[Libreoffice-commits] core.git: Branch 'libreoffice-4-0' - sc/source
Eike Rathke
erack at redhat.com
Thu Apr 11 11:01:51 PDT 2013
sc/source/core/data/dpoutput.cxx | 2 ++
1 file changed, 2 insertions(+)
New commits:
commit 86cb5a1d0f980633754fe250c636935c028f0f82
Author: Eike Rathke <erack at redhat.com>
Date: Thu Apr 11 15:24:38 2013 +0200
prevent out of bounds vector access in ooo62493-1.xls recalculation
The document https://issues.apache.org/ooo/attachment.cgi?id=34418
attached to https://issues.apache.org/ooo/show_bug.cgi?id=62493 crashes
in a dbgutil build due to an invalid subtotal count that leads to an out
of bounds access in a vector, in this case with offset -1
This fixes the symptom, not the cause why the subtotal count would be
wrong.
Change-Id: If96c2eadba8753ea3e3166db0a81441818c89b2d
(cherry picked from commit 58885eda4f15913fc46243dab726632f5904aab5)
Reviewed-on: https://gerrit.libreoffice.org/3336
Reviewed-by: Kohei Yoshida <kohei.yoshida at gmail.com>
Tested-by: Kohei Yoshida <kohei.yoshida at gmail.com>
diff --git a/sc/source/core/data/dpoutput.cxx b/sc/source/core/data/dpoutput.cxx
index d78f83e..a59fc77 100644
--- a/sc/source/core/data/dpoutput.cxx
+++ b/sc/source/core/data/dpoutput.cxx
@@ -1822,6 +1822,8 @@ void lcl_StripSubTotals( std::vector<bool>& rResult, const std::vector<sal_Int32
// if a subtotal is included, clear the result flag for the columns/rows that the subtotal includes
sal_Int32 nStart = nPos - rSubtotal[nPos];
OSL_ENSURE( nStart >= 0, "invalid subtotal count" );
+ if (nStart < 0)
+ nStart = 0;
for (sal_Int32 nPrev = nStart; nPrev < nPos; nPrev++)
rResult[nPrev] = false;
More information about the Libreoffice-commits
mailing list