diff options
| author | Michael Stahl <Michael.Stahl@cib.de> | 2018-05-17 12:13:36 +0200 |
|---|---|---|
| committer | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2018-06-14 16:18:52 +0200 |
| commit | 9ec142c0019045ee6745d208c65c76a50bfb7211 (patch) | |
| tree | 7a373c99b115a43bbd8740e9cc54aaf1126d1722 | |
| parent | sw_redlinehide: remove "protected" SwAttrIter::m_pHints member (diff) | |
| download | core-9ec142c0019045ee6745d208c65c76a50bfb7211.tar.gz core-9ec142c0019045ee6745d208c65c76a50bfb7211.zip | |
sw_redlinehide: fix the fieldmark toxic waste in GetNextAttr()
Out of bounds indexes returned here trigger assertions in new
mapping functions.
Why would you set it to p+1 anyway?
Change-Id: I024e1ab6f40b5545c2e9f71f63620be57fba31d2
| -rw-r--r-- | sw/source/core/text/itratr.cxx | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/sw/source/core/text/itratr.cxx b/sw/source/core/text/itratr.cxx index de6acf854a4c..51fe213ecef8 100644 --- a/sw/source/core/text/itratr.cxx +++ b/sw/source/core/text/itratr.cxx @@ -629,7 +629,9 @@ static sal_Int32 GetNextAttrImpl(SwTextNode const*const pTextNode, size_t const nStartIndex, size_t const nEndIndex, sal_Int32 const nPosition) { - sal_Int32 nNext = COMPLETE_STRING; + // note: this used to be COMPLETE_STRING, but was set to Len() + 1 below, + // which is rather silly, so set it to Len() instead + sal_Int32 nNext = pTextNode->Len(); if (SwpHints const*const pHints = pTextNode->GetpSwpHints()) { // are there attribute starts left? @@ -654,29 +656,27 @@ static sal_Int32 GetNextAttrImpl(SwTextNode const*const pTextNode, } } } - if (pTextNode != nullptr) + // TODO: maybe use hints like FieldHints for this instead of looking at the text... + const sal_Int32 l = std::min(nNext, pTextNode->Len()); + sal_Int32 p = nPosition; + const sal_Unicode* pStr = pTextNode->GetText().getStr(); + while (p < l) { - // TODO: maybe use hints like FieldHints for this instead of looking at the text... - const sal_Int32 l = std::min(nNext, pTextNode->Len()); - sal_Int32 p = nPosition; - const sal_Unicode* aStr = pTextNode->GetText().getStr(); - while (p<l) + sal_Unicode aChar = pStr[p]; + if (aChar < CH_TXT_ATR_FORMELEMENT + || aChar > CH_TXT_ATR_FIELDEND) { - sal_Unicode aChar = aStr[p]; - if (aChar < CH_TXT_ATR_FORMELEMENT - || aChar > CH_TXT_ATR_FIELDEND) - { - ++p; - } - else - { - break; - } + ++p; } - if ((p < l && nPosition < p) || nNext <= p) - nNext=p; else - nNext=p+1; + { + break; + } + } + assert(p <= nNext); + if (p < l && nPosition < p) + { + nNext=p; } return nNext; } |