[Libreoffice-commits] core.git: sw/source

[Stephan Bergmann]

 sw/source/core/inc/frmtool.hxx |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

New commits:
commit c837bfda8c646fe2f7ff789032dd9a6ee6fd396f
Author: Stephan Bergmann <sbergman at redhat.com>
Date:   Thu Oct 15 09:42:03 2015 +0200

    Always restrict FAR_AWAY to 32 bit
    
    ...as at least running CppunitTest_sw_ww8export under UBSan (in a 64 bit env.)
    revealed a case where a SdrHdl instance's aPos is (FAR_AWAY, FAR_AWAY), and that
    value is then used in computations that pass those FAR_AWAY values first through
    a double-based basegfx::B2DRange and then (in
    OverlayManagerBuffered::invalidateRange,
    svx/source/sdr/overlay/overlaymanagerbuffered.cxx) into a sal_Int32-based
    basegfx::B2IPoint, causing undefined behavior due to overflow:
    
    > svx/source/sdr/overlay/overlaymanagerbuffered.cxx:463:36: runtime error: value 6.14891e+17 is outside the range of representable values of type 'int'
    >  sdr::overlay::OverlayManagerBuffered::invalidateRange(basegfx::B2DRange const&) svx/source/sdr/overlay/overlaymanagerbuffered.cxx:463:36
    >  sdr::overlay::OverlayManager::impApplyAddActions(sdr::overlay::OverlayObject&) svx/source/sdr/overlay/overlaymanager.cxx:206:13
    >  sdr::overlay::OverlayManager::add(sdr::overlay::OverlayObject&) svx/source/sdr/overlay/overlaymanager.cxx:277:13
    >  SdrHdl::CreateB2dIAObject() svx/source/svdraw/svdhdl.cxx:631:29
    >  SdrHdl::Touch() svx/source/svdraw/svdhdl.cxx:398:5
    >  SdrHdl::SetHdlList(SdrHdlList*) svx/source/svdraw/svdhdl.cxx:379:9
    >  SdrHdlList::AddHdl(SdrHdl*, bool) svx/source/svdraw/svdhdl.cxx:2196:9
    >  SdrMarkView::SetMarkHandles() svx/source/svdraw/svdmrkv.cxx:780:47
    >  SdrDragView::SetMarkHandles() svx/source/svdraw/svddrgv.cxx:892:5
    >  SdrMarkView::AdjustMarkHdl() svx/source/svdraw/svdmrkv.cxx:1971:5
    >  SdrMarkView::MarkObj(SdrObject*, SdrPageView*, bool, bool) svx/source/svdraw/svdmrkv.cxx:1600:13
    >  SwFEShell::SelectFlyFrm(SwFlyFrm&, bool) sw/source/core/frmedt/fefly1.cxx:249:9
    >  SwFEShell::NewFlyFrm(SfxItemSet const&, bool, SwFrameFormat*) sw/source/core/frmedt/fefly1.cxx:752:13
    >  SwFlyFrmAttrMgr::InsertFlyFrm() sw/source/uibase/frmdlg/frmmgr.cxx:166:22
    >  SwFlyFrmAttrMgr::InsertFlyFrm(RndStdIds, Point const&, Size const&, bool) sw/source/uibase/frmdlg/frmmgr.cxx:199:5
    >  SwModule::InsertEnv(SfxRequest&) sw/source/uibase/app/appenv.cxx:433:13
    >  SwModule::ExecOther(SfxRequest&) sw/source/uibase/app/apphdl.cxx:625:13
    >  Test::postLoad(char const*) sw/qa/extras/ww8export/ww8export.cxx:79:13
    >  SwModelTestBase::executeImportExportImportTest(char const*) sw/qa/extras/inc/swmodeltestbase.hxx:216:9
    >  testTdf94386::Import_Export_Import() sw/qa/extras/ww8export/ww8export.cxx:571:1
    
    Change-Id: I4a8dfda252c31600b76d77b6e2b3bb8758326d47

diff --git a/sw/source/core/inc/frmtool.hxx b/sw/source/core/inc/frmtool.hxx
index b8d1b72..d4459bb 100644
--- a/sw/source/core/inc/frmtool.hxx
+++ b/sw/source/core/inc/frmtool.hxx
@@ -47,7 +47,7 @@ class SwPageDesc;
 class SwFrameFormats;
 class SwRegionRects;
 
-#define FAR_AWAY LONG_MAX - 20000  // initial position of a Fly
+#define FAR_AWAY SAL_MAX_INT32 - 20000  // initial position of a Fly
 #define BROWSE_HEIGHT 56700L * 10L // 10 Meters
 #define GRFNUM_NO 0
 #define GRFNUM_YES 1