diff options
author | Stephan Bergmann <sbergman@redhat.com> | 2014-11-18 11:18:04 +0100 |
---|---|---|
committer | Stephan Bergmann <sbergman@redhat.com> | 2014-11-18 11:18:04 +0100 |
commit | 24714f5eaa08016da3f8a74f4842b25eb37ad814 (patch) | |
tree | 2c99620320e831b7127495fd97f11764a82d5be9 /registry | |
parent | 04d4b703a0cad67ddbb149303e73bc722cd06884 (diff) |
Fix memchr checks
(thanks caolan for spotting)
Change-Id: I17093b4173b9a2fca2760240375bcb14313224ef
Diffstat (limited to 'registry')
-rw-r--r-- | registry/source/reflread.cxx | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/registry/source/reflread.cxx b/registry/source/reflread.cxx index e226fbf1edf7..838010c66b2d 100644 --- a/registry/source/reflread.cxx +++ b/registry/source/reflread.cxx @@ -363,7 +363,8 @@ const sal_Char* ConstantPool::readUTF8NameConstant(sal_uInt16 index) if (readUINT16(m_pIndex[index - 1] + CP_OFFSET_ENTRY_TAG) == CP_TAG_UTF8_NAME) { sal_uInt32 n = m_pIndex[index - 1] + CP_OFFSET_ENTRY_DATA; - if (n < m_bufferLen && std::memchr(m_pBuffer, 0, n) != nullptr) + if (n < m_bufferLen + && std::memchr(m_pBuffer + n, 0, m_bufferLen - n) != nullptr) { aName = (const sal_Char*) (m_pBuffer + n); } @@ -564,7 +565,9 @@ const sal_Unicode* ConstantPool::readStringConstant(sal_uInt16 index) if (readUINT16(m_pIndex[index - 1] + CP_OFFSET_ENTRY_TAG) == CP_TAG_CONST_STRING) { sal_uInt32 n = m_pIndex[index - 1] + CP_OFFSET_ENTRY_DATA; - if (n >= m_bufferLen || std::memchr(m_pBuffer, 0, n) == nullptr) + if (n >= m_bufferLen + || (std::memchr(m_pBuffer + n, 0, m_bufferLen - n) + == nullptr)) { throw BoundsError(); } |