[libreoffice] Resolves: fdo#77509 memory corruption / crash in Consolidate
Eike Rathke
erack at fedoraproject.org
Fri May 9 09:33:34 UTC 2014
commit 5e2758cad9e6d635efe14e9d7e77b2c9c92215dc
Author: Eike Rathke <erack at redhat.com>
Date: Fri May 9 11:33:00 2014 +0200
Resolves: fdo#77509 memory corruption / crash in Consolidate
...-77509-memory-corruption-crash-in-Consoli.patch | 197 ++++++++++++++++++++
libreoffice.spec | 6 +-
2 files changed, 202 insertions(+), 1 deletions(-)
---
diff --git a/0001-resolve-fdo-77509-memory-corruption-crash-in-Consoli.patch b/0001-resolve-fdo-77509-memory-corruption-crash-in-Consoli.patch
new file mode 100644
index 0000000..74445ea
--- /dev/null
+++ b/0001-resolve-fdo-77509-memory-corruption-crash-in-Consoli.patch
@@ -0,0 +1,197 @@
+From 9bcdcd06781ea8a291510c42075ab08154a6d666 Mon Sep 17 00:00:00 2001
+Message-Id: <9bcdcd06781ea8a291510c42075ab08154a6d666.1399592425.git.erack at redhat.com>
+From: Eike Rathke <erack at redhat.com>
+Date: Fri, 9 May 2014 00:11:06 +0200
+Subject: [PATCH] resolve fdo#77509 memory corruption / crash in Consolidate
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
+
+This is a multi-part message in MIME format.
+--------------erAck-patch-parts
+Content-Type: text/plain; charset=UTF-8; format=fixed
+Content-Transfer-Encoding: 8bit
+
+
+Regression introduced with c81dec478ab0618f2acd2580654a93d3a7185444
+memcpy some sizeof(OUString) is doomed to fail.
+
+Change-Id: I81dc9cc7eaf02607ed05b4d284a7e5e462eeeb0a
+(cherry picked from commit e891afeccba8f20f8bdaeacb20f2215cfcb1abfd)
+---
+ sc/inc/consoli.hxx | 7 +++---
+ sc/source/core/tool/consoli.cxx | 52 +++++++++++++++--------------------------
+ 2 files changed, 22 insertions(+), 37 deletions(-)
+
+
+--------------erAck-patch-parts
+Content-Type: text/x-patch; name="0001-resolve-fdo-77509-memory-corruption-crash-in-Consoli.patch"
+Content-Transfer-Encoding: 8bit
+Content-Disposition: attachment; filename="0001-resolve-fdo-77509-memory-corruption-crash-in-Consoli.patch"
+
+diff --git a/sc/inc/consoli.hxx b/sc/inc/consoli.hxx
+index 9ae5060..e93ea8a 100644
+--- a/sc/inc/consoli.hxx
++++ b/sc/inc/consoli.hxx
+@@ -80,11 +80,10 @@ private:
+ double** ppCount;
+ double** ppSumSqr;
+ ScReferenceList** ppRefs;
+- OUString* mpColHeaders;
+- OUString* mpRowHeaders;
++ ::std::vector<OUString> maColHeaders;
++ ::std::vector<OUString> maRowHeaders;
++ ::std::vector<OUString> maTitles;
+ SCSIZE nDataCount;
+- SCSIZE nTitleCount;
+- OUString* mpTitles;
+ SCSIZE** ppTitlePos;
+ sal_Bool bCornerUsed;
+ OUString aCornerText; // only for bColByName && bRowByName
+diff --git a/sc/source/core/tool/consoli.cxx b/sc/source/core/tool/consoli.cxx
+index 3dbe8f9..c2a5121 100644
+--- a/sc/source/core/tool/consoli.cxx
++++ b/sc/source/core/tool/consoli.cxx
+@@ -70,16 +70,9 @@ void ScReferenceList::AddEntry( SCCOL nCol, SCROW nRow, SCTAB nTab )
+ }
+
+ template< typename T >
+-static void lcl_AddString( OUString*& pData, T& nCount, const OUString& rInsert )
++static void lcl_AddString( ::std::vector<OUString>& rData, T& nCount, const OUString& rInsert )
+ {
+- OUString* pOldData = pData;
+- pData = new OUString[ nCount+1 ];
+- if (pOldData)
+- {
+- memcpy( pData, pOldData, nCount * sizeof(OUString) );
+- delete[] pOldData;
+- }
+- pData[nCount] = rInsert;
++ rData.push_back( rInsert);
+ ++nCount;
+ }
+
+@@ -95,11 +88,7 @@ ScConsData::ScConsData() :
+ ppCount(NULL),
+ ppSumSqr(NULL),
+ ppRefs(NULL),
+- mpColHeaders(NULL),
+- mpRowHeaders(NULL),
+ nDataCount(0),
+- nTitleCount(0),
+- mpTitles(NULL),
+ ppTitlePos(NULL),
+ bCornerUsed(false)
+ {
+@@ -140,16 +129,12 @@ void ScConsData::DeleteData()
+ DELETEARR( ppSumSqr,nColCount );
+ DELETEARR( ppUsed, nColCount ); // erst nach ppRefs !!!
+ DELETEARR( ppTitlePos, nRowCount );
+- delete[] mpColHeaders;
+- mpColHeaders = NULL;
+- delete[] mpRowHeaders;
+- mpRowHeaders = NULL;
+- delete[] mpTitles;
+- mpTitles = NULL;
+- nTitleCount = 0;
++ ::std::vector<OUString>().swap( maColHeaders);
++ ::std::vector<OUString>().swap( maRowHeaders);
++ ::std::vector<OUString>().swap( maTitles);
+ nDataCount = 0;
+
+- if (bColByName) nColCount = 0; // sonst stimmt mpColHeaders nicht
++ if (bColByName) nColCount = 0; // sonst stimmt maColHeaders nicht
+ if (bRowByName) nRowCount = 0;
+
+ bCornerUsed = false;
+@@ -256,10 +241,10 @@ void ScConsData::AddFields( ScDocument* pSrcDoc, SCTAB nTab,
+ {
+ bool bFound = false;
+ for (SCSIZE i=0; i<nColCount && !bFound; i++)
+- if ( mpColHeaders[i] == aTitle )
++ if ( maColHeaders[i] == aTitle )
+ bFound = true;
+ if (!bFound)
+- lcl_AddString( mpColHeaders, nColCount, aTitle );
++ lcl_AddString( maColHeaders, nColCount, aTitle );
+ }
+ }
+ }
+@@ -273,10 +258,10 @@ void ScConsData::AddFields( ScDocument* pSrcDoc, SCTAB nTab,
+ {
+ bool bFound = false;
+ for (SCSIZE i=0; i<nRowCount && !bFound; i++)
+- if ( mpRowHeaders[i] == aTitle )
++ if ( maRowHeaders[i] == aTitle )
+ bFound = true;
+ if (!bFound)
+- lcl_AddString( mpRowHeaders, nRowCount, aTitle );
++ lcl_AddString( maRowHeaders, nRowCount, aTitle );
+ }
+ }
+ }
+@@ -289,7 +274,8 @@ void ScConsData::AddName( const OUString& rName )
+
+ if (bReference)
+ {
+- lcl_AddString( mpTitles, nTitleCount, rName );
++ maTitles.push_back( rName);
++ size_t nTitleCount = maTitles.size();
+
+ for (nArrY=0; nArrY<nRowCount; nArrY++)
+ {
+@@ -528,7 +514,7 @@ void ScConsData::AddData( ScDocument* pSrcDoc, SCTAB nTab,
+ {
+ bool bFound = false;
+ for (SCSIZE i=0; i<nColCount && !bFound; i++)
+- if ( mpColHeaders[i] == aTitle )
++ if ( maColHeaders[i] == aTitle )
+ {
+ nPos = static_cast<SCCOL>(i);
+ bFound = true;
+@@ -549,7 +535,7 @@ void ScConsData::AddData( ScDocument* pSrcDoc, SCTAB nTab,
+ {
+ bool bFound = false;
+ for (SCSIZE i=0; i<nRowCount && !bFound; i++)
+- if ( mpRowHeaders[i] == aTitle )
++ if ( maRowHeaders[i] == aTitle )
+ {
+ nPos = static_cast<SCROW>(i);
+ bFound = true;
+@@ -661,10 +647,10 @@ void ScConsData::OutputToDocument( ScDocument* pDestDoc, SCCOL nCol, SCROW nRow,
+
+ if (bColByName)
+ for (SCSIZE i=0; i<nColCount; i++)
+- pDestDoc->SetString( sal::static_int_cast<SCCOL>(nStartCol+i), nRow, nTab, mpColHeaders[i] );
++ pDestDoc->SetString( sal::static_int_cast<SCCOL>(nStartCol+i), nRow, nTab, maColHeaders[i] );
+ if (bRowByName)
+ for (SCSIZE j=0; j<nRowCount; j++)
+- pDestDoc->SetString( nCol, sal::static_int_cast<SCROW>(nStartRow+j), nTab, mpRowHeaders[j] );
++ pDestDoc->SetString( nCol, sal::static_int_cast<SCROW>(nStartRow+j), nTab, maRowHeaders[j] );
+
+ nCol = nStartCol;
+ nRow = nStartRow;
+@@ -774,7 +760,7 @@ void ScConsData::OutputToDocument( ScDocument* pDestDoc, SCCOL nCol, SCROW nRow,
+
+ // Zwischentitel
+
+- if (ppTitlePos && mpTitles && mpRowHeaders)
++ if (ppTitlePos && !maTitles.empty() && !maRowHeaders.empty())
+ {
+ OUString aDelim( " / " );
+ for (SCSIZE nPos=0; nPos<nDataCount; nPos++)
+@@ -786,9 +772,9 @@ void ScConsData::OutputToDocument( ScDocument* pDestDoc, SCCOL nCol, SCROW nRow,
+ bDo = false; // leer
+ if ( bDo && nTPos < nNeeded )
+ {
+- aString = mpRowHeaders[nArrY];
++ aString = maRowHeaders[nArrY];
+ aString += aDelim;
+- aString += mpTitles[nPos];
++ aString += maTitles[nPos];
+ pDestDoc->SetString( nCol-1, nRow+nArrY+nTPos, nTab, aString );
+ }
+ }
+
+--------------erAck-patch-parts--
+
+
diff --git a/libreoffice.spec b/libreoffice.spec
index be01ea9..4e7a3c7 100644
--- a/libreoffice.spec
+++ b/libreoffice.spec
@@ -37,7 +37,7 @@ Summary: Free Software Productivity Suite
Name: libreoffice
Epoch: 1
Version: %{libo_version}.2
-Release: 6%{?libo_prerelease}%{?dist}
+Release: 7%{?libo_prerelease}%{?dist}
License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and Artistic and MPLv2.0
Group: Applications/Productivity
URL: http://www.libreoffice.org/
@@ -302,6 +302,7 @@ Patch41: 0001-Resolves-rhbz-1092589-Thoroughly-check-whether-JRE-i.patch
Patch42: 0001-center-slide-after-changing-zoom.patch
Patch43: 0001-add-a-status-bar-icon-to-fit-slide-to-window.patch
Patch44: 0001-Related-fdo-50697-reset-the-cache-timeout-on-GetGrap.patch
+Patch45: 0001-resolve-fdo-77509-memory-corruption-crash-in-Consoli.patch
%define instdir %{_libdir}
%define baseinstdir %{instdir}/libreoffice
@@ -2265,6 +2266,9 @@ update-desktop-database %{_datadir}/applications &> /dev/null || :
%endif
%changelog
+* Fri May 09 2014 Eike Rathke <erack at redhat.com> - 1:4.2.4.2-7
+- Resolves: fdo#77509 memory corruption / crash in Consolidate
+
* Thu May 08 2014 Caolán McNamara <caolanm at redhat.com> - 1:4.2.4.2-6
- center current slide after changing zoom
- add a status bar icon to fit slide to window
More information about the scm-commits
mailing list