On 01/08/2013 02:19 PM, julien2412 wrote:
Reading this thread, I took a look at sal/rtl/source/strtmpl.cxx 969 static IMPL_RTL_STRINGDATA* IMPL_RTL_STRINGNAME( ImplAlloc )( sal_Int32 nLen ) 970 { 971 IMPL_RTL_STRINGDATA * pData 972 = (sal::static_int_cast< sal_uInt32 >(nLen) 973 <= ((SAL_MAX_UINT32 - sizeof (IMPL_RTL_STRINGDATA)) 974 / sizeof (IMPL_RTL_STRCODE))) 975 ? (IMPL_RTL_STRINGDATA *) rtl_allocateMemory( 976 sizeof (IMPL_RTL_STRINGDATA) + nLen * sizeof (IMPL_RTL_STRCODE)) 977 : NULL; 978 if (pData != NULL) { 979 pData->refCount = 1; 980 pData->length = nLen; 981 pData->buffer[nLen] = 0; 982 } 983 return pData; 984 }Since we cast "nLen" parameter in "sal_uInt32", could it help to add an assert about nLen should be >= 0 ?
Such an assert would surely not hurt, but I suspect that there are call sites that do not catch overflow of computed length values (where such overflow can lead to wrong values that are negative as well as non-negative), so such an assert alone would not help catch all the problematic call sites.
Stephan _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
