fdo#39135: Prevent integer overflow & update the character during loop.

These two errors in the code contributed to the reported bug. Let's fix them. Change-Id: If82a1bd4d1e27145b48e722b30388cc9dc4a8a6e
author: Kohei Yoshida <kohei.yoshida@gmail.com> 2013-02-05 15:23:44 -0500
committer: Kohei Yoshida <kohei.yoshida@gmail.com> 2013-02-05 15:26:09 -0500
commit: 6ed233b26222815f68dfc220cd1e692a11cd5af6 (patch)
tree: e2925c0e20a4dcd1b40b59d5ec2ca3437898f5bf
parent: c4696e7c0456df8d9466acbae3ea1fa9dcfa73f0 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/sc/source/core/tool/reffind.cxx b/sc/source/core/tool/reffind.cxx
index 2fe76fc79161..c4621f0029b8 100644
--- a/sc/source/core/tool/reffind.cxx
+++ b/sc/source/core/tool/reffind.cxx
@@ -155,15 +155,20 @@ void ExpandToTextR1C1(const sal_Unicode* p, xub_StrLen nLen, xub_StrLen& rStartP
                     if (c == '\'')
                         break;
                 }
+                if (rStartPos == 0)
+                    break;
             }
             else if (c == ']')
             {
                 // Skip until the opening braket.
                 for (--rStartPos; rStartPos > 0; --rStartPos)
                 {
+                    c = p[rStartPos];
                     if (c == '[')
                         break;
                 }
+                if (rStartPos == 0)
+                    break;
             }
             else if (!IsText(c))
             {
author	Kohei Yoshida <kohei.yoshida@gmail.com>	2013-02-05 15:23:44 -0500
committer	Kohei Yoshida <kohei.yoshida@gmail.com>	2013-02-05 15:26:09 -0500
commit	6ed233b26222815f68dfc220cd1e692a11cd5af6 (patch)
tree	e2925c0e20a4dcd1b40b59d5ec2ca3437898f5bf
parent	c4696e7c0456df8d9466acbae3ea1fa9dcfa73f0 (diff)