diff options
author | Mike Kaganski <mike.kaganski@collabora.com> | 2023-11-04 17:53:47 +0300 |
---|---|---|
committer | Mike Kaganski <mike.kaganski@collabora.com> | 2023-11-04 20:06:26 +0100 |
commit | 2bf894e91adf8783baaabc2203f7e97c4b8f3ca7 (patch) | |
tree | 6673b1fa7b81e4847b044530f03efce6648abba5 /desktop | |
parent | e14a55c9aa834c160e9a5c70f0de3b0635cde66f (diff) |
External data must be checked when parsed
Change-Id: I8bc5afb29fe22a4b06462a7c61b689c88c41003f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158938
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Diffstat (limited to 'desktop')
-rw-r--r-- | desktop/source/lib/init.cxx | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/desktop/source/lib/init.cxx b/desktop/source/lib/init.cxx index 92628177cb66..71eeabcbc380 100644 --- a/desktop/source/lib/init.cxx +++ b/desktop/source/lib/init.cxx @@ -542,34 +542,38 @@ RectangleAndPart RectangleAndPart::Create(const OString& rPayload) const char* pos = rPayload.getStr(); const char* end = rPayload.getStr() + rPayload.getLength(); tools::Long nLeft = rtl_str_toInt64_WithLength(pos, 10, end - pos); - while( *pos != ',' ) + while (pos < end && *pos != ',') + ++pos; + if (pos < end) ++pos; - ++pos; assert(pos < end); tools::Long nTop = rtl_str_toInt64_WithLength(pos, 10, end - pos); - while( *pos != ',' ) + while (pos < end && *pos != ',') + ++pos; + if (pos < end) ++pos; - ++pos; assert(pos < end); tools::Long nWidth = rtl_str_toInt64_WithLength(pos, 10, end - pos); - while( *pos != ',' ) + while (pos < end && *pos != ',') + ++pos; + if (pos < end) ++pos; - ++pos; assert(pos < end); tools::Long nHeight = rtl_str_toInt64_WithLength(pos, 10, end - pos); tools::Long nPart = INT_MIN; tools::Long nMode = 0; if (comphelper::LibreOfficeKit::isPartInInvalidation()) { - while( *pos != ',' ) + while (pos < end && *pos != ',') + ++pos; + if (pos < end) ++pos; - ++pos; assert(pos < end); nPart = rtl_str_toInt64_WithLength(pos, 10, end - pos); - while( *pos && *pos != ',' ) + while (pos < end && *pos != ',') ++pos; - if (*pos) + if (pos < end) { ++pos; assert(pos < end); |