mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ofz: guard against binary crap argument counts and ID/OpCode generation

Browse Source 
Same as in sc/source/filter/lotus/lotform.cxx LotusToSc::DoFunc()

Change-Id: I4972e065ab96abdea42d64481d4e30674230ab99
This commit is contained in:
Eike Rathke
2018-01-31 18:00:15 +01:00
parent e80da60895
commit d2473faee1
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sc/source/filter/qpro/qproform.cxx
View File

@@ -94,8 +94,12 @@ void QProToSc::DoFunc( DefTokenId eOc, sal_uInt16 nArgs, const sal_Char* pExtStr
if( nArgs < nBufSize ) if( nArgs < nBufSize )
{ {
for( nCount = 0; nCount < nArgs ; nCount++ ) for( nCount = 0; nCount < nArgs && aStack.HasMoreTokens() ; nCount++ )
aStack >> eParam[ nCount ]; aStack >> eParam[ nCount ];
if (nCount < nArgs)
// Adapt count to reality. All sort of binary crap is possible.
nArgs = static_cast<sal_uInt16>(nCount);
} }
else else
return; return;