svl/source/numbers/zforscan.cxx | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
New commits:
commit 25209dbefbb21fcaa9bc00e7ad8ad064cea92e39
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Thu Aug 22 13:51:03 2024 +0100
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Sat Aug 31 21:41:08 2024 +0200
cid#1607947 silence Overflowed array index write
Change-Id: I35b8db34e722e700df2771da99d76d42fe2cada6
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172640
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Tested-by: Jenkins
diff --git a/svl/source/numbers/zforscan.cxx b/svl/source/numbers/zforscan.cxx
index 08f6a8591ef5..272fb10ba4e8 100644
--- a/svl/source/numbers/zforscan.cxx
+++ b/svl/source/numbers/zforscan.cxx
@@ -1660,10 +1660,13 @@ bool ImpSvNumberformatScan::InsertSymbol( sal_uInt16 &
nPos, svt::NfSymbolType e
return false;
}
++nStringsCnt;
- for (size_t i = nStringsCnt; i > nPos; --i)
+ sal_uInt16 i = nStringsCnt;
+ while (i > nPos)
{
- nTypeArray[i] = nTypeArray[i-1];
- sStrArray[i] = sStrArray[i-1];
+ sal_uInt16 nexti = o3tl::sanitizing_dec(i);
+ nTypeArray[i] = nTypeArray[nexti];
+ sStrArray[i] = sStrArray[nexti];
+ i = nexti;
}
}
++nResultStringsCnt;
