fdo#78906 : File crashes while opening.

Handled a memory corruption. Change-Id: I195d17bcd0a9a86bcc96cc7ad14f1d5f2908cf8c Reviewed-on: https://gerrit.libreoffice.org/9545 Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
author: Umesh Kadam <umesh.kadam@synerzip.com> 2014-05-29 12:59:13 +0530
committer: Caolán McNamara <caolanm@redhat.com> 2014-06-05 09:21:15 +0000
commit: 14ce4b337232f8fb21cc67e7a2844a7de81dfc4c (patch)
tree: aee9e6ef18b665abe448f74169ef0a0840327703
parent: eda624641b34a7d4315388c8ec1aebe44f63982e (diff)
2 files changed, 8 insertions, 1 deletions
diff --git a/sw/qa/core/data/ooxml/pass/fdo78906.docx b/sw/qa/core/data/ooxml/pass/fdo78906.docx
new file mode 100644
index 000000000000..1a6c6ea17c4d
--- /dev/null
+++ b/sw/qa/core/data/ooxml/pass/fdo78906.docx
diff --git a/vcl/generic/glyphs/scrptrun.cxx b/vcl/generic/glyphs/scrptrun.cxx
index 9e8eef000917..f72d296f060d 100644
--- a/vcl/generic/glyphs/scrptrun.cxx
+++ b/vcl/generic/glyphs/scrptrun.cxx
@@ -207,7 +207,14 @@ UBool ScriptRun::next()
             // pop it from the stack
             if (pairIndex >= 0 && (pairIndex & 1) != 0 && parenSP >= 0) {
                 parenSP -= 1;
-                startSP -= 1;
+                /* decrement startSP only if it is >= 0,
+                   decrementing it unnecessarily will lead to memory corruption
+                   while processing the above while block.
+                   e.g. startSP = -4 , parenSP = -1
+                */
+                if (startSP >= 0) {
+                    startSP -= 1;
+                }
             }
         } else {
             // if the run broke on a surrogate pair,
author	Umesh Kadam <umesh.kadam@synerzip.com>	2014-05-29 12:59:13 +0530
committer	Caolán McNamara <caolanm@redhat.com>	2014-06-05 09:21:15 +0000
commit	14ce4b337232f8fb21cc67e7a2844a7de81dfc4c (patch)
tree	aee9e6ef18b665abe448f74169ef0a0840327703
parent	eda624641b34a7d4315388c8ec1aebe44f63982e (diff)