ofz: guard against binary crap argument counts and ID/OpCode generation

Same as in sc/source/filter/lotus/lotform.cxx LotusToSc::DoFunc() Change-Id: I4972e065ab96abdea42d64481d4e30674230ab99
2018-01-31 18:00:15 +01:00
parent e80da60895
commit d2473faee1
1 changed files with 5 additions and 1 deletions
--- a/sc/source/filter/qpro/qproform.cxx
+++ b/sc/source/filter/qpro/qproform.cxx
@@ -94,8 +94,12 @@ void QProToSc::DoFunc( DefTokenId eOc, sal_uInt16 nArgs, const sal_Char* pExtStr

    if( nArgs < nBufSize )
    {
-        for( nCount = 0; nCount < nArgs ; nCount++ )
+        for( nCount = 0; nCount < nArgs && aStack.HasMoreTokens() ; nCount++ )
            aStack >> eParam[ nCount ];
+
+        if (nCount < nArgs)
+            // Adapt count to reality. All sort of binary crap is possible.
+            nArgs = static_cast<sal_uInt16>(nCount);
    }
    else
        return;