[Libreoffice-commits] core.git: sw/source

Mon, 25 Sep 2023 06:06:47 -0700 

 sw/source/core/text/pormulti.cxx |   13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

New commits:
commit cc564cea7eda29ed7e98ea27056f3ab57a6e2027
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Sep 25 11:15:36 2023 +0100
Commit:     Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Mon Sep 25 15:06:19 2023 +0200

    ofz#62688 Null-dereference READ in SwRubyPortion::SwRubyPortion
    
    seen with fodt2pdf fuzzer
    
    Change-Id: If761f5ecc473f4c936db82f3fcb7dd891e82573f
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/157243
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>

diff --git a/sw/source/core/text/pormulti.cxx b/sw/source/core/text/pormulti.cxx
index bccc8f6b02c2..2067adcfc155 100644
--- a/sw/source/core/text/pormulti.cxx
+++ b/sw/source/core/text/pormulti.cxx
@@ -2385,6 +2385,11 @@ bool SwTextFormatter::BuildMultiPortion( 
SwTextFormatInfo &rInf,
     return bRet;
 }
 
+static bool IsIncompleteRuby(const SwMultiPortion& rHelpMulti)
+{
+    return rHelpMulti.IsRuby() && static_cast<const 
SwRubyPortion&>(rHelpMulti).GetRubyOffset() < TextFrameIndex(COMPLETE_STRING);
+}
+
 // When a fieldportion at the end of line breaks and needs a following
 // fieldportion in the next line, then the "restportion" of the formatinfo
 // has to be set. Normally this happens during the formatting of the first
@@ -2493,19 +2498,19 @@ SwLinePortion* SwTextFormatter::MakeRestPortion( const 
SwLineLayout* pLine,
     if (!pCreate)
         return pRest;
 
-    if( pRest || nMultiPos > nPosition || ( pHelpMulti->IsRuby() &&
-        static_cast<const SwRubyPortion*>(pHelpMulti)->GetRubyOffset() < 
TextFrameIndex(COMPLETE_STRING)))
+    if( pRest || nMultiPos > nPosition || IsIncompleteRuby(*pHelpMulti))
     {
         SwMultiPortion* pTmp;
         if( pHelpMulti->IsDouble() )
             pTmp = new SwDoubleLinePortion( *pCreate, nMultiPos );
         else if( pHelpMulti->IsBidi() )
             pTmp = new SwBidiPortion( nMultiPos, pCreate->nLevel );
-        else if( pHelpMulti->IsRuby() )
+        else if (IsIncompleteRuby(*pHelpMulti))
         {
+            TextFrameIndex nRubyOffset = static_cast<const 
SwRubyPortion*>(pHelpMulti)->GetRubyOffset();
             pTmp = new SwRubyPortion( *pCreate, *GetInfo().GetFont(),
                                        
m_pFrame->GetDoc().getIDocumentSettingAccess(),
-                                       nMultiPos, static_cast<const 
SwRubyPortion*>(pHelpMulti)->GetRubyOffset(),
+                                       nMultiPos, nRubyOffset,
                                        GetInfo() );
         }
         else if( pHelpMulti->HasRotation() )

Reply via email to