[Libreoffice-commits] core.git: Branch 'libreoffice-7-2' - sw/qa sw/source

Caolán McNamara (via logerrit) logerrit at kemper.freedesktop.org
Thu Sep 2 14:45:04 UTC 2021


 sw/qa/core/data/html/pass/ofz-msan-1.html |binary
 sw/source/core/doc/docedt.cxx             |    2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

New commits:
commit 94531db026dc915292cbf954d7da91d92af96ab2
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Aug 30 21:24:40 2021 +0100
Commit:     Xisco Fauli <xiscofauli at libreoffice.org>
CommitDate: Thu Sep 2 16:44:29 2021 +0200

    ofz: MemorySanitizer: use-of-uninitialized-value
    
    surely a lookup of i equal to rTable.size() is bogus
    
    ==75288== Conditional jump or move depends on uninitialised value(s)
    ==75288==    at 0x1EC68C45: DelFlyInRange(SwNodeIndex const&, SwNodeIndex const&, SwIndex const*, SwIndex const*) (docedt.cxx:246)
    ==75288==    by 0x1EDE68D4: sw::DocumentContentOperationsManager::DeleteSection(SwNode*) (DocumentContentOperationsManager.cxx:2096)
    ==75288==    by 0x1FC27F2C: SwHTMLParser::DeleteSection(SwStartNode*) (htmltab.cxx:4945)
    ==75288==    by 0x1FC231EF: SwHTMLParser::BuildTable(SvxAdjust, bool, bool, bool) (htmltab.cxx:5219)
    ==75288==    by 0x1FC24B7B: SwHTMLParser::BuildTableCaption(HTMLTable*) (htmltab.cxx:4589)
    ==75288==    by 0x1FC23E34: SwHTMLParser::BuildTableRow(HTMLTable*, bool, SvxAdjust, short) (htmltab.cxx:4020)
    ==75288==    by 0x1FC25B38: SwHTMLParser::BuildTableSection(HTMLTable*, bool, bool) (htmltab.cxx:4189)
    ==75288==    by 0x1FC2237F: SwHTMLParser::BuildTable(SvxAdjust, bool, bool, bool) (htmltab.cxx:5055)
    ==75288==    by 0x1FC24B7B: SwHTMLParser::BuildTableCaption(HTMLTable*) (htmltab.cxx:4589)
    ==75288==    by 0x1FC23E34: SwHTMLParser::BuildTableRow(HTMLTable*, bool, SvxAdjust, short) (htmltab.cxx:4020)
    ==75288==    by 0x1FC25B38: SwHTMLParser::BuildTableSection(HTMLTable*, bool, bool) (htmltab.cxx:4189)
    ==75288==    by 0x1FC2237F: SwHTMLParser::BuildTable(SvxAdjust, bool, bool, bool) (htmltab.cxx:5055)
    ==75288==    by 0x1FC24B7B: SwHTMLParser::BuildTableCaption(HTMLTable*) (htmltab.cxx:4589)
    ==75288==    by 0x1FC23E34: SwHTMLParser::BuildTableRow(HTMLTable*, bool, SvxAdjust, short) (htmltab.cxx:4020)
    ==75288==    by 0x1FC25B38: SwHTMLParser::BuildTableSection(HTMLTable*, bool, bool) (htmltab.cxx:4189)
    ==75288==    by 0x1FC2237F: SwHTMLParser::BuildTable(SvxAdjust, bool, bool, bool) (htmltab.cxx:5055)
    ==75288==    by 0x1FC24B7B: SwHTMLParser::BuildTableCaption(HTMLTable*) (htmltab.cxx:4589)
    ==75288==    by 0x1FC23E34: SwHTMLParser::BuildTableRow(HTMLTable*, bool, SvxAdjust, short) (htmltab.cxx:4020)
    ==75288==    by 0x1FC25BC5: SwHTMLParser::BuildTableSection(HTMLTable*, bool, bool) (htmltab.cxx:4194)
    ==75288==    by 0x1FC2237F: SwHTMLParser::BuildTable(SvxAdjust, bool, bool, bool) (htmltab.cxx:5055)
    ==75288==    by 0x1FC79B2C: SwHTMLParser::NextToken(HtmlTokenId) (swhtml.cxx:1787)
    ==75288==    by 0x22060E6A: HTMLParser::Continue(HtmlTokenId) (parhtml.cxx:295)
    ==75288==    by 0x1FC745AC: SwHTMLParser::Continue(HtmlTokenId) (swhtml.cxx:683)
    ==75288==    by 0x22060CF5: HTMLParser::CallParser() (parhtml.cxx:279)
    ==75288==    by 0x1FC73F7F: SwHTMLParser::CallParser() (swhtml.cxx:607)
    ==75288==    by 0x1FC6FF90: HTMLReader::Read(SwDoc&, rtl::OUString const&, SwPaM&, rtl::OUString const&) (swhtml.cxx:238)
    
    Change-Id: I9583e5be41fe76f19c699394961ed2717a990cc3
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121351
    Tested-by: Jenkins
    Tested-by: Caolán McNamara <caolanm at redhat.com>
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    (cherry picked from commit 6b851810d43e4a9ea8119d97436f658593ff8f1b)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121416
    Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>

diff --git a/sw/qa/core/data/html/pass/ofz-msan-1.html b/sw/qa/core/data/html/pass/ofz-msan-1.html
new file mode 100644
index 000000000000..5237a3d1dda2
Binary files /dev/null and b/sw/qa/core/data/html/pass/ofz-msan-1.html differ
diff --git a/sw/source/core/doc/docedt.cxx b/sw/source/core/doc/docedt.cxx
index 9efeb5c1ec75..7d6dc4091937 100644
--- a/sw/source/core/doc/docedt.cxx
+++ b/sw/source/core/doc/docedt.cxx
@@ -243,7 +243,7 @@ void DelFlyInRange( const SwNodeIndex& rMkNdIdx,
                 // Position could have been moved!
                 if (i > rTable.size())
                     i = rTable.size();
-                else if (pFormat != rTable[i])
+                else if (i == rTable.size() || pFormat != rTable[i])
                     i = std::distance(rTable.begin(), rTable.find( pFormat ));
             }
 


More information about the Libreoffice-commits mailing list