From 0e49d87d92a3f1aeeeda547f1a7e710dcd4fee95 Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Fri, 15 Feb 2013 16:27:34 +0100 Subject: fdo#60732: check max size in SwTxtNode::ReplaceTextOnly Change-Id: I1ca2075ab99fe1b09df700f55645b44f38cf5bcc --- sw/source/core/txtnode/txtedt.cxx | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/sw/source/core/txtnode/txtedt.cxx b/sw/source/core/txtnode/txtedt.cxx index 3c8503bab834..40327cb7dede 100644 --- a/sw/source/core/txtnode/txtedt.cxx +++ b/sw/source/core/txtnode/txtedt.cxx @@ -1799,9 +1799,19 @@ void SwTxtNode::TransliterateText( { // now apply the changes from end to start to leave the offsets of the // yet unchanged text parts remain the same. + size_t nSum(m_Text.Len()); for (size_t i = 0; i < aChanges.size(); ++i) - { - swTransliterationChgData &rData = aChanges[ aChanges.size() - 1 - i ]; + { // check this here since AddChanges cannot be moved below + // call to ReplaceTextOnly + swTransliterationChgData & rData = + aChanges[ aChanges.size() - 1 - i ]; + nSum = nSum + rData.sChanged.Len() - rData.nLen; + if (nSum > TXTNODE_MAX) + { + SAL_WARN("sw.core", "SwTxtNode::ReplaceTextOnly: " + "node text with insertion > TXTNODE_MAX."); + return; + } if (pUndo) pUndo->AddChanges( *this, rData.nStart, rData.nLen, rData.aOffsets ); ReplaceTextOnly( rData.nStart, rData.nLen, rData.sChanged, rData.aOffsets ); @@ -1814,6 +1824,9 @@ void SwTxtNode::ReplaceTextOnly( xub_StrLen nPos, xub_StrLen nLen, const XubString& rText, const Sequence& rOffsets ) { + assert(static_cast(m_Text.Len()) + + static_cast(rText.Len()) - nLen <= TXTNODE_MAX); + m_Text.Replace( nPos, nLen, rText ); xub_StrLen nTLen = rText.Len(); -- cgit v1.2.3