In ap_UnixApp.cpp we have following code which deals with
not 0 terminated strings:
iLen = UT_MIN(iLen,strlen(reinterpret_cast<const char *>(pData)));
stlen can access data after the pData buffer.
Fixed by using strnlen().
Best regards,
Robert
RCS file: /cvsroot/abi/src/wp/ap/unix/ap_UnixApp.cpp,v
retrieving revision 1.285
diff -u -r1.285 ap_UnixApp.cpp
--- ap_UnixApp.cpp 12 Sep 2005 20:45:27 -0000 1.285
+++ ap_UnixApp.cpp 2 Oct 2005 08:50:24 -0000
@@ -643,7 +643,7 @@
if (AP_UnixClipboard::isRichTextTag(szFormatFound))
{
- iLen = UT_MIN(iLen,strlen(reinterpret_cast<const char
*>(pData)));
+ iLen = strnlen(reinterpret_cast<const char
*>(pData),iLen);
IE_Imp_RTF * pImpRTF = new
IE_Imp_RTF(pDocRange->m_pDoc);
bSuccess =
pImpRTF->pasteFromBuffer(pDocRange,pData,iLen);
@@ -724,7 +724,7 @@
}
else // ( AP_UnixClipboard::isTextTag(szFormatFound) )
{
- iLen = UT_MIN(iLen,strlen(reinterpret_cast<const char
*>(pData)));
+ iLen = strnlen(reinterpret_cast<const char
*>(pData),iLen);
IE_Imp_Text * pImpText = new
IE_Imp_Text(pDocRange->m_pDoc,"UTF-8");
bSuccess =
pImpText->pasteFromBuffer(pDocRange,pData,iLen);
@@ -737,8 +737,8 @@
if(!bSuccess &&
m_pClipboard->getTextData(tFrom,reinterpret_cast<const void
**>(&pData),&iLen, &szFormatFound)) {
UT_DEBUGMSG(("DOM: pasting text as an absolute fallback
(bug 7666)\n"));
- iLen = UT_MIN(iLen,strlen(reinterpret_cast<const char
*>(pData)));
-
+ iLen = strnlen(reinterpret_cast<const char
*>(pData),iLen);
+
IE_Imp_Text * pImpText = new
IE_Imp_Text(pDocRange->m_pDoc,"UTF-8");
bSuccess =
pImpText->pasteFromBuffer(pDocRange,pData,iLen);
DELETEP(pImpText);
-- Robert Wilhelm <robert.wilhelm@gmx.net>Received on Sun Oct 2 10:57:26 2005
This archive was generated by hypermail 2.1.8 : Sun Oct 02 2005 - 10:57:26 CEST