[Libreoffice-commits] core.git: sc/source

Stephan Bergmann (via logerrit) logerrit at kemper.freedesktop.org
Mon Jun 3 17:01:41 UTC 2019 

 sc/source/core/data/column2.cxx  |    9 ++++++---
 sc/source/core/data/fillinfo.cxx |    6 +++---
 2 files changed, 9 insertions(+), 6 deletions(-)

New commits:
commit d4dd07320d931d8d979b6667bd894763d909cbb1
Author:     Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Fri May 31 16:31:18 2019 +0200
Commit:     Eike Rathke <erack at redhat.com>
CommitDate: Mon Jun 3 19:00:36 2019 +0200

    Avoid overflow with large row heights
    
    With -fsanitize=float-cast-overflow, opening csv/fdo54919-3.csv as obtained by
    bin/get-bugzilla-attachments-by-mimetype (i.e., the attachment at
    <https://bugs.documentfoundation.org/show_bug.cgi?id=54919#c2>) fails first with
    
    > sc/source/core/data/column2.cxx:942:75: runtime error: 73940.3 is outside the range of representable values of type 'unsigned short'
    >  #0 in ScColumn::GetOptimalHeight(sc::RowHeightContext&, int, int, unsigned short, int) at sc/source/core/data/column2.cxx:942:75 (instdir/program/../program/libsclo.so +0xc93bfaf)
    >  #1 in (anonymous namespace)::GetOptimalHeightsInColumn(sc::RowHeightContext&, ScColContainer&, int, int, ScProgress*, unsigned long) at sc/source/core/data/table1.cxx:114:20 (instdir/program/../program/libsclo.so +0xe02fd57)
    >  #2 in ScTable::SetOptimalHeight(sc::RowHeightContext&, int, int, ScProgress*, unsigned long) at sc/source/core/data/table1.cxx:466:5 (instdir/program/../program/libsclo.so +0xe02ec69)
    >  #3 in ScDocument::SetOptimalHeight(sc::RowHeightContext&, int, int, short) at sc/source/core/data/document.cxx:4267:18 (instdir/program/../program/libsclo.so +0xd18bc12)
    >  #4 in ScDocShell::AdjustRowHeight(int, int, short) at sc/source/ui/docshell/docsh5.cxx:411:32 (instdir/program/../program/libsclo.so +0x111eb5c6)
    >  #5 in ScImportExport::ExtText2Doc(SvStream&) at sc/source/ui/docshell/impex.cxx:1469:29 (instdir/program/../program/libsclo.so +0x11498773)
    >  #6 in ScImportExport::ImportStream(SvStream&, rtl::OUString const&, SotClipboardFormatId) at sc/source/ui/docshell/impex.cxx:379:13 (instdir/program/../program/libsclo.so +0x11492715)
    >  #7 in ScDocShell::ConvertFrom(SfxMedium&) at sc/source/ui/docshell/docsh.cxx:1299:35 (instdir/program/../program/libsclo.so +0x110b0cee)
    >  #8 in SfxObjectShell::DoLoad(SfxMedium*) at sfx2/source/doc/objstor.cxx:768:23 (instdir/program/libsfxlo.so +0x49d934a)
    [...]
    
    and then with
    
    > sc/source/core/data/fillinfo.cxx:216:59: runtime error: 113431 is outside the range of representable values of type 'unsigned short'
    >  #0 in (anonymous namespace)::initRowInfo(ScDocument const*, RowInfo*, unsigned long, double, int, short, int&, unsigned long&, int&) at sc/source/core/data/fillinfo.cxx:216:59 (instdir/program/../program/libsclo.so +0xdb8ebcf)
    >  #1 in ScDocument::FillInfo(ScTableInfo&, short, int, short, int, short, double, double, bool, bool, ScMarkData const*) at sc/source/core/data/fillinfo.cxx:401:5 (instdir/program/../program/libsclo.so +0xdb7896e)
    >  #2 in ScPrintFunc::DrawToDev(ScDocument*, OutputDevice*, double, tools::Rectangle const&, ScViewData*, bool) at sc/source/ui/view/printfun.cxx:544:11 (instdir/program/../program/libsclo.so +0x1309d461)
    >  #3 in ScDocShell::Draw(OutputDevice*, JobSetup const&, unsigned short) at sc/source/ui/docshell/docsh4.cxx:2036:9 (instdir/program/../program/libsclo.so +0x111aabd7)
    >  #4 in SfxObjectShell::DoDraw_Impl(OutputDevice*, Point const&, Fraction const&, Fraction const&, JobSetup const&, unsigned short) at sfx2/source/doc/objembed.cxx:229:5 (instdir/program/libsfxlo.so +0x491e953)
    >  #5 in SfxObjectShell::DoDraw(OutputDevice*, Point const&, Size const&, JobSetup const&, unsigned short) at sfx2/source/doc/objembed.cxx:176:9 (instdir/program/libsfxlo.so +0x491cbb3)
    >  #6 in SfxObjectShell::CreatePreviewMetaFile_Impl(bool) const at sfx2/source/doc/objcont.cxx:171:40 (instdir/program/libsfxlo.so +0x48ffc5a)
    >  #7 in SfxObjectShell::GetPreviewMetaFile(bool) const at sfx2/source/doc/objcont.cxx:118:12 (instdir/program/libsfxlo.so +0x48fdc15)
    >  #8 in SfxPickListImpl::AddDocumentToPickList(SfxObjectShell*) at sfx2/source/appl/sfxpicklist.cxx:135:62 (instdir/program/libsfxlo.so +0x361c3e5)
    [...]
    
    These are similar to <https://gerrit.libreoffice.org/#/c/73267/> "Avoid overflow
    when scaling column width" and <https://gerrit.libreoffice.org/#/c/73273/>
    "Avoid overflow in ScColumn::GetOptimalColWidth", respectively, for column width
    calculations, and given csv/fdo54919-3.csv has a rather tall fifth row, these
    values do not look completely implausible---which of course begs the question
    whether sal_uInt16 is an appropriate data type here.
    
    But assuming sal_uInt16 is a useful choice, just clamp the calculated heights
    accordingly.  (Using std::clamp, we can get rid of the following lines in
    initRowInfo that ensure nHeight >= 1.)
    
    Change-Id: I99f97c1dedcd8c6d2daa63f2e10011a3ce837fe4
    Reviewed-on: https://gerrit.libreoffice.org/73278
    Tested-by: Jenkins
    Reviewed-by: Eike Rathke <erack at redhat.com>

diff --git a/sc/source/core/data/column2.cxx b/sc/source/core/data/column2.cxx
index a29505584a27..0a54f877c0b1 100644
--- a/sc/source/core/data/column2.cxx
+++ b/sc/source/core/data/column2.cxx
@@ -939,9 +939,12 @@ void ScColumn::GetOptimalHeight(
                         {
                             aOptions.pPattern = pPattern;
                             const ScPatternAttr* pOldPattern = pPattern;
-                            sal_uInt16 nHeight = static_cast<sal_uInt16>( GetNeededSize( nRow, rCxt.getOutputDevice(), rCxt.getPPTX(), rCxt.getPPTY(),
-                                                        rCxt.getZoomX(), rCxt.getZoomY(), false, aOptions,
-                                                        &pPattern) / rCxt.getPPTY() );
+                            sal_uInt16 nHeight = static_cast<sal_uInt16>(
+                                std::min(
+                                    GetNeededSize( nRow, rCxt.getOutputDevice(), rCxt.getPPTX(), rCxt.getPPTY(),
+                                                   rCxt.getZoomX(), rCxt.getZoomY(), false, aOptions,
+                                                   &pPattern) / rCxt.getPPTY(),
+                                    double(std::numeric_limits<sal_uInt16>::max())));
                             if (nHeight > rHeights.getValue(nRow))
                                 rHeights.setValue(nRow, nRow, nHeight);
                             // Pattern changed due to calculation? => sync.
diff --git a/sc/source/core/data/fillinfo.cxx b/sc/source/core/data/fillinfo.cxx
index abe95752ff68..48749179a0a3 100644
--- a/sc/source/core/data/fillinfo.cxx
+++ b/sc/source/core/data/fillinfo.cxx
@@ -213,9 +213,9 @@ void initRowInfo(const ScDocument* pDoc, RowInfo* pRowInfo, const SCSIZE nMaxRow
             RowInfo* pThisRowInfo = &pRowInfo[rArrRow];
             pThisRowInfo->pCellInfo = nullptr;                 // is loaded below
 
-            sal_uInt16 nHeight = static_cast<sal_uInt16>( nDocHeight * fRowScale );
-            if (!nHeight)
-                nHeight = 1;
+            sal_uInt16 nHeight = static_cast<sal_uInt16>(
+                std::clamp(
+                    nDocHeight * fRowScale, 1.0, double(std::numeric_limits<sal_uInt16>::max())));
 
             pThisRowInfo->nRowNo        = nY;               //TODO: case < 0 ?
             pThisRowInfo->nHeight       = nHeight;

More information about the Libreoffice-commits mailing list