Related: #i86988# make abo levels safer

12 files changed, 5 insertions, 0 deletions

diff --git a/sw/qa/core/data/ww8/pass/CVE-2006-3493-1.doc b/sw/qa/core/data/ww8/pass/CVE-2006-3493-1.doc
new file mode 100644
index 000000000000..af452ddc0e5f
--- /dev/null
+++ b/sw/qa/core/data/ww8/pass/CVE-2006-3493-1.doc
diff --git a/sw/qa/core/data/ww8/pass/CVE-2006-6628-1.doc b/sw/qa/core/data/ww8/pass/CVE-2006-6628-1.doc
new file mode 100644
index 000000000000..240ea77bca12
--- /dev/null
+++ b/sw/qa/core/data/ww8/pass/CVE-2006-6628-1.doc
diff --git a/sw/qa/core/data/ww8/pass/CVE-2007-1347-1.doc b/sw/qa/core/data/ww8/pass/CVE-2007-1347-1.doc
new file mode 100644
index 000000000000..d25e62ab2416
--- /dev/null
+++ b/sw/qa/core/data/ww8/pass/CVE-2007-1347-1.doc
diff --git a/sw/qa/core/data/ww8/pass/CVE-2008-2752-1.doc b/sw/qa/core/data/ww8/pass/CVE-2008-2752-1.doc
new file mode 100644
index 000000000000..f51fa8fe9b2e
--- /dev/null
+++ b/sw/qa/core/data/ww8/pass/CVE-2008-2752-1.doc
diff --git a/sw/qa/core/data/ww8/pass/CVE-2008-2752-2.doc b/sw/qa/core/data/ww8/pass/CVE-2008-2752-2.doc
new file mode 100644
index 000000000000..7ce7a07bb6e2
--- /dev/null
+++ b/sw/qa/core/data/ww8/pass/CVE-2008-2752-2.doc
diff --git a/sw/qa/core/data/ww8/pass/CVE-2008-2752-3.doc b/sw/qa/core/data/ww8/pass/CVE-2008-2752-3.doc
new file mode 100644
index 000000000000..8b04872af739
--- /dev/null
+++ b/sw/qa/core/data/ww8/pass/CVE-2008-2752-3.doc
diff --git a/sw/qa/core/data/ww8/pass/CVE-2008-2752-4.doc b/sw/qa/core/data/ww8/pass/CVE-2008-2752-4.doc
new file mode 100644
index 000000000000..148a30d4ab35
--- /dev/null
+++ b/sw/qa/core/data/ww8/pass/CVE-2008-2752-4.doc
diff --git a/sw/qa/core/data/ww8/pass/CVE-2008-4841-1.doc b/sw/qa/core/data/ww8/pass/CVE-2008-4841-1.doc
new file mode 120000
index 000000000000..f099938bc1a8
--- /dev/null
+++ b/sw/qa/core/data/ww8/pass/CVE-2008-4841-1.doc
@@ -0,0 +1 @@
+CVE-2009-0259-1.doc
\ No newline at end of file
diff --git a/sw/qa/core/data/ww8/pass/CVE-2009-0259-1.doc b/sw/qa/core/data/ww8/pass/CVE-2009-0259-1.doc
new file mode 100644
index 000000000000..0942b6d8d466
--- /dev/null
+++ b/sw/qa/core/data/ww8/pass/CVE-2009-0259-1.doc
diff --git a/sw/qa/core/data/ww8/pass/CVE-2010-3200-1.doc b/sw/qa/core/data/ww8/pass/CVE-2010-3200-1.doc
new file mode 100644
index 000000000000..596aec93bd60
--- /dev/null
+++ b/sw/qa/core/data/ww8/pass/CVE-2010-3200-1.doc
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 1abeb1fa8321..ee8c3df2b54b 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -5662,6 +5662,8 @@ bool SwWW8ImplReader::InEqualApo(int nLvl) const
     //the table.
     if (nLvl)
         --nLvl;
+    if (nLvl < 0 || static_cast<size_t>(nLvl) >= maApos.size())
+        return false;
     return maApos[nLvl];
 }
 
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index e1c9d28dd056..78b79a32233b 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -612,6 +612,8 @@ ApoTestResults SwWW8ImplReader::TestApo(int nCellLevel, bool bTableRowEnd,
     //unit no matter what else happens. So if we are not in a table at
     //all, or if we are in the first cell then test that the last frame
     //data is the same as the current one
+    fprintf(stderr, "apo is %d\n", bNowApo);
+    fprintf(stderr, "equal-apo is %d\n", InEqualApo(nCellLevel));
     if (bNowApo && InEqualApo(nCellLevel))
     {
         // two bordering eachother