libwpd/0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch

diff -ru libwpd-0.10.2/src/lib/WP6ContentListener.cpp libwpd-0.10.2.new/src/lib/WP6ContentListener.cpp
--- libwpd-0.10.2/src/lib/WP6ContentListener.cpp	2017-09-08 18:04:25.000000000 +0100
+++ libwpd-0.10.2.new/src/lib/WP6ContentListener.cpp	2018-10-30 10:54:22.326697162 +0000
@@ -1311,7 +1311,10 @@
 		m_ps->m_tableDefinition.m_columnsProperties.clear();
 
 		// pull a table definition off of our stack
-		m_parseState->m_currentTable = m_parseState->m_tableList[m_parseState->m_nextTableIndice++];
+		auto index = m_parseState->m_nextTableIndice++;
+		if (index >= m_parseState->m_tableList.size())
+			throw ParseException();
+		m_parseState->m_currentTable = m_parseState->m_tableList[index];
 		if (!m_parseState->m_currentTable)
 			throw ParseException();
 		m_parseState->m_currentTable->makeBordersConsistent();
diff -ru libwpd-0.10.2/src/lib/WPXTable.h libwpd-0.10.2.new/src/lib/WPXTable.h
--- libwpd-0.10.2/src/lib/WPXTable.h	2015-12-30 08:27:30.000000000 +0000
+++ libwpd-0.10.2.new/src/lib/WPXTable.h	2018-10-30 10:55:41.264362182 +0000
@@ -92,6 +92,10 @@
 	{
 		m_tableList->push_back(table);
 	}
+	size_t size() const
+	{
+		return m_tableList->size();
+	}
 
 private:
 	void release();
Auto sync2gitlab import of libwpd-0.10.2-2.el8.src.rpm 2022-05-26 15:01:52 +00:00			`diff -ru libwpd-0.10.2/src/lib/WP6ContentListener.cpp libwpd-0.10.2.new/src/lib/WP6ContentListener.cpp`
			`--- libwpd-0.10.2/src/lib/WP6ContentListener.cpp 2017-09-08 18:04:25.000000000 +0100`
			`+++ libwpd-0.10.2.new/src/lib/WP6ContentListener.cpp 2018-10-30 10:54:22.326697162 +0000`
			`@@ -1311,7 +1311,10 @@`
			`m_ps->m_tableDefinition.m_columnsProperties.clear();`

			`// pull a table definition off of our stack`
			`- m_parseState->m_currentTable = m_parseState->m_tableList[m_parseState->m_nextTableIndice++];`
			`+ auto index = m_parseState->m_nextTableIndice++;`
			`+ if (index >= m_parseState->m_tableList.size())`
			`+ throw ParseException();`
			`+ m_parseState->m_currentTable = m_parseState->m_tableList[index];`
			`if (!m_parseState->m_currentTable)`
			`throw ParseException();`
			`m_parseState->m_currentTable->makeBordersConsistent();`
			`diff -ru libwpd-0.10.2/src/lib/WPXTable.h libwpd-0.10.2.new/src/lib/WPXTable.h`
			`--- libwpd-0.10.2/src/lib/WPXTable.h 2015-12-30 08:27:30.000000000 +0000`
			`+++ libwpd-0.10.2.new/src/lib/WPXTable.h 2018-10-30 10:55:41.264362182 +0000`
			`@@ -92,6 +92,10 @@`
			`{`
			`m_tableList->push_back(table);`
			`}`
			`+ size_t size() const`
			`+ {`
			`+ return m_tableList->size();`
			`+ }`

			`private:`
			`void release();`