::TableDataOn ignoring
colspan: " << nColOverlap);
@@ -967,7 +967,7 @@ void ScHTMLLayoutParser::TableDataOn( HtmlImportInfo* pInfo
)
case HtmlOptionId::ROWSPAN:
{
sal_Int32 nRowOverlap = rOption.GetString().toInt32();
- if (nRowOverlap >= 0)
+ if (nRowOverlap >= 0 && nRowOverlap <= mpDoc->MaxRow())
mxActEntry->nRowOverlap = static_cast<SCROW>(nRowOverlap);
else
SAL_WARN("sc", "ScHTMLLayoutParser::TableDataOn ignoring
rowspan: " << nRowOverlap);
commit bc7be00b46b7e71d21e010dd41c9d599d24752a7
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Apr 8 21:59:41 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:11 2024 +0200
ofz#67904 Integer-overflow
Change-Id: I27f4126fe0109611f6fdb486ed7f9ee3067ebcb1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165898
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 8527dc74eb1adc9fe4c25134ec853a83d46f1089)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index 984aeb6dd3a5..b5ed0876f939 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -441,7 +441,7 @@ void ScHTMLLayoutParser::SkipLocked( ScEEParseEntry* pE,
bool bJoin )
bool bFail = o3tl::checked_add<SCCOL>(pE->nCol, pE->nColOverlap - 1,
nEndCol) ||
o3tl::checked_add<SCROW>(pE->nRow, pE->nRowOverlap - 1,
nEndRow);
- if (bFail)
+ if (bFail || nEndRow > mpDoc->MaxRow())
{
SAL_WARN("sc", "invalid range: " << pE->nCol << " " <<
pE->nColOverlap <<
" " << pE->nRow << " " <<
pE->nRowOverlap);
commit ab2caf227398e4d703a0ae537d03fa5e520efc34
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Wed Apr 3 14:09:53 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:10 2024 +0200
ofz#67815 overflowed short
Change-Id: Iee9a5caee53b522ed16d234c2bc06987264e23db
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165751
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit c4f2a85bc5fa319a84474191275a2434dda1830b)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index cf8a7769e562..984aeb6dd3a5 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -734,14 +734,14 @@ void ScHTMLLayoutParser::SetWidths()
pWidths[nCol] = nW;
}
}
- for ( nCol = 1; nCol <= nColsPerRow; nCol++ )
+ for (int nCol2 = 1; nCol2 <= nColsPerRow; nCol2++)
{
- pOffsets[nCol] = pOffsets[nCol-1] + pWidths[nCol-1];
+ pOffsets[nCol2] = pOffsets[nCol2-1] + pWidths[nCol2-1];
}
pLocalColOffset->clear();
- for ( nCol = 0; nCol <= nColsPerRow; nCol++ )
+ for (int nCol2 = 0; nCol2 <= nColsPerRow; nCol2++)
{
- MakeColNoRef( pLocalColOffset, pOffsets[nCol], 0, 0, 0 );
+ MakeColNoRef( pLocalColOffset, pOffsets[nCol2], 0, 0, 0 );
}
nTableWidth = pOffsets[nColsPerRow] - pOffsets[0];
commit 9fe2eab098ca40094932da7a69bb6ae4928739f2
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Mar 26 09:22:56 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:10 2024 +0200
ofz#67635 Integer-overflow
Change-Id: Ia764276d6b35ea84d7415484eaeb9da77e55092a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165307
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 9d1275974d23c520a706129807443ff909719e23)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index 1de06c9694b8..cf8a7769e562 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -606,13 +606,12 @@ void ScHTMLLayoutParser::Adjust()
//FIXME: This may not be correct, but works anyway ...
pE->nColOverlap = 1;
}
- xLockedList->Join( ScRange( pE->nCol, pE->nRow, 0,
- pE->nCol + pE->nColOverlap - 1, pE->nRow + pE->nRowOverlap - 1, 0
) );
+ SCCOL nColTmp = o3tl::saturating_add(pE->nCol, pE->nColOverlap);
+ SCROW nRowTmp = o3tl::saturating_add(pE->nRow ,pE->nRowOverlap);
+ xLockedList->Join( ScRange( pE->nCol, pE->nRow, 0, nColTmp - 1,
nRowTmp - 1, 0 ) );
// Take over MaxDimensions
- SCCOL nColTmp = pE->nCol + pE->nColOverlap;
if ( nColMax < nColTmp )
nColMax = nColTmp;
- SCROW nRowTmp = pE->nRow + pE->nRowOverlap;
if ( nRowMax < nRowTmp )
nRowMax = nRowTmp;
}
commit e6bc1729d93f5e657229eca96e18fc9aa6445fe6
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sat Mar 23 15:19:04 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:10 2024 +0200
ofz#67577 Integer-overflow
Change-Id: I3828bb76ab7808ac0717b33c231927730216b42b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165216
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 035f87f7ed8775c30c6f84d7d02bc72a66182c63)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index 57c06fc23dd0..1de06c9694b8 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -50,6 +50,7 @@
#include <osl/diagnose.h>
#include <rtl/tencinfo.h>
+#include <o3tl/safeint.hxx>
#include <htmlpars.hxx>
#include <global.hxx>
@@ -434,8 +435,20 @@ void ScHTMLLayoutParser::SkipLocked( ScEEParseEntry* pE,
bool bJoin )
{ // Or else this would create a wrong value at ScAddress (chance for an
infinite loop)!
bool bBadCol = false;
bool bAgain;
- ScRange aRange( pE->nCol, pE->nRow, 0,
- pE->nCol + pE->nColOverlap - 1, pE->nRow + pE->nRowOverlap - 1, 0
);
+
+ SCCOL nEndCol(0);
+ SCROW nEndRow(0);
+ bool bFail = o3tl::checked_add<SCCOL>(pE->nCol, pE->nColOverlap - 1,
nEndCol) ||
+ o3tl::checked_add<SCROW>(pE->nRow, pE->nRowOverlap - 1,
nEndRow);
+
+ if (bFail)
+ {
+ SAL_WARN("sc", "invalid range: " << pE->nCol << " " <<
pE->nColOverlap <<
+ " " << pE->nRow << " " <<
pE->nRowOverlap);
+ return;
+ }
+
+ ScRange aRange(pE->nCol, pE->nRow, 0, nEndCol, nEndRow, 0);
do
{
bAgain = false;
commit 0ad97420088544673b22d81c88157e54e67081ab
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Mar 19 08:46:45 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:10 2024 +0200
null deref in initial sc html fuzzing
Change-Id: I368db8fec4cfd9409197d17f2892153aca2ba502
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165019
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 85c40af4e9d4c679f66e7f7e004c018dd28994ee)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index f8686de51eec..57c06fc23dd0 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -825,7 +825,8 @@ void ScHTMLLayoutParser::CloseEntry( const HtmlImportInfo*
pInfo )
if ( bTabInTabCell )
{ // From the stack in TableOff
bTabInTabCell = false;
- NewActEntry(maList.back().get()); // New free flying mxActEntry
+ SAL_WARN_IF(maList.empty(), "sc", "unexpected close entry without
open");
+ NewActEntry(maList.empty() ? nullptr : maList.back().get()); // New
free flying mxActEntry
return ;
}
if (mxActEntry->nTab == 0)
commit 074b6510b9072e0e20b06b29f57803697b2c8ed1
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Mar 18 20:47:02 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:10 2024 +0200
AddressSanitizer: container-overflow in initial sc html fuzzing
Change-Id: I20d7baa6fd6fcb9c7d0019d7891a237dd721ef31
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164980
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 4645391b56c32d59f241e66798f72183ad29ad13)
diff --git a/sc/source/filter/html/htmlpars.cxx
b/sc/source/filter/html/htmlpars.cxx
index 063408b18e31..f8686de51eec 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -637,12 +637,17 @@ void ScHTMLLayoutParser::SetWidths()
MakeColNoRef( pLocalColOffset, nOff, 0, 0, 0 );
}
nTableWidth = static_cast<sal_uInt16>(pLocalColOffset->back() -
pLocalColOffset->front());
+ const auto nColsAvailable = pLocalColOffset->size();
for ( size_t i = nFirstTableCell, nListSize = maList.size(); i <
nListSize; ++i )
{
auto& pE = maList[ i ];
if ( pE->nTab == nTable )
{
- pE->nOffset =
static_cast<sal_uInt16>((*pLocalColOffset)[pE->nCol - nColCntStart]);
+ const size_t nColRequested = pE->nCol - nColCntStart;
+ if (nColRequested < nColsAvailable)
+ pE->nOffset =
static_cast<sal_uInt16>((*pLocalColOffset)[nColRequested]);
+ else
+ SAL_WARN("sc", "missing information for column: " <<
nColRequested);
pE->nWidth = 0; // to be recalculated later
}
}
commit dc7bd075d076deb5cec53b1f1c4264b07a2ec065
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Apr 5 10:46:40 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:10 2024 +0200
ofz#67765 Integer-overflow
Change-Id: I49b1a5024352575a3867500c15f542863c273e93
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165814
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 8379aaee531e469687aaceba27f5afd697a0d86d)
diff --git a/sc/source/filter/rtf/eeimpars.cxx
b/sc/source/filter/rtf/eeimpars.cxx
index 368c99fa3bd6..ec039f3e4af2 100644
--- a/sc/source/filter/rtf/eeimpars.cxx
+++ b/sc/source/filter/rtf/eeimpars.cxx
@@ -305,7 +305,7 @@ void ScEEImport::WriteToDocument( bool bSizeColsRows,
double nOutputFactor, SvNu
ScMF::Hor );
if ( pE->nRowOverlap > 1 )
{
- nRO = nRow + pE->nRowOverlap - 1;
+ nRO = o3tl::saturating_add(nRow, pE->nRowOverlap - 1);
mpDoc->ApplyFlagsTab( nCol, nRow+1,
nCol, nRO , nTab,
ScMF::Ver );
commit f4f6bf0b968d25cee222407063a9ff3669eb2527
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sat Nov 18 21:56:51 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:10 2024 +0200
ofz#64109 crash in CharClass::isLetterNumeric
there appears to be an extra portion created, because HookChar is
set, but there doesn't seem to be a reason for the HookChar so we
get an unwanted trailing portion.
It seems that the HookChar is set when processing the field, presumably
when we restore the SwTextFormatInfo text, idx and len we should also
restore its original HookChar state.
At least for this ruby text case there the field contents are drawn over
the body text, unlike others where the contents are drawn inline with
the body text, where we appear to need to keep the hook char.
Change-Id: Id48a3ef09cd10dcc91048f8c08207d2d105839d9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159642
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 72928fa459f8e67c30a2e2357424ab75d3105a26)
diff --git a/sw/qa/extras/layout/data/ofz64109-1.fodt
b/sw/qa/extras/layout/data/ofz64109-1.fodt
new file mode 100644
index 000000000000..26a4bbbf63cf
Binary files /dev/null and b/sw/qa/extras/layout/data/ofz64109-1.fodt differ
diff --git a/sw/qa/extras/layout/layout.cxx b/sw/qa/extras/layout/layout.cxx
index 7c78421584d3..c0e4f25247d7 100644
--- a/sw/qa/extras/layout/layout.cxx
+++ b/sw/qa/extras/layout/layout.cxx
@@ -216,6 +216,12 @@ CPPUNIT_TEST_FIXTURE(SwLayoutWriter, testRedlineFootnotes)
CheckRedlineFootnotesHidden();
}
+CPPUNIT_TEST_FIXTURE(SwLayoutWriter, testOfz64109)
+{
+ //just care it doesn't assert
+ createDoc("ofz64109-1.fodt");
+}
+
CPPUNIT_TEST_FIXTURE(SwLayoutWriter, testRedlineFlysInBody)
{
loadURL("private:factory/swriter", nullptr);
diff --git a/sw/source/core/text/porfld.cxx b/sw/source/core/text/porfld.cxx
index ad3acbafefa4..15ae89a6655b 100644
--- a/sw/source/core/text/porfld.cxx
+++ b/sw/source/core/text/porfld.cxx
@@ -143,6 +143,7 @@ class SwFieldSlot
OUString aText;
TextFrameIndex nIdx;
TextFrameIndex nLen;
+ sal_Unicode nOrigHookChar;
SwTextFormatInfo *pInf;
bool bOn;
public:
@@ -154,6 +155,7 @@ SwFieldSlot::SwFieldSlot( const SwTextFormatInfo* pNew,
const SwFieldPortion *pP
: pOldText(nullptr)
, nIdx(0)
, nLen(0)
+ , nOrigHookChar(0)
, pInf(nullptr)
{
bOn = pPor->GetExpText( *pNew, aText );
@@ -165,6 +167,7 @@ SwFieldSlot::SwFieldSlot( const SwTextFormatInfo* pNew,
const SwFieldPortion *pP
nIdx = pInf->GetIdx();
nLen = pInf->GetLen();
pOldText = &(pInf->GetText());
+ nOrigHookChar = pInf->GetHookChar();
m_pOldCachedVclData = pInf->GetCachedVclData();
pInf->SetLen(TextFrameIndex(aText.getLength()));
pInf->SetCachedVclData(nullptr);
@@ -196,6 +199,13 @@ SwFieldSlot::~SwFieldSlot()
{
pInf->SetCachedVclData(m_pOldCachedVclData);
pInf->SetText( *pOldText );
+ // ofz#64109 at last for ruby-text when we restore the original text to
+ // continue laying out the 'body' text of the ruby, then a tab or other
+ // 'hook char' in the text drawn above it shouldn't affect the 'body'
+ // While there are other cases, such as tdf#148360, where the tab in an
+ // inline expanded field, that should affect the body.
+ if (pInf->IsRuby())
+ pInf->SetHookChar(nOrigHookChar);
pInf->SetIdx( nIdx );
pInf->SetLen( nLen );
pInf->SetFakeLineStart( false );
commit efdcad7aaa9697fad0db28a6eff912a7fcc194b7
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 30 21:03:01 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:10 2024 +0200
ofz#57529 Integer-overflow
Change-Id: I93775299aa340e2e645a04be5d0bc36a9caea103
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149773
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 397e2d5118dcc5ebd8dedfe731de02fb4277960f)
diff --git a/package/source/zipapi/XUnbufferedStream.cxx
b/package/source/zipapi/XUnbufferedStream.cxx
index e5a965e26951..7697af0ff070 100644
--- a/package/source/zipapi/XUnbufferedStream.cxx
+++ b/package/source/zipapi/XUnbufferedStream.cxx
@@ -29,6 +29,7 @@
#include <algorithm>
#include <string.h>
+#include <o3tl/safeint.hxx>
#include <osl/diagnose.h>
#include <osl/mutex.hxx>
#include <sal/log.hxx>
@@ -68,20 +69,24 @@ XUnbufferedStream::XUnbufferedStream(
, mbCheckCRC(!bRecoveryMode && !utl::ConfigManager::IsFuzzing())
{
mnZipCurrent = maEntry.nOffset;
+ sal_Int64 nSize;
if ( mbRawStream )
{
mnZipSize = maEntry.nMethod == DEFLATED ? maEntry.nCompressedSize :
maEntry.nSize;
- mnZipEnd = maEntry.nOffset + mnZipSize;
+ nSize = mnZipSize;
}
else
{
mnZipSize = maEntry.nSize;
- mnZipEnd = maEntry.nMethod == DEFLATED ? maEntry.nOffset +
maEntry.nCompressedSize : maEntry.nOffset + maEntry.nSize;
+ nSize = maEntry.nMethod == DEFLATED ? maEntry.nCompressedSize :
maEntry.nSize;
}
if (mnZipSize < 0)
throw ZipIOException("The stream seems to be broken!");
+ if (o3tl::checked_add(maEntry.nOffset, nSize, mnZipEnd))
+ throw ZipIOException("Integer-overflow");
+
bool bHaveEncryptData = rData.is() && rData->m_aInitVector.hasElements() &&
((rData->m_aSalt.hasElements() && rData->m_nIterationCount != 0)
||
commit 0eabf4ca9600d7872fa98adc03cdc8fb5adeb658
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sun May 26 12:39:51 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:10 2024 +0200
ofz#69256 Integer-overflow
Change-Id: I564635a52282ee632a0c028199ec86dd4bff99a8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168044
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Tested-by: Jenkins
(cherry picked from commit 560f0f10a137f98ed2204bf8e00f892333d2dae8)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index e67a6a2568a1..cc73da23c7c3 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -614,6 +614,9 @@ MetaArcAction::MetaArcAction( const tools::Rectangle& rRect,
void MetaArcAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(maRect)))
+ return;
+
pOut->DrawArc( maRect, maStartPt, maEndPt );
}
commit 33ab9e6aedc83a93985f76df114d69a610ee92d1
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sat May 4 15:26:54 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:10 2024 +0200
ofz#68504 Integer-overflow
Change-Id: I38a5f6550e57875cea3d667a650e165b9d606fbe
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/167131
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit a401e72370133403f81492c31bdc45bddaba6d49)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 8fb1b0954049..e67a6a2568a1 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -672,6 +672,9 @@ MetaPieAction::MetaPieAction( const tools::Rectangle& rRect,
void MetaPieAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(maRect)))
+ return;
+
pOut->DrawPie( maRect, maStartPt, maEndPt );
}
commit 9aa4bcdeb91cd2d407d951d90e4d4aa5ccea7e78
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Mar 29 08:57:46 2024 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:10 2024 +0200
ofz#67699 Integer-overflow
Change-Id: Ifb949cb4816c21587f337827fe50f993a64a3f60
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165509
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 64fa566e659112b46d063dc0e0a89fe8f8065235)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index cacfabc69a07..8fb1b0954049 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1152,6 +1152,9 @@ MetaTextArrayAction::~MetaTextArrayAction()
void MetaTextArrayAction::Execute( OutputDevice* pOut )
{
+ if (!AllowPoint(pOut->LogicToPixel(maStartPt)))
+ return;
+
pOut->DrawTextArray( maStartPt, maStr, mpDXAry.get(), mnIndex, mnLen );
}
commit 105b85e6eb7936553d48cac282cfa3c411a85204
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Dec 4 10:58:35 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:09 2024 +0200
ofz#64680 Integer-overflow
Change-Id: Ic125ef6faf136a9821efc717214dd49ae24d6059
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160288
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 8bf16dc47e518e3cd2a6611b1c768ae589ea206e)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 099aead5eab3..cacfabc69a07 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1860,6 +1860,9 @@ MetaBmpExScalePartAction::MetaBmpExScalePartAction( const
Point& rDstPt, const S
void MetaBmpExScalePartAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(tools::Rectangle(maDstPt, maDstSz))))
+ return;
+
pOut->DrawBitmapEx( maDstPt, maDstSz, maSrcPt, maSrcSz, maBmpEx );
}
commit 24b7eeb4ecb7e2f975c7dd815c5b2d57eeaa7a2d
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Sep 12 11:49:23 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:09 2024 +0200
ofz#62155 skip line with negative width
Change-Id: I5549ac15a179051f6fb02786c53469479b0a2e67
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/156839
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 6a77594f380b596371a0a036a1e229e02e8666b9)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index a850568979b2..099aead5eab3 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1427,6 +1427,11 @@ MetaTextLineAction::MetaTextLineAction( const Point&
rPos, long nWidth,
void MetaTextLineAction::Execute( OutputDevice* pOut )
{
+ if (mnWidth < 0)
+ {
+ SAL_WARN("vcl", "skipping line with negative width: " << mnWidth);
+ return;
+ }
pOut->DrawTextLine( maPos, mnWidth, meStrikeout, meUnderline, meOverline );
}
commit b325068f2449f4e4ecb1c692ad9185385af1c2d4
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sun Jun 18 21:02:43 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:09 2024 +0200
ofz#59902 Integer-overflow
Change-Id: Iedb4ca9aef44ef8ead9b021075c4808001e9ae5b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/153237
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
(cherry picked from commit 1128a505a1637cce4c35871432ac902ca2335c64)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index dfe5e50cb352..a850568979b2 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -2044,7 +2044,7 @@ MetaMaskScalePartAction::MetaMaskScalePartAction( const
Point& rDstPt, const Siz
void MetaMaskScalePartAction::Execute( OutputDevice* pOut )
{
- if (!AllowRect(tools::Rectangle(maDstPt, maDstSz)))
+ if (!AllowRect(pOut->LogicToPixel(tools::Rectangle(maDstPt, maDstSz))))
return;
pOut->DrawMask( maDstPt, maDstSz, maSrcPt, maSrcSz, maBmp, maColor,
MetaActionType::MASKSCALE );
commit f4602772d918c26be74799f8a13f73a5ef5af0a9
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue May 9 08:45:34 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:09 2024 +0200
ofz#58756 Integer-overflow
Change-Id: Ie2782c1d68f73e5e88cf868eb1ce106ec0c181b0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151558
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit b7ec54b7c6e85d507066442de3b7398f34bbb653)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index b757c1650ef2..dfe5e50cb352 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1666,6 +1666,9 @@ MetaBmpScalePartAction::MetaBmpScalePartAction( const
Point& rDstPt, const Size&
void MetaBmpScalePartAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(tools::Rectangle(maDstPt, maDstSz))))
+ return;
+
pOut->DrawBitmap( maDstPt, maDstSz, maSrcPt, maSrcSz, maBmp );
}
commit e83ba53e791f24ed0142c9019c5f6d11d32dec11
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Apr 27 13:14:52 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:09 2024 +0200
ofz#58380 Integer-overflow
Change-Id: I88155f7f2abf42a11376d6f54aab28c233cf7e07
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151100
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit b9f78bec3558937d45b3a9d730c1c9d40a9c58d6)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 57431b99f4bb..b757c1650ef2 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1595,8 +1595,12 @@ static bool AllowScale(const Size& rSource, const Size&
rDest)
void MetaBmpScaleAction::Execute( OutputDevice* pOut )
{
- if (!AllowScale(maBmp.GetSizePixel(), pOut->LogicToPixel(maSz)))
+ Size aPixelSize(pOut->LogicToPixel(maSz));
+ if (!AllowRect(tools::Rectangle(pOut->LogicToPixel(maPt), aPixelSize)) ||
+ !AllowScale(maBmp.GetSizePixel(), aPixelSize))
+ {
return;
+ }
pOut->DrawBitmap( maPt, maSz, maBmp );
}
commit 599ed6b25beaeb131752ad5142bbed4b1414b6ac
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Apr 24 16:27:52 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:09 2024 +0200
ofz#58241 Integer-overflow
Change-Id: Ie5b82df4642c786e309022e3b5a436aef66d1137
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/150945
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 26b7d00c24c4d85d004e3840fb9053e4c88c1fee)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index e675c433d9f9..57431b99f4bb 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -2215,6 +2215,8 @@ void MetaHatchAction::Execute( OutputDevice* pOut )
{
if (!AllowRect(pOut->LogicToPixel(maPolyPoly.GetBoundRect())))
return;
+ if (!AllowDim(pOut->LogicToPixel(Point(maHatch.GetDistance(), 0)).X()))
+ return;
pOut->DrawHatch( maPolyPoly, maHatch );
}
commit d67c3dbbc349fcd2fea36b4b6f696eba11914fb1
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Mar 25 19:46:28 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:09 2024 +0200
ofz#57444 Integer-overflow
Change-Id: I8e18854379c6ad71ebe316d60fbf586cbdc240ae
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149584
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit c76c805472ff07695d1b1de5e5ed567162c5f227)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index b6b8fea92cfb..e675c433d9f9 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -2213,6 +2213,9 @@ MetaHatchAction::MetaHatchAction( const
tools::PolyPolygon& rPolyPoly, const Hat
void MetaHatchAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(maPolyPoly.GetBoundRect())))
+ return;
+
pOut->DrawHatch( maPolyPoly, maHatch );
}
commit 862fea2aacf1f7b356fc605d479776b14ba02768
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 23 16:31:04 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:09 2024 +0200
ofz#57146 Integer-overflow
Change-Id: Ic5a86254b5d969c8242c124fa0515e4f1537114f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/149460
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit f2033b6623e13ad70f6648545571594a8cd848c7)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index dc2bf58802ae..b6b8fea92cfb 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1029,28 +1029,33 @@ MetaTextAction::MetaTextAction( const Point& rPt, const
OUString& rStr,
mnLen ( nLen )
{}
-static bool AllowY(long nY)
+static bool AllowDim(long nDim)
{
static bool bFuzzing = utl::ConfigManager::IsFuzzing();
if (bFuzzing)
{
- if (nY > 0x20000000 || nY < -0x20000000)
+ if (nDim > 0x20000000 || nDim < -0x20000000)
{
- SAL_WARN("vcl", "skipping huge y: " << nY);
+ SAL_WARN("vcl", "skipping huge dimension: " << nDim);
return false;
}
}
return true;
}
+static bool AllowPoint(const Point& rPoint)
+{
+ return AllowDim(rPoint.X()) && AllowDim(rPoint.Y());
+}
+
static bool AllowRect(const tools::Rectangle& rRect)
{
- return AllowY(rRect.Top()) && AllowY(rRect.Bottom());
+ return AllowDim(rRect.Top()) && AllowDim(rRect.Bottom());
}
void MetaTextAction::Execute( OutputDevice* pOut )
{
- if (!AllowY(pOut->LogicToPixel(maPt).Y()))
+ if (!AllowDim(pOut->LogicToPixel(maPt).Y()))
return;
pOut->DrawText( maPt, maStr, mnIndex, mnLen );
@@ -1278,7 +1283,7 @@ MetaStretchTextAction::MetaStretchTextAction( const
Point& rPt, sal_uInt32 nWidt
void MetaStretchTextAction::Execute( OutputDevice* pOut )
{
- if (!AllowY(pOut->LogicToPixel(maPt).Y()))
+ if (!AllowDim(pOut->LogicToPixel(maPt).Y()))
return;
pOut->DrawStretchText( maPt, mnWidth, maStr, mnIndex, mnLen );
@@ -2461,7 +2466,7 @@ MetaMoveClipRegionAction::MetaMoveClipRegionAction( long
nHorzMove, long nVertMo
void MetaMoveClipRegionAction::Execute( OutputDevice* pOut )
{
- if (!AllowY(pOut->LogicToPixel(Point(mnHorzMove, mnVertMove)).Y()))
+ if (!AllowPoint(pOut->LogicToPixel(Point(mnHorzMove, mnVertMove))))
return;
pOut->MoveClipRegion( mnHorzMove, mnVertMove );
}
commit 056f1b8199f2b76b99075b9bdf744a12e284a1c2
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Mar 11 21:13:17 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:09 2024 +0200
ofz#56928 Integer-overflow
Change-Id: Ia20a42e16b50ab320e44405e60403c1d3b971bb5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/148692
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 668c44e841a10cec8932a446a941e6d7c386bf3b)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index af1fcdb749fa..dc2bf58802ae 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -2461,6 +2461,8 @@ MetaMoveClipRegionAction::MetaMoveClipRegionAction( long
nHorzMove, long nVertMo
void MetaMoveClipRegionAction::Execute( OutputDevice* pOut )
{
+ if (!AllowY(pOut->LogicToPixel(Point(mnHorzMove, mnVertMove)).Y()))
+ return;
pOut->MoveClipRegion( mnHorzMove, mnVertMove );
}
commit ac154553a8f869ec8e0d257868060f85d8a70d9c
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Feb 15 09:07:42 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:09 2024 +0200
ofz#55981 Integer-overflow
Change-Id: Id854f455f684c3eb11351da63dc173c1be8677bc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147044
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 2df61f1ea0cf85adf4c134ff98348e348e8c3d9a)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index db3a7d1ef285..af1fcdb749fa 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -2410,6 +2410,9 @@
MetaISectRegionClipRegionAction::MetaISectRegionClipRegionAction( const vcl::Reg
void MetaISectRegionClipRegionAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(maRegion.GetBoundRect())))
+ return;
+
pOut->IntersectClipRegion( maRegion );
}
commit 1e787c20339c4e99e67e92bd870ef1ccb6e87baf
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Jan 25 19:35:44 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:09 2024 +0200
ofz#55389 Integer-overflow
Change-Id: I98bd62634ca054a668513df426fca408c78e7c95
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146145
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 71a04c248411988697727cfe1ee6717f707422e6)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 60d876793dc6..db3a7d1ef285 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1777,6 +1777,8 @@ void MetaBmpExScaleAction::Execute( OutputDevice* pOut )
{
if (!AllowScale(maBmpEx.GetSizePixel(), pOut->LogicToPixel(maSz)))
return;
+ if (!AllowRect(pOut->LogicToPixel(tools::Rectangle(maPt, maSz))))
+ return;
pOut->DrawBitmapEx( maPt, maSz, maBmpEx );
}
commit 48cfada6e2496ab4f860ae88c9d08a9e67ecd471
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Dec 2 10:54:46 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:08 2024 +0200
ofz#53868 Integer-overflow
Change-Id: I5d6da712d5db9e0b8b19fca2101626a2a7e2907e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143569
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit bbe530a238e68d7338c51532f0f7991ccae8ba17)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index a523d4fc1f64..60d876793dc6 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -2030,6 +2030,9 @@ MetaMaskScalePartAction::MetaMaskScalePartAction( const
Point& rDstPt, const Siz
void MetaMaskScalePartAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(tools::Rectangle(maDstPt, maDstSz)))
+ return;
+
pOut->DrawMask( maDstPt, maDstSz, maSrcPt, maSrcSz, maBmp, maColor,
MetaActionType::MASKSCALE );
}
commit 8b815c48eab85029ed25051bb9d299f337d4a658
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Dec 7 20:58:06 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:08 2024 +0200
ofz#53824 Out-of-memory
Change-Id: Ia90527f97a4febf3bbdf1919e8db3d8ab5375ac6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143803
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 5d77fe6e7a386efda32a19d3bca587b1ad12715d)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 7d58ad9a5ccf..a523d4fc1f64 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1590,7 +1590,7 @@ static bool AllowScale(const Size& rSource, const Size&
rDest)
void MetaBmpScaleAction::Execute( OutputDevice* pOut )
{
- if (!AllowScale(maBmp.GetSizePixel(), maSz))
+ if (!AllowScale(maBmp.GetSizePixel(), pOut->LogicToPixel(maSz)))
return;
pOut->DrawBitmap( maPt, maSz, maBmp );
@@ -1775,7 +1775,7 @@ MetaBmpExScaleAction::MetaBmpExScaleAction( const Point&
rPt, const Size& rSz,
void MetaBmpExScaleAction::Execute( OutputDevice* pOut )
{
- if (!AllowScale(maBmpEx.GetSizePixel(), maSz))
+ if (!AllowScale(maBmpEx.GetSizePixel(), pOut->LogicToPixel(maSz)))
return;
pOut->DrawBitmapEx( maPt, maSz, maBmpEx );
commit b30013b5637b1bb1a79d2812a87b37c64cfbf88b
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Jan 6 20:27:01 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:08 2024 +0200
ofz#54707 Integer-overflow
Change-Id: I3b448ed2752bfbffa2f38db3fe0d4099b9f83b2a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/145164
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 8ddb962846020d1534454fdeea628bb72d92ba40)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 3d1c7bb4f4ea..7d58ad9a5ccf 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1963,6 +1963,8 @@ MetaMaskScaleAction::MetaMaskScaleAction( const Point&
rPt, const Size& rSz,
void MetaMaskScaleAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(pOut->LogicToPixel(tools::Rectangle(maPt, maSz))))
+ return;
pOut->DrawMask( maPt, maSz, maBmp, maColor );
}
commit 9c8748fc5c9b7e170db9759f9d9c9d12a27414f3
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Dec 19 10:33:18 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:08 2024 +0200
ofz#54240 Integer-overflow
Change-Id: I50c8f9579a9fb07431ad0d6eebc5f0df8e40ebd4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144463
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit ea7db3b0828f16d424910892f10a3b979dbf2ed3)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index d493e8a8d838..3d1c7bb4f4ea 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1050,7 +1050,7 @@ static bool AllowRect(const tools::Rectangle& rRect)
void MetaTextAction::Execute( OutputDevice* pOut )
{
- if (!AllowY(maPt.Y()))
+ if (!AllowY(pOut->LogicToPixel(maPt).Y()))
return;
pOut->DrawText( maPt, maStr, mnIndex, mnLen );
@@ -1278,6 +1278,9 @@ MetaStretchTextAction::MetaStretchTextAction( const
Point& rPt, sal_uInt32 nWidt
void MetaStretchTextAction::Execute( OutputDevice* pOut )
{
+ if (!AllowY(pOut->LogicToPixel(maPt).Y()))
+ return;
+
pOut->DrawStretchText( maPt, mnWidth, maStr, mnIndex, mnLen );
}
@@ -1347,7 +1350,7 @@ MetaTextRectAction::MetaTextRectAction( const
tools::Rectangle& rRect,
void MetaTextRectAction::Execute( OutputDevice* pOut )
{
- if (!AllowRect(maRect))
+ if (!AllowRect(pOut->LogicToPixel(maRect)))
return;
pOut->DrawText( maRect, maStr, mnStyle );
commit 00b321323db735403ab5780060b434b912f429f8
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Dec 12 20:25:13 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:08 2024 +0200
ofz#54240 Integer-overflow
Change-Id: I78058fa65c496ae537942222cff242943e6114ef
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144010
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit b49904f92d1df12311330cf7e40163349d0e82e9)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 7e7ba24ab19e..d493e8a8d838 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1029,8 +1029,30 @@ MetaTextAction::MetaTextAction( const Point& rPt, const
OUString& rStr,
mnLen ( nLen )
{}
+static bool AllowY(long nY)
+{
+ static bool bFuzzing = utl::ConfigManager::IsFuzzing();
+ if (bFuzzing)
+ {
+ if (nY > 0x20000000 || nY < -0x20000000)
+ {
+ SAL_WARN("vcl", "skipping huge y: " << nY);
+ return false;
+ }
+ }
+ return true;
+}
+
+static bool AllowRect(const tools::Rectangle& rRect)
+{
+ return AllowY(rRect.Top()) && AllowY(rRect.Bottom());
+}
+
void MetaTextAction::Execute( OutputDevice* pOut )
{
+ if (!AllowY(maPt.Y()))
+ return;
+
pOut->DrawText( maPt, maStr, mnIndex, mnLen );
}
@@ -1323,25 +1345,6 @@ MetaTextRectAction::MetaTextRectAction( const
tools::Rectangle& rRect,
mnStyle ( nStyle )
{}
-static bool AllowRect(const tools::Rectangle& rRect)
-{
- static bool bFuzzing = utl::ConfigManager::IsFuzzing();
- if (bFuzzing)
- {
- if (rRect.Top() > 0x20000000 || rRect.Top() < -0x20000000)
- {
- SAL_WARN("vcl", "skipping huge rect top: " << rRect.Top());
- return false;
- }
- if (rRect.Bottom() > 0x20000000 || rRect.Bottom() < -0x20000000)
- {
- SAL_WARN("vcl", "skipping huge rect bottom: " << rRect.Bottom());
- return false;
- }
- }
- return true;
-}
-
void MetaTextRectAction::Execute( OutputDevice* pOut )
{
if (!AllowRect(maRect))
commit 5c699dd69d8d0c8bc97e3246c25d5e56f09cd934
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Dec 4 11:54:33 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:08 2024 +0200
ofz#53842 Timeout
Change-Id: I24e5bf30c93bfe2ebb27c2b01232dbc8a42964a3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143630
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 60dbf73c1f42f09d52dc8ef9fcf7d902cf2b1dd4)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 2cefba90c1a9..7e7ba24ab19e 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1333,6 +1333,11 @@ static bool AllowRect(const tools::Rectangle& rRect)
SAL_WARN("vcl", "skipping huge rect top: " << rRect.Top());
return false;
}
+ if (rRect.Bottom() > 0x20000000 || rRect.Bottom() < -0x20000000)
+ {
+ SAL_WARN("vcl", "skipping huge rect bottom: " << rRect.Bottom());
+ return false;
+ }
}
return true;
}
commit 878d07d2be97d78cbf21caec344a0cb0a249319f
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Nov 26 19:27:03 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:08 2024 +0200
ofz#53764 Integer-overflow
Change-Id: I0d0ec07801fd612fde3028d4aad2f154c27bc551
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143327
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 21b88575af9e11115a6b124d8d9cb4e0a95e9fea)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 1dd2a94c82bb..2cefba90c1a9 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -28,6 +28,7 @@
#include <vcl/outdev.hxx>
#include <vcl/metaact.hxx>
#include <vcl/graphictools.hxx>
+#include <unotools/configmgr.hxx>
#include <unotools/fontdefs.hxx>
#include <TypeSerializer.hxx>
@@ -146,6 +147,8 @@ void ImplScaleLineInfo( LineInfo& rLineInfo, double
fScaleX, double fScaleY )
} //anonymous namespace
+static bool AllowRect(const tools::Rectangle& rRect);
+
MetaAction::MetaAction() :
mnType( MetaActionType::NONE )
{
@@ -1320,8 +1323,25 @@ MetaTextRectAction::MetaTextRectAction( const
tools::Rectangle& rRect,
mnStyle ( nStyle )
{}
+static bool AllowRect(const tools::Rectangle& rRect)
+{
+ static bool bFuzzing = utl::ConfigManager::IsFuzzing();
+ if (bFuzzing)
+ {
+ if (rRect.Top() > 0x20000000 || rRect.Top() < -0x20000000)
+ {
+ SAL_WARN("vcl", "skipping huge rect top: " << rRect.Top());
+ return false;
+ }
+ }
+ return true;
+}
+
void MetaTextRectAction::Execute( OutputDevice* pOut )
{
+ if (!AllowRect(maRect))
+ return;
+
pOut->DrawText( maRect, maStr, mnStyle );
}
commit 5debee6b2fda6a996c096cba4f890eed5a677a00
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 17 19:56:27 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:08 2024 +0200
ofz#45675 Timeout
Change-Id: Icd893d6e0361f9ffe2c88b20b08eaef32919d01a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131718
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit d277de1eac9ddc00eff3e5801ab29d8e8a9a3af7)
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 24055dfbc135..1dd2a94c82bb 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1519,8 +1519,49 @@ MetaBmpScaleAction::MetaBmpScaleAction( const Point&
rPt, const Size& rSz,
maSz ( rSz )
{}
+static bool AllowScale(const Size& rSource, const Size& rDest)
+{
+ if (utl::ConfigManager::IsFuzzing())
+ {
+ constexpr int nMaxScaleWhenFuzzing = 1024;
+
+ auto nSourceHeight = rSource.Height();
+ auto nDestHeight = rDest.Height();
+ if (nSourceHeight && nDestHeight > nSourceHeight && nDestHeight /
nSourceHeight > nMaxScaleWhenFuzzing)
+ {
+ SAL_WARN("vcl", "skipping large vertical scaling: " <<
nSourceHeight << " to " << nDestHeight);
+ return false;
+ }
+
+ if (nDestHeight && nSourceHeight > nDestHeight && nSourceHeight /
nDestHeight > nMaxScaleWhenFuzzing)
+ {
+ SAL_WARN("vcl", "skipping large vertical scaling: " <<
nSourceHeight << " to " << nDestHeight);
+ return false;
+ }
+
+ auto nSourceWidth = rSource.Width();
+ auto nDestWidth = rDest.Width();
+ if (nSourceWidth && nDestWidth > nSourceWidth && nDestWidth /
nSourceWidth > nMaxScaleWhenFuzzing)
+ {
+ SAL_WARN("vcl", "skipping large horizontal scaling: " <<
nSourceWidth << " to " << nDestWidth);
+ return false;
+ }
+
+ if (nDestWidth && nSourceWidth > nDestWidth && nSourceWidth /
nDestWidth > nMaxScaleWhenFuzzing)
+ {
+ SAL_WARN("vcl", "skipping large horizontal scaling: " <<
nSourceWidth << " to " << nDestWidth);
+ return false;
+ }
+ }
+
+ return true;
+}
+
void MetaBmpScaleAction::Execute( OutputDevice* pOut )
{
+ if (!AllowScale(maBmp.GetSizePixel(), maSz))
+ return;
+
pOut->DrawBitmap( maPt, maSz, maBmp );
}
@@ -1703,6 +1744,9 @@ MetaBmpExScaleAction::MetaBmpExScaleAction( const Point&
rPt, const Size& rSz,
void MetaBmpExScaleAction::Execute( OutputDevice* pOut )
{
+ if (!AllowScale(maBmpEx.GetSizePixel(), maSz))
+ return;
+
pOut->DrawBitmapEx( maPt, maSz, maBmpEx );
}
commit 582c91c71adbb51f7e781e284014aacc36ba0f58
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Dec 7 11:12:01 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:08 2024 +0200
ofz#54088 Use a DeleteListener rather than try to predict what gets deleted
Change-Id: I5e49e0904422ed513f302f05583ef8140b58ef72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143770
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 6e502de67a7a19d33dcb69cbd35366c4dd0850f9)
diff --git a/sw/source/filter/html/htmlftn.cxx
b/sw/source/filter/html/htmlftn.cxx
index 4e58dc4a3e27..da13b83ffc00 100644
--- a/sw/source/filter/html/htmlftn.cxx
+++ b/sw/source/filter/html/htmlftn.cxx
@@ -228,9 +228,9 @@ SwNodeIndex *SwHTMLParser::GetFootEndNoteSection( const
OUString& rName )
size_t nCount = m_pFootEndNoteImpl->aTextFootnotes.size();
for(size_t i = 0; i < nCount; ++i)
{
- if (m_pFootEndNoteImpl->aTextFootnotes[i].sName == aName)
+ if (m_pFootEndNoteImpl->aTextFootnotes[i].GetName() == aName)
{
- pStartNodeIdx =
m_pFootEndNoteImpl->aTextFootnotes[i].pTextFootnote->GetStartNode();
+ pStartNodeIdx =
m_pFootEndNoteImpl->aTextFootnotes[i].GetStartNode();
m_pFootEndNoteImpl->aTextFootnotes.erase(
m_pFootEndNoteImpl->aTextFootnotes.begin() + i );
if (m_pFootEndNoteImpl->aTextFootnotes.empty())
{
diff --git a/sw/source/filter/html/swhtml.hxx b/sw/source/filter/html/swhtml.hxx
index b3dc2b12ee5c..77e006b0506d 100644
--- a/sw/source/filter/html/swhtml.hxx
+++ b/sw/source/filter/html/swhtml.hxx
@@ -27,7 +27,10 @@
#include <svtools/htmltokn.h>
#include <editeng/svxenum.hxx>
#include <rtl/ref.hxx>
+#include <deletelistener.hxx>
+#include <fmtftn.hxx>
#include <fltshell.hxx>
+#include <txtftn.hxx>
#include <com/sun/star/drawing/XShape.hpp>
#include <com/sun/star/form/XFormComponent.hpp>
@@ -1013,14 +1016,30 @@ inline bool SwHTMLParser::HasStyleOptions( const
OUString &rStyle,
class SwTextFootnote;
-struct SwHTMLTextFootnote
+class SwHTMLTextFootnote
{
+private:
OUString sName;
+public:
SwTextFootnote* pTextFootnote;
+private:
+ std::unique_ptr<SvtDeleteListener> xDeleteListener;
+public:
SwHTMLTextFootnote(const OUString &rName, SwTextFootnote* pInTextFootnote)
: sName(rName)
, pTextFootnote(pInTextFootnote)
+ , xDeleteListener(new
SvtDeleteListener(static_cast<SwFormatFootnote&>(pInTextFootnote->GetAttr()).GetNotifier()))
+ {
+ }
+ const OUString& GetName() const
+ {
+ return sName;
+ }
+ SwNodeIndex* GetStartNode() const
{
+ if (xDeleteListener->WasDeleted())
+ return nullptr;
+ return pTextFootnote->GetStartNode();
}
};
commit 8768284741aff578a0cf5485351bf3bb6aa5715b
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Nov 17 13:15:27 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 18:23:08 2024 +0200
ofz#53457 sanity check the form field range
Change-Id: I2a1c82bb0590acf8f2399f2ea4b6b477600c7908
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/142840
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit f44f5f12605f32d92c2c1689e3e6888337eca2d9)
diff --git a/sw/source/filter/ww8/ww8par5.cxx b/sw/source/filter/ww8/ww8par5.cxx
index cbf45b2fbbfa..039f42511347 100644
--- a/sw/source/filter/ww8/ww8par5.cxx
+++ b/sw/source/filter/ww8/ww8par5.cxx
@@ -507,6 +507,20 @@ void SwWW8ImplReader::UpdateFields()
m_rDoc.SetInitDBFields(true); // Also update fields in the
database
}
+// Sanity check the PaM to see if it makes sense wrt sw::CalcBreaks
+static bool SanityCheck(const SwPaM& rFieldPam)
+{
+ sal_uLong const nEndNode(rFieldPam.End()->nNode.GetIndex());
+ SwNodes const& rNodes(rFieldPam.GetPoint()->nNode.GetNodes());
+ SwNode *const pFinalNode(rNodes[nEndNode]);
+ if (pFinalNode->IsTextNode())
+ {
+ SwTextNode & rTextNode(*pFinalNode->GetTextNode());
+ return (rTextNode.Len() >= rFieldPam.End()->nContent.GetIndex());
+ }
+ return true;
+}
+
sal_uInt16 SwWW8ImplReader::End_Field()
{
sal_uInt16 nRet = 0;
@@ -535,9 +549,9 @@ sal_uInt16 SwWW8ImplReader::End_Field()
SwPosition aEndPos = *m_pPaM->GetPoint();
SwPaM aFieldPam( m_aFieldStack.back().GetPtNode(),
m_aFieldStack.back().GetPtContent(), aEndPos.nNode,
aEndPos.nContent.GetIndex());
IDocumentMarkAccess* pMarksAccess = m_rDoc.getIDocumentMarkAccess(
);
- IFieldmark *pFieldmark = pMarksAccess->makeFieldBookmark(
+ IFieldmark *pFieldmark = SanityCheck(aFieldPam) ?
pMarksAccess->makeFieldBookmark(
aFieldPam, m_aFieldStack.back().GetBookmarkName(),
ODF_FORMTEXT,
- aFieldPam.Start() /*same pos as start!*/ );
+ aFieldPam.Start() /*same pos as start!*/ ) : nullptr;
OSL_ENSURE(pFieldmark!=nullptr, "hmmm; why was the bookmark not
created?");
if (pFieldmark!=nullptr) {
// adapt redline positions to inserted field mark start
commit 2c7f3f13919fe8cedd45eba237b7a674f7a943c6
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Oct 3 09:14:45 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 17:47:47 2024 +0200
ofz#62935 avoid negative numbers in olHanglJaso
Change-Id: I3898b95e9d2fe60690889ba259859ed9f66636d1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/157461
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 39454ba46cef98b59b012f791de77d1526ed2d13)
diff --git a/hwpfilter/source/hbox.cxx b/hwpfilter/source/hbox.cxx
index 3309b6a732d9..499664914e2b 100644
--- a/hwpfilter/source/hbox.cxx
+++ b/hwpfilter/source/hbox.cxx
@@ -422,7 +422,7 @@ hchar_string MailMerge::GetString()
#define OL_HANGL_JASO 0
#define OL_HANGL_KANATA 1
-static hchar olHanglJaso(int num, int type)
+static hchar olHanglJaso(unsigned int num, int type)
{
static const unsigned char han_init[] =
{ 0x88, 0x90, 0x94, 0x9c, 0xa0, 0xa4, 0xac, 0xb4, 0xb8, 0xc0, 0xc4,
0xc8, 0xcc, 0xd0 };
commit 4955972633973c251ae83bb135b252ec12971765
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Feb 10 15:02:52 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 17:47:47 2024 +0200
ofz: Use-of-uninitialized-value
Change-Id: I033fab3ea016d3b57891a35602920b7de811ccb4
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146784
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit d6b590feda1c61fd5ed14c0be66379b8e5de0c6a)
diff --git a/hwpfilter/source/hbox.cxx b/hwpfilter/source/hbox.cxx
index d882dd4fbb02..3309b6a732d9 100644
--- a/hwpfilter/source/hbox.cxx
+++ b/hwpfilter/source/hbox.cxx
@@ -570,11 +570,13 @@ hchar_string Outline::GetUnicode() const
case OLSTY_NUMS2:
{
char cur_num_str[10], buf[80];
- int i;
buf[0] = 0;
- for (i = 0; i <= level; i++)
+ for (unsigned int i = 0; i <= level; ++i)
{
+ if (i >= std::size(number))
+ break;
+
levelnum = ((number[i] < 1) ? 1 : number[i]);
if (shape == OLSTY_NUMS2 && i && i == level)
sprintf(cur_num_str, "%d%c", levelnum, 0);
commit 03e6ffac76778ea877260e94190abc03513893ff
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Jun 21 08:57:03 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 17:47:47 2024 +0200
ofz#48161 Container-overflow
Change-Id: I99a63c3cfa48344221dbe4a7400d313d875abd82
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136207
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 8fb6f3d894093c729e8ee304f8b6fb553a7ceac4)
diff --git a/hwpfilter/source/hwpreader.cxx b/hwpfilter/source/hwpreader.cxx
index 12eb4960f97f..98ad5a60b1fd 100644
--- a/hwpfilter/source/hwpreader.cxx
+++ b/hwpfilter/source/hwpreader.cxx
@@ -2876,7 +2876,7 @@ void HwpReader::make_text_p3(HWPPara * para,bool
bParaStart)
d->bInHeader = false;
}
- for (n = 0; n < para->nch && para->hhstr[n]->hh;
+ for (n = 0; n < para->nch && o3tl::make_unsigned(n) < para->hhstr.size()
&& para->hhstr[n]->hh;
n += para->hhstr[n]->WSize())
{
if( para->hhstr[n]->hh == CH_END_PARA )
commit 9aa32f28b7ba92e80714fef3e6b233508c194394
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Feb 6 19:58:40 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 17:47:47 2024 +0200
ofz#55751 check that level is valid
Change-Id: I971bdcc62fd3775f8f75bf69db41182afc4baefc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146528
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 8b4b771edf6733d91b48ad2739fec9a2827bccf5)
diff --git a/hwpfilter/source/hbox.cxx b/hwpfilter/source/hbox.cxx
index a5bbb199f030..d882dd4fbb02 100644
--- a/hwpfilter/source/hbox.cxx
+++ b/hwpfilter/source/hbox.cxx
@@ -458,7 +458,7 @@ static hchar olHanglJaso(int num, int type)
static const hchar *GetOutlineStyleChars(int style)
{
- static const hchar out_bul_style_entry[5][8] = // extern
+ static const hchar out_bul_style_entry[5][MAX_OUTLINE_LEVEL+1] = // extern
{
{ // 0 OLSTY_BULLET1
0x2f18, 0x2f12, 0x2f08, 0x2f02, 0x2f06, 0x2f00, 0x2043, 0x0000
@@ -473,7 +473,7 @@ static const hchar *GetOutlineStyleChars(int style)
0x2f18, 0x2f16, 0x2f12, 0x2f10, 0x2f06, 0x2f00, 0x2043, 0x0000
},
{
- 0xAC61, 0xB677, 0xB861, 0xB8F7, 0xB781, 0x0000
+ 0xAC61, 0xB677, 0xB861, 0xB8F7, 0xB781, 0x0000, 0x0000, 0x0000
},
};
if (style >= OLSTY_BULLET1 && style <= OLSTY_BULLET5)
@@ -598,12 +598,15 @@ hchar_string Outline::GetUnicode() const
case OLSTY_BULLET3:
case OLSTY_BULLET4:
case OLSTY_BULLET5:
+ {
+ if (level < MAX_OUTLINE_LEVEL)
{
- p = GetOutlineStyleChars(shape);
- buffer[0] = p[level];
- buffer[1] = 0;
- return hstr2ucsstr(buffer);
+ p = GetOutlineStyleChars(shape);
+ buffer[0] = p[level];
+ buffer[1] = 0;
}
+ return hstr2ucsstr(buffer);
+ }
case OLSTY_USER:
case OLSTY_BULUSER:
{
commit 11666a051748a91d880a109bc60cb5353d4cff40
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Jan 30 09:15:17 2023 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 17:47:47 2024 +0200
ofz#555520 check level is < MAX_OUTLINE_LEVEL
Change-Id: I61ac10f40cd754a1ea3186ab89e9bfd1e99dc563
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146318
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 88bba54b0818813d23f31866aa7819fc81201ac6)
diff --git a/hwpfilter/source/hbox.cxx b/hwpfilter/source/hbox.cxx
index 8dd99cd24c51..a5bbb199f030 100644
--- a/hwpfilter/source/hbox.cxx
+++ b/hwpfilter/source/hbox.cxx
@@ -588,10 +588,11 @@ hchar_string Outline::GetUnicode() const
case OLSTY_NUMSIG1:
case OLSTY_NUMSIG2:
case OLSTY_NUMSIG3:
- {
- getOutlineNumStr(shape, level, number[level], buffer);
+ {
+ if (level < std::size(number))
+ getOutlineNumStr(shape, level, number[level], buffer);
return hstr2ucsstr(buffer);
- }
+ }
case OLSTY_BULLET1:
case OLSTY_BULLET2:
case OLSTY_BULLET3:
commit e7b640b7fc59289c090ca7855181d383448902d6
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Dec 19 21:19:40 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 17:47:47 2024 +0200
cid#1517796 Out-of-bounds read
Change-Id: I930e3888cfa3363b9183619225f0d4cdca197cdd
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144548
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 9d846a1d77a1ba157c55589a6b2ccb6388eef35d)
diff --git a/hwpfilter/source/hbox.cxx b/hwpfilter/source/hbox.cxx
index f2b672afed61..8dd99cd24c51 100644
--- a/hwpfilter/source/hbox.cxx
+++ b/hwpfilter/source/hbox.cxx
@@ -609,7 +609,7 @@ hchar_string Outline::GetUnicode() const
char dest[80];
int l = 0;
unsigned int i = level;
- if( deco[i][0] ){
+ if (i < std::size(deco) && deco[i][0]) {
buffer[l++] = deco[i][0];
}
/* level starts from zero. ex) '1.1.1.' is the level 2.
@@ -687,7 +687,7 @@ hchar_string Outline::GetUnicode() const
break;
}
}
- if( deco[i][1] ){
+ if (i < std::size(deco) && deco[i][1]) {
buffer[l++] = deco[i][1];
}
buffer[l] = 0;
commit 3413610efe271ef162f39fd56caf78862b32fbc4
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Dec 18 16:31:44 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 17:47:47 2024 +0200
ofz#54402 check bounds
git show -w
Change-Id: I8e7c719a9f1c38f151eb7e59ec222849eb2e28f9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144403
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit f88056b02164fee4b8ce56554f71daf33eb07482)
diff --git a/hwpfilter/source/hbox.cxx b/hwpfilter/source/hbox.cxx
index 2f3536c3f56c..f2b672afed61 100644
--- a/hwpfilter/source/hbox.cxx
+++ b/hwpfilter/source/hbox.cxx
@@ -608,7 +608,7 @@ hchar_string Outline::GetUnicode() const
{
char dest[80];
int l = 0;
- int i = level;
+ unsigned int i = level;
if( deco[i][0] ){
buffer[l++] = deco[i][0];
}
@@ -616,73 +616,76 @@ hchar_string Outline::GetUnicode() const
number has the value. ex) '1.2.1' has '1,2,1'
style has the value which starts from 1 according to the definition in
hbox.h
*/
- switch( user_shape[i] )
+ if (i < std::size(user_shape))
{
- case 0:
- buffer[l++] = '1' + number[i] - 1;
- break;
- case 1: /* Uppercase Roman */
- case 2: /* Lowercase Roman */
- num2roman(number[i], dest);
- if( user_shape[i] == 1 ){
- char *ptr = dest;
- while( *ptr )
- {
- *ptr =
sal::static_int_cast<char>(rtl::toAsciiUpperCase(static_cast<unsigned
char>(*ptr)));
- ptr++;
+ switch( user_shape[i] )
+ {
+ case 0:
+ buffer[l++] = '1' + number[i] - 1;
+ break;
+ case 1: /* Uppercase Roman */
+ case 2: /* Lowercase Roman */
+ num2roman(number[i], dest);
+ if( user_shape[i] == 1 ){
+ char *ptr = dest;
+ while( *ptr )
+ {
+ *ptr =
sal::static_int_cast<char>(rtl::toAsciiUpperCase(static_cast<unsigned
char>(*ptr)));
+ ptr++;
+ }
}
+ str2hstr(dest, buffer + l);
+ l += strlen(dest);
+ break;
+ case 3:
+ buffer[l++] = 'A' + number[i] -1;
+ break;
+ case 4:
+ buffer[l++] = 'a' + number[i] -1;
+ break;
+ case 5:
+ buffer[l++] = olHanglJaso(number[i] -1,
OL_HANGL_KANATA);
+ break;
+ case 6:
+ buffer[l++] = olHanglJaso(number[i] -1,
OL_HANGL_JASO);
+ break;
+ case 7: /* Chinese numbers: the number represented
by the general */
+ buffer[l++] = '1' + number[i] -1;
+ break;
+ case 8: /* Circled numbers */
+ buffer[l++] = 0x2e00 + number[i];
+ break;
+ case 9: /* Circled lowercase alphabet */
+ buffer[l++] = 0x2c20 + number[i];
+ break;
+ case 10: /* Circled Korean Alphabet */
+ buffer[l++] = 0x2c50 + number[i] -1;
+ break;
+ case 11: /* Circled Korean Characters */
+ buffer[l++] = 0x2c40 + number[i] -1;
+ break;
+ case 12: /* Sequenced numbers. */
+ {
+ char cur_num_str[10],buf[80];
+ int j;
+ buf[0] = 0;
+ for (j = 0; j <= level; j++)
+ {
+ levelnum = ((number[j] < 1) ? 1 :
number[j]);
+ if ((j && j == level) || (j == level &&
deco[i][1]))
+ sprintf(cur_num_str, "%d%c",
levelnum, 0);
+ else
+ sprintf(cur_num_str, "%d%c",
levelnum, '.');
+ strcat(buf, cur_num_str);
+ }
+ str2hstr(buf, buffer + l);
+ l += strlen(buf);
+ break;
}
- str2hstr(dest, buffer + l);
- l += strlen(dest);
- break;
- case 3:
- buffer[l++] = 'A' + number[i] -1;
- break;
- case 4:
- buffer[l++] = 'a' + number[i] -1;
- break;
- case 5:
- buffer[l++] = olHanglJaso(number[i] -1,
OL_HANGL_KANATA);
- break;
- case 6:
- buffer[l++] = olHanglJaso(number[i] -1,
OL_HANGL_JASO);
- break;
- case 7: /* Chinese numbers: the number represented by
the general */
- buffer[l++] = '1' + number[i] -1;
- break;
- case 8: /* Circled numbers */
- buffer[l++] = 0x2e00 + number[i];
- break;
- case 9: /* Circled lowercase alphabet */
- buffer[l++] = 0x2c20 + number[i];
- break;
- case 10: /* Circled Korean Alphabet */
- buffer[l++] = 0x2c50 + number[i] -1;
- break;
- case 11: /* Circled Korean Characters */
- buffer[l++] = 0x2c40 + number[i] -1;
- break;
- case 12: /* Sequenced numbers. */
- {
- char cur_num_str[10],buf[80];
- int j;
- buf[0] = 0;
- for (j = 0; j <= level; j++)
- {
- levelnum = ((number[j] < 1) ? 1 : number[j]);
- if ((j && j == level) || (j == level &&
deco[i][1]))
- sprintf(cur_num_str, "%d%c", levelnum,
0);
- else
- sprintf(cur_num_str, "%d%c", levelnum,
'.');
- strcat(buf, cur_num_str);
- }
- str2hstr(buf, buffer + l);
- l += strlen(buf);
- break;
+ default:
+ buffer[l++] = user_shape[i];
+ break;
}
- default:
- buffer[l++] = user_shape[i];
- break;
}
if( deco[i][1] ){
buffer[l++] = deco[i][1];
commit 5dd2c7b525400033dde3f14a48cf83ef44baa30f
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 24 20:14:41 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 17:47:47 2024 +0200
ofz: ensure unsigned index
Change-Id: I38d6238a6eede0188f942229b2fb931614e56309
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132090
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit e8c95b796626cb9db163f5d563fa67f38a5e92b0)
diff --git a/hwpfilter/source/hbox.cxx b/hwpfilter/source/hbox.cxx
index 8db7fc413cd5..2f3536c3f56c 100644
--- a/hwpfilter/source/hbox.cxx
+++ b/hwpfilter/source/hbox.cxx
@@ -29,6 +29,7 @@
#include "hcode.h"
#include "datecode.h"
+#include <o3tl/safeint.hxx>
#include <rtl/character.hxx>
int HBox::boxCount = 0;
@@ -173,7 +174,7 @@ hchar_string DateCode::GetString()
case '@':
{
static_assert((std::size(eng_mon) - 1) / 3 == 12);
- size_t nIndex = (date[MONTH] - 1) % 12;
+ size_t nIndex = o3tl::make_unsigned(date[MONTH] - 1) % 12;
memcpy(cbuf, eng_mon + nIndex * 3, 3);
cbuf[3] = '.';
cbuf[4] = 0;
@@ -181,7 +182,7 @@ hchar_string DateCode::GetString()
}
case '*':
{
- size_t nIndex = (date[MONTH] - 1) % std::size(en_mon);
+ size_t nIndex = o3tl::make_unsigned(date[MONTH] - 1) %
std::size(en_mon);
strncat(cbuf, en_mon[nIndex], sizeof(cbuf) - strlen(cbuf) - 1);
break;
}
@@ -218,14 +219,14 @@ hchar_string DateCode::GetString()
break;
case '6':
{
- size_t nIndex = date[WEEK] % std::size(kor_week);
+ size_t nIndex = o3tl::make_unsigned(date[WEEK]) %
std::size(kor_week);
ret.push_back(kor_week[nIndex]);
break;
}
case '^':
{
static_assert((std::size(eng_week) - 1) / 3 == 7);
- size_t nIndex = date[WEEK] % 7;
+ size_t nIndex = o3tl::make_unsigned(date[WEEK]) % 7;
memcpy(cbuf, eng_week + nIndex * 3, 3);
cbuf[3] = '.';
cbuf[4] = 0;
@@ -233,7 +234,7 @@ hchar_string DateCode::GetString()
}
case '_':
{
- size_t nIndex = date[WEEK] % std::size(en_week);
+ size_t nIndex = o3tl::make_unsigned(date[WEEK]) %
std::size(en_week);
strncat(cbuf, en_week[nIndex], sizeof(cbuf) - strlen(cbuf) - 1);
break;
}
@@ -272,7 +273,7 @@ hchar_string DateCode::GetString()
fmt++;
if (*fmt == '6')
{
- size_t nIndex = date[WEEK] % std::size(china_week);
+ size_t nIndex = o3tl::make_unsigned(date[WEEK]) %
std::size(china_week);
ret.push_back(china_week[nIndex]);
break;
}
commit 83440d26068e5f48da4c1b1783d6cac4fdf4c1d7
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Mar 7 09:42:08 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 27 17:47:47 2024 +0200
ofz#45314 limit to valid day/month indexes
Change-Id: Ibf53fa1a0c1db3046a25367fb79da3b90f7cd924
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131098
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 685956b45355324f7fef1c9bfc514a4dcf58b35b)
diff --git a/hwpfilter/source/hbox.cxx b/hwpfilter/source/hbox.cxx
index 2af25d8793c3..8db7fc413cd5 100644
--- a/hwpfilter/source/hbox.cxx
+++ b/hwpfilter/source/hbox.cxx
@@ -171,13 +171,20 @@ hchar_string DateCode::GetString()
num = date[MONTH];
break;
case '@':
- memcpy(cbuf, eng_mon + (date[MONTH] - 1) * 3, 3);
+ {
+ static_assert((std::size(eng_mon) - 1) / 3 == 12);
+ size_t nIndex = (date[MONTH] - 1) % 12;
+ memcpy(cbuf, eng_mon + nIndex * 3, 3);
cbuf[3] = '.';
cbuf[4] = 0;
- break;
+ break;
+ }
case '*':
- strncat(cbuf, en_mon[date[MONTH] - 1], sizeof(cbuf) - strlen(cbuf)
- 1);
+ {
+ size_t nIndex = (date[MONTH] - 1) % std::size(en_mon);
+ strncat(cbuf, en_mon[nIndex], sizeof(cbuf) - strlen(cbuf) - 1);
break;
+ }
case '3': /* 'D' is day of korean */
num = date[DAY];
break;
@@ -210,16 +217,26 @@ hchar_string DateCode::GetString()
num = date[MIN];
break;
case '6':
- ret.push_back(kor_week[date[WEEK]]);
+ {
+ size_t nIndex = date[WEEK] % std::size(kor_week);
+ ret.push_back(kor_week[nIndex]);
break;
+ }
case '^':
- memcpy(cbuf, eng_week + date[WEEK] * 3, 3);
+ {
+ static_assert((std::size(eng_week) - 1) / 3 == 7);
+ size_t nIndex = date[WEEK] % 7;
+ memcpy(cbuf, eng_week + nIndex * 3, 3);
cbuf[3] = '.';
cbuf[4] = 0;
break;
+ }
case '_':
- strncat(cbuf, en_week[date[WEEK]], sizeof(cbuf) - strlen(cbuf) -
1);
+ {
+ size_t nIndex = date[WEEK] % std::size(en_week);
+ strncat(cbuf, en_week[nIndex], sizeof(cbuf) - strlen(cbuf) - 1);
break;
+ }
case '7':
ret.push_back(0xB5A1);
ret.push_back(is_pm ? 0xD281 : 0xB8E5);
@@ -255,7 +272,8 @@ hchar_string DateCode::GetString()
fmt++;
if (*fmt == '6')
{
- ret.push_back(china_week[date[WEEK]]);
+ size_t nIndex = date[WEEK] % std::size(china_week);
+ ret.push_back(china_week[nIndex]);
break;
}
break;
