Handle bad SwWW8ImplReader::GetCol input

With previously found offenders out of the way, looks like sw/qa/core/data/ww8/pass/CVE-2009-3302-2.doc is the only case that triggers this, and that is likely deliberately malformed input. As the whole ww8 parser appears not to be build around robust eager input validation and error signalling, there is little more we can do here than throw up our hands in despair. Change-Id: Idf61fcf14a784cef1539654f2825c013c218987f (cherry picked from commit 9beda5ab8feaeb6d5e1c64e094065b02551532a4)
author: Stephan Bergmann <sbergman@redhat.com> 2014-05-08 08:26:46 +0200
committer: Caolán McNamara <caolanm@redhat.com> 2014-05-08 09:10:30 +0100
commit: b803f86341a521f8d07db7ed6a29bb0c7fdf93a5 (patch)
tree: f49311003de80269f59e1d6975da4041498d912e /sw
parent: 5b73d79b7962273e76937c260a2b7b2b7c011619 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/sw/source/filter/ww8/ww8par6.cxx b/sw/source/filter/ww8/ww8par6.cxx
index 685feae02244..43c93cdd1314 100644
--- a/sw/source/filter/ww8/ww8par6.cxx
+++ b/sw/source/filter/ww8/ww8par6.cxx
@@ -126,8 +126,10 @@ ColorData SwWW8ImplReader::GetCol(sal_uInt8 nIco)
         COL_CYAN, COL_GREEN, COL_MAGENTA, COL_RED, COL_BROWN, COL_GRAY,
         COL_LIGHTGRAY
     };
-
-    return eSwWW8ColA[nIco];
+    SAL_WARN_IF(
+        nIco >= SAL_N_ELEMENTS(eSwWW8ColA), "sw.ww8",
+        "ico " << sal_uInt32(nIco) << " >= " << SAL_N_ELEMENTS(eSwWW8ColA));
+    return nIco < SAL_N_ELEMENTS(eSwWW8ColA) ? eSwWW8ColA[nIco] : COL_AUTO;
 }
 
 inline sal_uInt32 MSRoundTweak(sal_uInt32 x)
author	Stephan Bergmann <sbergman@redhat.com>	2014-05-08 08:26:46 +0200
committer	Caolán McNamara <caolanm@redhat.com>	2014-05-08 09:10:30 +0100
commit	b803f86341a521f8d07db7ed6a29bb0c7fdf93a5 (patch)
tree	f49311003de80269f59e1d6975da4041498d912e /sw
parent	5b73d79b7962273e76937c260a2b7b2b7c011619 (diff)