[Libreoffice] [REVIEW] Fix for fdo#37520
Noel Power
nopower at novell.com
Wed May 25 02:14:12 PDT 2011
On 24/05/11 21:03, Kohei Yoshida wrote:
> The attached patch fixes the crasher reported in
>
> https://bugs.freedesktop.org/show_bug.cgi?id=37520
>
> The crash occurs in ScRangeList::Join() where the array size is cached
> prior to the for loop, but array may shrink during the loop, in which
> case an out-of-bound array access may occur which in turn results in a
> crash. I'm actually surprised that this didn't cause a crash on
> Linux.
>
> Anyhow, the solution is to always dynamically check the size of the
> array via size() method in each iteration, instead of caching it for
> all iterations.
>
> Review appreciated. I'd like this to go into the -3-4-0 branch. So I
> need three sign-off's.
>
> Kohei
the third and pushed to 3.4.0 ( not sure are we finished with that
branch though )
Noel
More information about the LibreOffice
mailing list