Prevent crash on assert error coming from orcus::css_parser::parse().

It was caused by an unsigned integer underflow i.e. 0 - 1 on size_t.

Change-Id: I579aefa8ffc9e320fadf7180f51711e535fdb778
Reviewed-on: https://gerrit.libreoffice.org/63057
Tested-by: Jenkins
Reviewed-by: Markus Mohrhard <markus.mohrhard@googlemail.com>

2 files changed, 28 insertions, 0 deletions

diff --git a/external/liborcus/0001-Prevent-unsigned-integer-underflow.patch b/external/liborcus/0001-Prevent-unsigned-integer-underflow.patch
new file mode 100644
index 000000000000..3353857a2d10
--- /dev/null
+++ b/external/liborcus/0001-Prevent-unsigned-integer-underflow.patch
@@ -0,0 +1,27 @@
+From 1967be013804f4f578b53659d7ef459b4c35de9f Mon Sep 17 00:00:00 2001
+From: Kohei Yoshida <kohei.yoshida@gmail.com>
+Date: Wed, 7 Nov 2018 21:08:40 -0500
+Subject: [PATCH] Prevent unsigned integer underflow.
+
+(cherry picked from commit 40bbce85048b77c545103af124f3d9831dd4a458)
+---
+ src/parser/parser_base.cpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/parser/parser_base.cpp b/src/parser/parser_base.cpp
+index 586d495f..9d426efb 100644
+--- a/src/parser/parser_base.cpp
++++ b/src/parser/parser_base.cpp
+@@ -120,7 +120,8 @@ double parser_base::parse_double()
+ 
+ size_t parser_base::remaining_size() const
+ {
+-    return std::distance(mp_char, mp_end) - 1;
++    size_t n = std::distance(mp_char, mp_end);
++    return n ? (n - 1) : 0;
+ }
+ 
+ std::ptrdiff_t parser_base::offset() const
+-- 
+2.17.1
+
diff --git a/external/liborcus/UnpackedTarball_liborcus.mk b/external/liborcus/UnpackedTarball_liborcus.mk
index 7669390cc661..94ef29f80462 100644
--- a/external/liborcus/UnpackedTarball_liborcus.mk
+++ b/external/liborcus/UnpackedTarball_liborcus.mk
@@ -23,6 +23,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
 	external/liborcus/rpath.patch.0 \
 	external/liborcus/gcc9.patch.0 \
 	external/liborcus/version.patch.0 \
+	external/liborcus/0001-Prevent-unsigned-integer-underflow.patch \
 ))
 
 ifeq ($(OS),WNT)