[Libreoffice] [REVIEW] Fix for fdo#37520
Kohei Yoshida
kohei.yoshida at gmail.com
Tue May 24 13:03:58 PDT 2011
The attached patch fixes the crasher reported in
https://bugs.freedesktop.org/show_bug.cgi?id=37520
The crash occurs in ScRangeList::Join() where the array size is cached
prior to the for loop, but array may shrink during the loop, in which
case an out-of-bound array access may occur which in turn results in a
crash. I'm actually surprised that this didn't cause a crash on
Linux.
Anyhow, the solution is to always dynamically check the size of the
array via size() method in each iteration, instead of caching it for
all iterations.
Review appreciated. I'd like this to go into the -3-4-0 branch. So I
need three sign-off's.
Kohei
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-fdo-37520-Don-t-cache-the-array-size-but-query-it-dy.patch
Type: application/octet-stream
Size: 1132 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/libreoffice/attachments/20110524/c64a4997/attachment.obj>
More information about the LibreOffice
mailing list