sw: do more input validation in SwWW8ImplReader::Read_And

(to fix up f2945255df273404ee2457dcf761cb8f334b732b)

Change-Id: Ie20fb9db4515b9737322ec7224ecd7e411d31c03
(cherry picked from commit ae2e7ad276acb9394691a9d4a702ed7a6b07b508)
Reviewed-on: https://gerrit.libreoffice.org/10137
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Miklos Vajna <vmiklos@collabora.co.uk>
(cherry picked from commit f61ea10dde1b7e3173a96d40c2725e76765cfbc4)
Reviewed-on: https://gerrit.libreoffice.org/10230
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>
Reviewed-by: Zolnai Tamás <zolnaitamas2000@gmail.com>

1 files changed, 3 insertions, 1 deletions

diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 21ee239dfbd9..11fafbe4166c 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -2179,7 +2179,9 @@ long SwWW8ImplReader::Read_And(WW8PLCFManResult* pRes)
                 //that relate to each annotation index as the parser passes
                 //those points.
                 sal_Int32 nLen = nEnd - nStart;
-                if( nLen )
+                // the start and end positions are apparently stored in
+                // different arrays, so in an invalid file only one could exist
+                if(SAL_MAX_INT32 != nEnd && SAL_MAX_INT32 != nStart && nLen > 0)
                 {
                     if (pPaM->GetPoint()->nContent.GetIndex() >= nLen)
                     {