[libreoffice/f18] do not access vector elements beyond size, rhbz#847519 related
Eike Rathke
erack at fedoraproject.org
Tue Feb 19 23:00:05 UTC 2013
commit cbff264d739150c79ea35e073454cfe9bb89e535
Author: Eike Rathke <erack at redhat.com>
Date: Tue Feb 19 23:58:24 2013 +0100
do not access vector elements beyond size, rhbz#847519 related
...ss-vector-elements-beyond-size-rhbz-84751.patch | 79 ++++++++++++++++++++
libreoffice.spec | 5 +-
2 files changed, 83 insertions(+), 1 deletions(-)
---
diff --git a/0001-do-not-access-vector-elements-beyond-size-rhbz-84751.patch b/0001-do-not-access-vector-elements-beyond-size-rhbz-84751.patch
new file mode 100644
index 0000000..2acc7a0
--- /dev/null
+++ b/0001-do-not-access-vector-elements-beyond-size-rhbz-84751.patch
@@ -0,0 +1,79 @@
+From 103243c08789834a55ce0733aa84d19df3f6004f Mon Sep 17 00:00:00 2001
+Message-Id: <103243c08789834a55ce0733aa84d19df3f6004f.1361314290.git.erack at redhat.com>
+From: Eike Rathke <erack at redhat.com>
+Date: Tue, 19 Feb 2013 19:22:27 +0100
+Subject: [PATCH] do not access vector elements beyond size, rhbz#847519
+ related
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
+
+This is a multi-part message in MIME format.
+--------------erAck-patch-parts
+Content-Type: text/plain; charset=UTF-8; format=fixed
+Content-Transfer-Encoding: 8bit
+
+
+The actual bug (crash) is not triggered anymore because the categories
+are assembled differently, nevertheless the code in question could
+expose the same behavior under different preconditions.
+
+Change-Id: Ic37f6b34effaf4e5252e80aab46b021547b36efb
+(cherry picked from commit d1ba2cd612a4c39976e2980c7dc4e3fa38c88470)
+---
+ chart2/source/tools/ExplicitCategoriesProvider.cxx | 24 ++++++++++++-------
+ 1 files changed, 15 insertions(+), 9 deletions(-)
+
+
+--------------erAck-patch-parts
+Content-Type: text/x-patch; name="0001-do-not-access-vector-elements-beyond-size-rhbz-84751.patch"
+Content-Transfer-Encoding: 8bit
+Content-Disposition: attachment; filename="0001-do-not-access-vector-elements-beyond-size-rhbz-84751.patch"
+
+diff --git a/chart2/source/tools/ExplicitCategoriesProvider.cxx b/chart2/source/tools/ExplicitCategoriesProvider.cxx
+index bc938e6..c593a51 100644
+--- a/chart2/source/tools/ExplicitCategoriesProvider.cxx
++++ b/chart2/source/tools/ExplicitCategoriesProvider.cxx
+@@ -362,11 +362,14 @@ Sequence< OUString > lcl_getExplicitSimpleCategories(
+ }
+ for( aOuterIt=rComplexCats.begin(); aOuterIt != aOuterEnd; ++aOuterIt )
+ {
+- sal_Int32 nCurrentCount = lcl_getCategoryCount( *aOuterIt );
+- if( nCurrentCount< nMaxCategoryCount )
++ if ( !aOuterIt->empty() )
+ {
+- ComplexCategory& rComplexCategory = aOuterIt->back();
+- rComplexCategory.Count += (nMaxCategoryCount-nCurrentCount);
++ sal_Int32 nCurrentCount = lcl_getCategoryCount( *aOuterIt );
++ if( nCurrentCount< nMaxCategoryCount )
++ {
++ ComplexCategory& rComplexCategory = aOuterIt->back();
++ rComplexCategory.Count += (nMaxCategoryCount-nCurrentCount);
++ }
+ }
+ }
+ }
+@@ -398,12 +401,15 @@ Sequence< OUString > lcl_getExplicitSimpleCategories(
+ OUString aText;
+ for( aOuterIt=aComplexCatsPerIndex.begin() ; aOuterIt != aOuterEnd; ++aOuterIt )
+ {
+- OUString aAddText = (*aOuterIt)[nN].Text;
+- if( !aAddText.isEmpty() )
++ if ( static_cast<size_t>(nN) < aOuterIt->size() )
+ {
+- if(!aText.isEmpty())
+- aText += aSpace;
+- aText += aAddText;
++ OUString aAddText = (*aOuterIt)[nN].Text;
++ if( !aAddText.isEmpty() )
++ {
++ if(!aText.isEmpty())
++ aText += aSpace;
++ aText += aAddText;
++ }
+ }
+ }
+ aRet[nN]=aText;
+
+--------------erAck-patch-parts--
+
+
diff --git a/libreoffice.spec b/libreoffice.spec
index a3f4396..0c044be 100644
--- a/libreoffice.spec
+++ b/libreoffice.spec
@@ -44,7 +44,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice
Epoch: 1
Version: %{libo_version}.2
-Release: 5%{?libo_prerelease}%{?dist}
+Release: 6%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and Artistic and MPLv2.0
Group: Applications/Productivity
URL: http://www.documentfoundation.org/develop
@@ -258,6 +258,7 @@ Patch36: 0001-make-evolution-3.6-work-with-address-book.patch
Patch37: 0001-rhbz-908674-Adapt-rtl-Allocator-construct-to-C-11.patch
Patch38: 0001-Resolves-rhbz-910176-cannot-select-directory-with-gn.patch
Patch39: 0001-Resolves-rhbz-895196-sc-filter-float-a11y-parent-of-.patch
+Patch40: 0001-do-not-access-vector-elements-beyond-size-rhbz-84751.patch
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
%define instdir %{_libdir}
@@ -1009,6 +1010,7 @@ mv -f redhat.soc extras/source/palettes/standard.soc
%patch37 -p1 -b .rhbz-908674-Adapt-rtl-Allocator-construct-to-C-11.patch
%patch38 -p1 -b .rhbz-910176-cannot-select-directory-with-gn.patch
%patch39 -p1 -b .rhbz-895196-sc-filter-float-a11y-parent-of-.patch
+%patch40 -p1 -b .do-not-access-vector-elements-beyond-size-rhbz-84751.patch
# TODO: check this
# these are horribly incomplete--empty translations and copied english
@@ -2280,6 +2282,7 @@ update-desktop-database %{_datadir}/applications &> /dev/null || :
%changelog
* Tue Feb 19 2013 Caolán McNamara <caolanm at redhat.com> - 1:3.6.5.2-5-UNBUILT
- Resolves: rhbz#895196 sc filter float a11y parent of itself
+- do not access vector elements beyond size, rhbz#847519 related
* Fri Feb 15 2013 Caolán McNamara <caolanm at redhat.com> - 1:3.6.5.2-4
- make evolution 3.6 work with address book
More information about the scm-commits
mailing list