[Libreoffice-commits] core.git: sc/source

[Caolán McNamara]

 sc/source/core/tool/compiler.cxx |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

New commits:
commit 6be596c282f84a3cb3a62edccfdfbf69663cf59e
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Sun Nov 12 21:16:42 2017 +0000

    ofz+valgrind: Conditional jump or move depends on uninitialised value
    
    if, before lcl_UnicodeStrNCpy is called, aSymbol contains embedded
    nulls then the aSymbol.getLength() and the mnRangeOpPosInSymbol value
    derived from an earlier aSymbol.getLength() include the range after
    the embedded null, while lcl_UnicodeStrNCpy stops at the first
    embedded null leaving cSymbol with uninitialized value that
    are later read from it.
    
    Conditional jump or move depends on uninitialised value(s)
       at 0x23BFBCA0: ScCompiler::IsReference(rtl::OUString const&, rtl::OUString const*) (compiler.cxx:3275)
       by 0x23BFFF4C: ScCompiler::NextNewToken(bool) (compiler.cxx:4248)
       by 0x23C00D20: ScCompiler::CompileString(rtl::OUString const&) (compiler.cxx:4419)
       by 0x23A29FAF: ScFormulaCell::Compile(rtl::OUString const&, bool, formula::FormulaGrammar::Grammar) (formulacell.cxx:1118)
       by 0x23A278B7: ScFormulaCell::ScFormulaCell(ScDocument*, ScAddress const&, rtl::OUString const&, formula::FormulaGrammar::Grammar, ScMatrixMode) (formulacell.cxx:656)
       by 0x23772EC3: ScColumn::ParseString(ScCellValue&, int, short, rtl::OUString const&, formula::FormulaGrammar::AddressConvention, ScSetStringParam const*) (column3.cxx:1729)
       by 0x2377354B: ScColumn::SetString(int, short, rtl::OUString const&, formula::FormulaGrammar::AddressConvention, ScSetStringParam*) (column3.cxx:1851)
       by 0x23AE2B97: ScTable::SetString(short, int, short, rtl::OUString const&, ScSetStringParam*) (table2.cxx:1369)
       by 0x23897045: ScDocument::SetString(short, int, short, rtl::OUString const&, ScSetStringParam*) (document.cxx:3377)
       by 0x1F35F41C: ScEEImport::WriteToDocument(bool, double, SvNumberFormatter*, bool) (eeimpars.cxx:400)
       by 0x1F366F3B: ScFormatFilterPluginImpl::ScImportRTF(SvStream&, rtl::OUString const&, ScDocument*, ScRange&) (rtfimp.cxx:34)
    
    Change-Id: Iefc6be6c3a383bd9b3cdeaa896c07e24e5100dc7
    Reviewed-on: https://gerrit.libreoffice.org/44658
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Eike Rathke <erack at redhat.com>

diff --git a/sc/source/core/tool/compiler.cxx b/sc/source/core/tool/compiler.cxx
index 68d1f3148135..ef64f87afede 100644
--- a/sc/source/core/tool/compiler.cxx
+++ b/sc/source/core/tool/compiler.cxx
@@ -1931,7 +1931,7 @@ void ScCompiler::SetError(FormulaError nError)
 static sal_Unicode* lcl_UnicodeStrNCpy( sal_Unicode* pDst, const sal_Unicode* pSrc, sal_Int32 nMax )
 {
     const sal_Unicode* const pStop = pDst + nMax;
-    while ( *pSrc && pDst < pStop )
+    while ( pDst < pStop )
     {
         *pDst++ = *pSrc++;
     }