https://bugs.documentfoundation.org/show_bug.cgi?id=117444
--- Comment #1 from [email protected] ---
It looks like the binary search algorithm in Index2Block has a bug:
If the value of "m_nBlock" is 1, then "n" is 0 and "cur" becomes 1,
thus "m_ppInf[ cur ]" is semantically out of the range.
// binary search: always successful
sal_uInt16 lower = 0, upper = m_nBlock - 1;
sal_uInt16 cur = 0;
for(;;)
{
sal_uInt16 n = lower + ( upper - lower ) / 2;
cur = ( n == cur ) ? n+1 : n;
p = m_ppInf[ cur ];
--
You are receiving this mail because:
You are the assignee for the bug._______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
