core.git: Branch 'distro/collabora/co-24.04' - 2 commits - sc/source

Fri, 05 Apr 2024 07:05:02 -0700 

 sc/source/filter/html/htmlpars.cxx |   20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

New commits:
commit fd7bd64ce930724ff5a60414b94a3c122f29d2aa
Author:     Caolán McNamara <[email protected]>
AuthorDate: Wed Apr 3 14:09:53 2024 +0100
Commit:     Caolán McNamara <[email protected]>
CommitDate: Fri Apr 5 16:04:46 2024 +0200

    ofz#67815 overflowed short
    
    Change-Id: Iee9a5caee53b522ed16d234c2bc06987264e23db
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165751
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <[email protected]>
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165812
    Tested-by: Jenkins CollaboraOffice <[email protected]>

diff --git a/sc/source/filter/html/htmlpars.cxx 
b/sc/source/filter/html/htmlpars.cxx
index d1a99003b11c..e1166542e2f5 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -828,12 +828,12 @@ void ScHTMLLayoutParser::SetWidths()
                         pWidths[nCol] = nW;
                 }
             }
-            for (SCCOL nCol = 1; nCol <= nColsPerRow; nCol++)
+            for (int nCol = 1; nCol <= nColsPerRow; nCol++)
             {
                 pOffsets[nCol] = pOffsets[nCol-1] + pWidths[nCol-1];
             }
             xLocalColOffset->clear();
-            for (SCCOL nCol = 0; nCol <= nColsPerRow; nCol++)
+            for (int nCol = 0; nCol <= nColsPerRow; nCol++)
             {
                 MakeColNoRef( xLocalColOffset.get(), pOffsets[nCol], 0, 0, 0 );
             }
commit 71d50be222f2d1fc2476a4d6f31b461d03adf9c5
Author:     Caolán McNamara <[email protected]>
AuthorDate: Sat Mar 23 15:19:04 2024 +0000
Commit:     Caolán McNamara <[email protected]>
CommitDate: Fri Apr 5 16:04:37 2024 +0200

    ofz#67577 Integer-overflow
    
    Change-Id: I3828bb76ab7808ac0717b33c231927730216b42b
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165216
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <[email protected]>
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165811
    Tested-by: Jenkins CollaboraOffice <[email protected]>

diff --git a/sc/source/filter/html/htmlpars.cxx 
b/sc/source/filter/html/htmlpars.cxx
index 2dd1de2c5693..d1a99003b11c 100644
--- a/sc/source/filter/html/htmlpars.cxx
+++ b/sc/source/filter/html/htmlpars.cxx
@@ -535,8 +535,20 @@ void ScHTMLLayoutParser::SkipLocked( ScEEParseEntry* pE, 
bool bJoin )
 // Or else this would create a wrong value at ScAddress (chance for an 
infinite loop)!
     bool bBadCol = false;
     bool bAgain;
-    ScRange aRange( pE->nCol, pE->nRow, 0,
-        pE->nCol + pE->nColOverlap - 1, pE->nRow + pE->nRowOverlap - 1, 0 );
+
+    SCCOL nEndCol(0);
+    SCROW nEndRow(0);
+    bool bFail = o3tl::checked_add<SCCOL>(pE->nCol, pE->nColOverlap - 1, 
nEndCol) ||
+                 o3tl::checked_add<SCROW>(pE->nRow, pE->nRowOverlap - 1, 
nEndRow);
+
+    if (bFail)
+    {
+        SAL_WARN("sc", "invalid range: " << pE->nCol << " " << pE->nColOverlap 
<<
+                                     " " << pE->nRow << " " << 
pE->nRowOverlap);
+        return;
+    }
+
+    ScRange aRange(pE->nCol, pE->nRow, 0, nEndCol, nEndRow, 0);
     do
     {
         bAgain = false;

Reply via email to