diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2015-10-09 16:22:56 +0100 |
|---|---|---|
| committer | Markus Mohrhard <markus.mohrhard@googlemail.com> | 2015-10-09 17:41:02 +0000 |
| commit | e88019a9c1d6fcaa3d116192ad392ed1fdad2cd2 (patch) | |
| tree | 67a7350fd9c15f93be61bc2525dabbfd648dbc03 /sc/source/core | |
| parent | c366c0ff5c9d3511a87ff1004a24a5a70f11ab8e (diff) | |
crashtesting: ooo95537-1.xls fails with a fAnz that is nan
so it happily passes the pre-cast string bounds check and blows
up in the post-cast string access
Change-Id: Ifd4d087b37e8a84d886e2f7833dfc773b8bf1343
(cherry picked from commit 5d826db15beaff4f0930724431d34f7103111591)
Reviewed-on: https://gerrit.libreoffice.org/19280
Reviewed-by: Markus Mohrhard <markus.mohrhard@googlemail.com>
Tested-by: Markus Mohrhard <markus.mohrhard@googlemail.com>
Diffstat (limited to 'sc/source/core')
| -rw-r--r-- | sc/source/core/tool/interpr1.cxx | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sc/source/core/tool/interpr1.cxx b/sc/source/core/tool/interpr1.cxx index ff8a990afff1..68802aed005d 100644 --- a/sc/source/core/tool/interpr1.cxx +++ b/sc/source/core/tool/interpr1.cxx @@ -7830,17 +7830,17 @@ void ScInterpreter::ScFind() sal_uInt8 nParamCount = GetByte(); if ( MustHaveParamCount( nParamCount, 2, 3 ) ) { - double fAnz; + sal_Int32 nAnz; if (nParamCount == 3) - fAnz = GetDouble(); + nAnz = GetDouble(); else - fAnz = 1.0; + nAnz = 1; OUString sStr = GetString().getString(); - if( fAnz < 1.0 || fAnz > (double) sStr.getLength() ) + if (nAnz < 1 || nAnz > sStr.getLength()) PushNoValue(); else { - sal_Int32 nPos = sStr.indexOf(GetString().getString(), static_cast<sal_Int32>(fAnz - 1)); + sal_Int32 nPos = sStr.indexOf(GetString().getString(), nAnz - 1); if (nPos == -1) PushNoValue(); else |