[Libreoffice-commits] core.git: sc/source

Libreoffice Gerrit user logerrit at kemper.freedesktop.org
Fri Nov 9 17:13:50 UTC 2018 

 sc/source/filter/inc/xladdress.hxx |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

New commits:
commit d75563504643f4b4f8275cb754ec5ab4d786b7ad
Author:     Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Fri Nov 9 16:41:55 2018 +0100
Commit:     Stephan Bergmann <sbergman at redhat.com>
CommitDate: Fri Nov 9 18:11:52 2018 +0100

    Make XclRange::GetCol/RowCount more robust
    
    Under (new-in-Clang) -fsanitize=implicit-signed-integer-truncation,
    CppunitTest_sc_filters_test failed with
    
    > Testing file:///.../sc/qa/unit/data/xls/pass/crash-7.xls:
    > warn:sc:27699:27699:sc/source/filter/excel/xlroot.cxx:158: XclRootData::XclRootData - cannot get output device info: N3com3sun4star3uno9ExceptionE msg: invalid attempt to assign an empty interface of type com.sun.star.frame.XFrame!
    > warn:legacy.osl:27699:27699:sc/source/filter/excel/xilink.cxx:631: XclImpSupbook::XclImpSupbook - unknown special SUPBOOK type
    > warn:sc:27699:27699:sc/source/filter/excel/xilink.cxx:703: XclImpSupbook::GetExternName - index must be >0
    > warn:legacy.osl:27699:27699:sc/source/filter/excel/xistream.cxx:802: XclImpStream::Ignore - record overread
    > sc/source/filter/inc/xladdress.hxx:72:47: runtime error: implicit conversion from type 'int' of value -511 (32-bit, signed) to type 'sal_uInt16' (aka 'unsigned short') changed the value to 65025 (16-bit, unsigned)
    >  #0 in XclRange::GetColCount() const at sc/source/filter/inc/xladdress.hxx:72:47 (instdir/program/libscfiltlo.so +0x2510655)
    >  #1 in ImportExcel::ReadDimensions() at sc/source/filter/excel/impop.cxx:255:27 (instdir/program/libscfiltlo.so +0x24e52c4)
    >  #2 in ImportExcel8::Read() at sc/source/filter/excel/read.cxx:1110:49 (instdir/program/libscfiltlo.so +0x2589a90)
    >  #3 in ScFormatFilterPluginImpl::ScImportExcel(SfxMedium&, ScDocument*, EXCIMPFORMAT) at sc/source/filter/excel/excel.cxx:145:35 (instdir/program/libscfiltlo.so +0x230df62)
    >  #4 in ScDocShell::ConvertFrom(SfxMedium&) at sc/source/ui/docshell/docsh.cxx:1265:52 (instdir/program/libsclo.so +0xcc8db50)
    >  #5 in SfxObjectShell::DoLoad(SfxMedium*) at sfx2/source/doc/objstor.cxx:787:23 (instdir/program/libsfxlo.so +0x389f0df)
    >  #6 in ScBootstrapFixture::load(bool, rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned long, rtl::OUString const*) at sc/qa/unit/helper/qahelper.cxx:582:21 (workdir/LinkTarget/CppunitTest/../Library/libscqahelper.so +0x869b5)
    >  #7 in ScBootstrapFixture::load(rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned long, rtl::OUString const*) at sc/qa/unit/helper/qahelper.cxx:597:12 (workdir/LinkTarget/CppunitTest/../Library/libscqahelper.so +0x86fa6)
    >  #8 in ScFiltersTest::load(rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned int) at sc/qa/unit/filters-test.cxx:125:51 (workdir/LinkTarget/CppunitTest/libtest_sc_filters_test.so +0x4623a)
    >  #9 in test::FiltersTest::recursiveScan(test::filterStatus, rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned int, bool) at unotest/source/cpp/filters-test.cxx:130:20 (workdir/LinkTarget/CppunitTest/../Library/libunotest.so +0x7526d)
    >  #10 in test::FiltersTest::testDir(rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned int, bool) at unotest/source/cpp/filters-test.cxx:155:5 (workdir/LinkTarget/CppunitTest/../Library/libunotest.so +0x79127)
    >  #11 in ScFiltersTest::testCVEs() at sc/qa/unit/filters-test.cxx:146:5 (workdir/LinkTarget/CppunitTest/libtest_sc_filters_test.so +0x4729d)
    [...]
    
    so it smells like the given XclRange (with maFirst.mnCol=512, maFirst.mnRow=0,
    maLast.mnCol=0, maLast.mnRow=0) already is the result of some previous lenient
    parsing of invalid input.
    
    Change-Id: Ib7915eac5526fc295e7fbbc1c001549b991ddbf7
    Reviewed-on: https://gerrit.libreoffice.org/63200
    Tested-by: Jenkins
    Reviewed-by: Stephan Bergmann <sbergman at redhat.com>

diff --git a/sc/source/filter/inc/xladdress.hxx b/sc/source/filter/inc/xladdress.hxx
index 141faeb6c71f..da72035a2c89 100644
--- a/sc/source/filter/inc/xladdress.hxx
+++ b/sc/source/filter/inc/xladdress.hxx
@@ -69,8 +69,14 @@ struct XclRange
     void         Set( sal_uInt16 nCol1, sal_uInt32 nRow1, sal_uInt16 nCol2, sal_uInt32 nRow2 )
                             { maFirst.Set( nCol1, nRow1 ); maLast.Set( nCol2, nRow2 ); }
 
-    sal_uInt16   GetColCount() const { return maLast.mnCol - maFirst.mnCol + 1; }
-    sal_uInt32   GetRowCount() const { return maLast.mnRow - maFirst.mnRow + 1; }
+    sal_uInt16   GetColCount() const {
+        return maFirst.mnCol <= maLast.mnCol && maFirst.mnRow <= maLast.mnRow
+            ? maLast.mnCol - maFirst.mnCol + 1 : 0;
+    }
+    sal_uInt32   GetRowCount() const {
+        return maFirst.mnCol <= maLast.mnCol && maFirst.mnRow <= maLast.mnRow
+            ? maLast.mnRow - maFirst.mnRow + 1 : 0;
+    }
     bool                Contains( const XclAddress& rPos ) const;
 
     void                Read( XclImpStream& rStrm, bool bCol16Bit = true );

More information about the Libreoffice-commits mailing list