diff options
author | Stephan Bergmann <sbergman@redhat.com> | 2014-05-08 08:26:46 +0200 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2014-05-08 09:10:30 +0100 |
commit | b803f86341a521f8d07db7ed6a29bb0c7fdf93a5 (patch) | |
tree | f49311003de80269f59e1d6975da4041498d912e /sw | |
parent | 5b73d79b7962273e76937c260a2b7b2b7c011619 (diff) |
Handle bad SwWW8ImplReader::GetCol input
With previously found offenders out of the way, looks like
sw/qa/core/data/ww8/pass/CVE-2009-3302-2.doc is the only case that triggers
this, and that is likely deliberately malformed input.
As the whole ww8 parser appears not to be build around robust eager input
validation and error signalling, there is little more we can do here than throw
up our hands in despair.
Change-Id: Idf61fcf14a784cef1539654f2825c013c218987f
(cherry picked from commit 9beda5ab8feaeb6d5e1c64e094065b02551532a4)
Diffstat (limited to 'sw')
-rw-r--r-- | sw/source/filter/ww8/ww8par6.cxx | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sw/source/filter/ww8/ww8par6.cxx b/sw/source/filter/ww8/ww8par6.cxx index 685feae02244..43c93cdd1314 100644 --- a/sw/source/filter/ww8/ww8par6.cxx +++ b/sw/source/filter/ww8/ww8par6.cxx @@ -126,8 +126,10 @@ ColorData SwWW8ImplReader::GetCol(sal_uInt8 nIco) COL_CYAN, COL_GREEN, COL_MAGENTA, COL_RED, COL_BROWN, COL_GRAY, COL_LIGHTGRAY }; - - return eSwWW8ColA[nIco]; + SAL_WARN_IF( + nIco >= SAL_N_ELEMENTS(eSwWW8ColA), "sw.ww8", + "ico " << sal_uInt32(nIco) << " >= " << SAL_N_ELEMENTS(eSwWW8ColA)); + return nIco < SAL_N_ELEMENTS(eSwWW8ColA) ? eSwWW8ColA[nIco] : COL_AUTO; } inline sal_uInt32 MSRoundTweak(sal_uInt32 x) |