[PUSHED-3-6] fix for fdo#55022, crash when opening the test file in ScDBQueryDataIterator

Markus Mohrhard markus.mohrhard at googlemail.com
Thu Sep 27 14:44:23 PDT 2012


Hey Michael,

2012/9/27 Michael Meeks <michael.meeks at suse.com>:
> Hi Markus,
>
> On Thu, 2012-09-27 at 00:34 +0200, Markus Mohrhard wrote:
>> [1] fixes a crash when opening the test file. The problem is that we
>> dereference a past the end element. The code was always wrong but we
>> fixed another bug in this part of the code for 3-6 so that it now
>> crashes.
>
>         Amusing :-)
>
>> [1] http://cgit.freedesktop.org/libreoffice/core/commit/?id=70412d0f3f7979d3d069be8121d49dbb96775cce
>
>         Seems reasonable, but would:
>
> @@ -564,7 +564,7 @@ bool ScDBQueryDataIterator::DataAccessInternal::getCurrent(Value& rValue)
>              return false;
>
>          SCROW nThisRow = ScDBQueryDataIterator::GetRowByColEntryIndex(*mpDoc, nTab, nCol, nColRow);
> -        while ( (nColRow < nCellCount) && (nThisRow < nRow) )
> +        while ( (nColRow < nCellCount - 1) && (nThisRow < nRow) )
>              nThisRow = ScDBQueryDataIterator::GetRowByColEntryIndex(*mpDoc, nTab, nCol, ++nColRow);
>
>          if ( nColRow < nCellCount && nThisRow <= mpParam->nRow2 )
>
>         Not have the same effect ? either way I cherry-picked as-is to -3-6.
>

No this one results in a infinite loop because the check nColRow <
nCellCount in the next if will be always true when it was not before.
My patch still increments so that the check there is false and we stop
iterating through the DB range.

Regards,
Markus


More information about the LibreOffice mailing list