[Libreoffice-commits] core.git: chart2/source
Stephan Bergmann (via logerrit)
logerrit at kemper.freedesktop.org
Tue Mar 9 19:18:09 UTC 2021
chart2/source/tools/InternalDataProvider.cxx | 7 +++++++
1 file changed, 7 insertions(+)
New commits:
commit 6d43ba110084605462901bcee786c7ae4c1f3bdf
Author: Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Tue Mar 9 15:52:21 2021 +0100
Commit: Stephan Bergmann <sbergman at redhat.com>
CommitDate: Tue Mar 9 20:16:28 2021 +0100
Avoid signed-integer-overflow parsing table:cell-range-address="PivotChart"
...as happens during UITest_chart
UITEST_TEST_NAME=tdf107097.tdf107097.test_tdf107097 ever since
86b192965ee8d625092b723337f6a65bdf34dcb7 "tdf#107097: sc: Add UItest" added that
test (see <https://ci.libreoffice.org/job/lo_ubsan/1919/>),
> /chart2/source/tools/XMLRangeHelper.cxx:136:52: runtime error: signed integer overflow: 15 * 308915776 cannot be represented in type 'int'
> #0 0x2ad74a554918 in (anonymous namespace)::lcl_getSingleCellAddressFromXMLString(rtl::OUString const&, int, int, chart::XMLRangeHelper::Cell&) /chart2/source/tools/XMLRangeHelper.cxx:136:52
> #1 0x2ad74a553482 in (anonymous namespace)::lcl_getCellAddressFromXMLString(rtl::OUString const&, int, int, chart::XMLRangeHelper::Cell&, rtl::OUString&) /chart2/source/tools/XMLRangeHelper.cxx:217:13
> #2 0x2ad74a5505da in (anonymous namespace)::lcl_getCellRangeAddressFromXMLString(rtl::OUString const&, int, int, chart::XMLRangeHelper::CellRange&) /chart2/source/tools/XMLRangeHelper.cxx:253:19
> #3 0x2ad74a54fde1 in chart::XMLRangeHelper::getCellRangeFromXMLString(rtl::OUString const&) /chart2/source/tools/XMLRangeHelper.cxx:328:15
> #4 0x2ad74a2aed4d in chart::InternalDataProvider::convertRangeFromXML(rtl::OUString const&) /chart2/source/tools/InternalDataProvider.cxx:1227:39
> #5 0x2ad74a2b0164 in non-virtual thunk to chart::InternalDataProvider::convertRangeFromXML(rtl::OUString const&) /chart2/source/tools/InternalDataProvider.cxx
> #6 0x2ad6c4784257 in (anonymous namespace)::lcl_ConvertRange(rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::chart2::XChartDocument> const&) /xmloff/source/chart/SchXMLPlotAreaContext.cxx:76:32
> #7 0x2ad6c4779a67 in SchXMLPlotAreaContext::startFastElement(int, com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList> const&) /xmloff/source/chart/SchXMLPlotAreaContext.cxx:233:34
> #8 0x2ad6c4c6328a in SvXMLImport::startFastElement(int, com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList> const&) /xmloff/source/core/xmlimp.cxx:797:15
> #9 0x2ad704988b78 in (anonymous namespace)::Entity::startElement((anonymous namespace)::Event const*) /sax/source/fastparser/fastparser.cxx:468:27
> #10 0x2ad70496f681 in sax_fastparser::FastSaxParserImpl::consume((anonymous namespace)::EventList&) /sax/source/fastparser/fastparser.cxx:1026:25
> #11 0x2ad70496c65f in sax_fastparser::FastSaxParserImpl::parseStream(com::sun::star::xml::sax::InputSource const&) /sax/source/fastparser/fastparser.cxx:870:22
> #12 0x2ad7049905d1 in sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource const&) /sax/source/fastparser/fastparser.cxx:1482:13
> #13 0x2ad6c4c52b80 in SvXMLImport::parseStream(com::sun::star::xml::sax::InputSource const&) /xmloff/source/core/xmlimp.cxx:504:15
> #14 0x2ad749aafe1e in chart::XMLFilter::impl_ImportStream(rtl::OUString const&, rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Reference<com::sun::star::lang::XMultiComponentFactory> const&, com::sun::star::uno::Reference<com::sun::star::document::XGraphicStorageHandler> const&, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> const&) /chart2/source/model/filter/XMLFilter.cxx:473:34
> #15 0x2ad749aa9f01 in chart::XMLFilter::impl_Import(com::sun::star::uno::Reference<com::sun::star::lang::XComponent> const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /chart2/source/model/filter/XMLFilter.cxx:375:35
> #16 0x2ad749aa0988 in chart::XMLFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /chart2/source/model/filter/XMLFilter.cxx:221:13
> #17 0x2ad749c2c76e in chart::ChartModel::impl_load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&) /chart2/source/model/main/ChartModel_Persistence.cxx:567:18
> #18 0x2ad749c30eea in chart::ChartModel::loadFromStorage(com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /chart2/source/model/main/ChartModel_Persistence.cxx:759:5
> #19 0x2ad74244b977 in OCommonEmbeddedObject::LoadDocumentFromStorage_Impl() /embeddedobj/source/commonembedding/persistence.cxx:535:19
> #20 0x2ad7423d7bde in OCommonEmbeddedObject::SwitchStateTo_Impl(int) /embeddedobj/source/commonembedding/embedobj.cxx:185:49
> #21 0x2ad7423e32ff in OCommonEmbeddedObject::changeState(int) /embeddedobj/source/commonembedding/embedobj.cxx:453:13
> #22 0x2ad7424b7057 in OCommonEmbeddedObject::getPreferredVisualRepresentation(long) /embeddedobj/source/commonembedding/visobj.cxx:168:9
> #23 0x2ad67e08fdb6 in comphelper::EmbeddedObjectContainer::GetGraphicReplacementStream(long, com::sun::star::uno::Reference<com::sun::star::embed::XEmbeddedObject> const&, rtl::OUString*) /comphelper/source/container/embeddedobjectcontainer.cxx:1425:54
> #24 0x2ad6a447182c in svt::EmbeddedObjectRef::GetGraphicReplacementStream(long, com::sun::star::uno::Reference<com::sun::star::embed::XEmbeddedObject> const&, rtl::OUString*) /svtools/source/misc/embedhlp.cxx:809:12
> #25 0x2ad6a446c7d4 in svt::EmbeddedObjectRef::GetGraphicStream(bool) const /svtools/source/misc/embedhlp.cxx:616:23
> #26 0x2ad6a4469e58 in svt::EmbeddedObjectRef::GetReplacement(bool) /svtools/source/misc/embedhlp.cxx:424:46
> #27 0x2ad6a446d4ea in svt::EmbeddedObjectRef::GetGraphic() const /svtools/source/misc/embedhlp.cxx:453:54
> #28 0x2ad69d4a9470 in SdrOle2Obj::GetGraphic() const /svx/source/svdraw/svdoole2.cxx:1635:33
> #29 0x2ad71b222d01 in ScDrawTransferObj::ScDrawTransferObj(std::unique_ptr<SdrModel, std::default_delete<SdrModel> >, ScDocShell*, TransferableObjectDescriptor const&) /sc/source/ui/app/drwtrans.cxx:191:107
> #30 0x2ad71d7da932 in ScDrawView::DoCopy() /sc/source/ui/view/drawvie4.cxx:364:56
> #31 0x2ad71c1fb75a in ScDrawShell::ExecDrawFunc(SfxRequest&) /sc/source/ui/drawfunc/drawsh5.cxx:328:20
> #32 0x2ad71c1b181f in SfxStubScDrawShellExecDrawFunc(SfxShell*, SfxRequest&) /workdir/SdiTarget/sc/sdi/scslots.hxx:2823:1
> #33 0x2ad68de39d05 in SfxShell::CallExec(void (*)(SfxShell*, SfxRequest&), SfxRequest&) /include/sfx2/shell.hxx:197:35
> #34 0x2ad68ddd1214 in SfxDispatcher::Call_Impl(SfxShell&, SfxSlot const&, SfxRequest&, bool) /sfx2/source/control/dispatch.cxx:253:16
> #35 0x2ad68dde721f in SfxDispatcher::Execute_(SfxShell&, SfxSlot const&, SfxRequest&, SfxCallMode) /sfx2/source/control/dispatch.cxx:753:9
> #36 0x2ad68dd5edff in SfxBindings::Execute_Impl(SfxRequest&, SfxSlot const*, SfxShell*) /sfx2/source/control/bindings.cxx:1060:22
> #37 0x2ad68e24a322 in SfxDispatchController_Impl::dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) /sfx2/source/control/unoctitm.cxx:758:53
> #38 0x2ad68e245261 in SfxOfficeDispatch::dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /sfx2/source/control/unoctitm.cxx:229:16
> #39 0x2ad67e465052 in comphelper::dispatchCommand(rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) /comphelper/source/misc/dispatchcommand.cxx:61:12
> #40 0x2ad67e4657c5 in comphelper::dispatchCommand(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) /comphelper/source/misc/dispatchcommand.cxx:76:12
> #41 0x2ad6b39a49a6 in UITest::executeCommand(rtl::OUString const&) /vcl/source/uitest/uitest.cxx:24:12
> #42 0x2ad6b39b7240 in (anonymous namespace)::UITestUnoObj::executeCommand(rtl::OUString const&) /vcl/source/uitest/uno/uitest_uno.cxx:69:12
> #43 0x2ad6ee6508db in gcc3::callVirtualMethod(void*, unsigned int, void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int, unsigned long*, double*) /bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx:77:5
> #44 0x2ad6ee64abf2 in cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*, bridges::cpp_uno::shared::VtableSlot, _typelib_TypeDescriptionReference*, int, _typelib_MethodParameter*, void*, void**, _uno_Any**) /bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:233:13
> #45 0x2ad6ee64773d in unoInterfaceProxyDispatch /bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:413:13
> #46 0x2ad6f3a7d2ca in binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny*, std::__debug::vector<binaryurp::BinaryAny, std::allocator<binaryurp::BinaryAny> >*) const /binaryurp/source/incomingrequest.cxx:235:13
Creating a pivot chart apparently generates XML output containing
<chart:plot-area table:cell-range-address="PivotChart" ...>
which does not conform to ODF, see the mail thread starting at
<https://lists.freedesktop.org/archives/libreoffice/2021-February/086884.html>
"Integer overflow in Calc lcl_getSingleCellAddressFromXMLString nColumn
computation" for details.
And, ignoring the signed-integer-overflow UB for now,
InternalDataProvider::convertRangeFromXML would always have returned an empty
OUString for an input of aXMLRange="PivotChart":
chart::XMLRangeHelper::getCellRangeFromXMLString with rXMLString="PivotChart"
calls lcl_getCellAddressFromXMLString with rXMLString="PivotChart", nStartPos=0,
nEndPos=9, its leading while-loop mis-computes nDelimiterPos=nEndPos, so calls
lcl_getCellAddressFromXMLString with rXMLString="PivotChart", nStartPos=0,
nEndPos=9, its leading while-loop mis-computes nDelimiterPos=nEndPos, so it
doesn't set rOutTableName, so lcl_getCellAddressFromXMLString returns
bResult=false, so chart::XMLRangeHelper::getCellRangeFromXMLString returns an
empty CellRange().
So, similar to 9e5314f19c9dcff35b5cee5c5a1b7f744e495b2e "tdf#107097 invoke
internal DP and correctly handle 'range' names" added special handling of
aXMLRange values starting with "PT@" to
InternalDataProvider::convertRangeFromXML, also add explicit special handling
for "PivotChart" (instead of relying on the later code returning an empty
string, but after invoking UB).
Change-Id: I1671f0ab3b3ab00dce8e348aa3b7141ebebaaad5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112207
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
diff --git a/chart2/source/tools/InternalDataProvider.cxx b/chart2/source/tools/InternalDataProvider.cxx
index f1bf987fa2c6..edbef2f39401 100644
--- a/chart2/source/tools/InternalDataProvider.cxx
+++ b/chart2/source/tools/InternalDataProvider.cxx
@@ -1220,6 +1220,13 @@ OUString SAL_CALL InternalDataProvider::convertRangeToXML( const OUString& aRang
OUString SAL_CALL InternalDataProvider::convertRangeFromXML( const OUString& aXMLRange )
{
+ // Handle non-standards-conforming table:cell-range-address="PivotChart", see
+ // <https://bugs.documentfoundation.org/show_bug.cgi?id=112783> "PIVOT CHARTS: Save produces
+ // invalid file because of invalid cell address":
+ if (aXMLRange == "PivotChart") {
+ return "";
+ }
+
const OUString aPivotTableID("PT@");
if (aXMLRange.startsWith(aPivotTableID))
return aXMLRange.copy(aPivotTableID.getLength());
More information about the Libreoffice-commits
mailing list