This is an automated email from the ASF dual-hosted git repository. damjan pushed a commit to branch AOO42X in repository https://gitbox.apache.org/repos/asf/openoffice.git
The following commit(s) were added to refs/heads/AOO42X by this push: new 93440cfe8c Fix a bug where an integer underflow causes a comparison to go wrong when the integer types are 32 bit, instead of the previous 16 bit which hid the bug, which causes valid elements to not get found like they should be, leading to NULL pointer access crashes. 93440cfe8c is described below commit 93440cfe8c5159735f8bce693fbafd7479717510 Author: Damjan Jovanovic <dam...@apache.org> AuthorDate: Wed Jan 3 07:43:52 2024 +0200 Fix a bug where an integer underflow causes a comparison to go wrong when the integer types are 32 bit, instead of the previous 16 bit which hid the bug, which causes valid elements to not get found like they should be, leading to NULL pointer access crashes. Fixes: #128579 - 32-bit editengine regression causes a crash when opening PPT files Patch by: me (cherry picked from commit 294ee1400602b0a60dabfaa12034b85c1df06f8f) --- main/editeng/source/editeng/editdoc2.cxx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main/editeng/source/editeng/editdoc2.cxx b/main/editeng/source/editeng/editdoc2.cxx index 91f315ef05..c96fbdf64d 100644 --- a/main/editeng/source/editeng/editdoc2.cxx +++ b/main/editeng/source/editeng/editdoc2.cxx @@ -330,7 +330,7 @@ static sal_uInt32 FastGetPos( const VoidPtr *pPtrArray, sal_uInt32 nPtrArrayLen, if( rLastPos > 16 ) { sal_uInt32 nEnd; - if (rLastPos > nPtrArrayLen - 2) + if (rLastPos + 2 > nPtrArrayLen) nEnd = nPtrArrayLen; else nEnd = rLastPos + 2;