formula/source/core/api/FormulaCompiler.cxx | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
New commits:
commit 58a15b452801f1f6f1b3e9f2fef49a1249538ac5
Author: Luboš Luňák <l.lu...@collabora.com>
AuthorDate: Fri Jul 27 16:59:02 2018 +0200
Commit: Luboš Luňák <l.lu...@collabora.com>
CommitDate: Tue Jul 31 16:01:05 2018 +0200
protect against accessing before the start of pCode in FormulaCompiler
If the expression is bad, such as in sc/qa/.../sheet.fods, 'pCode - 1'
may actually refer before the array of tokens, since nothing has been
added yet. So make that element nullptr. This is a bit hackish, but
checking in every place that pCode is valid seems tedious.
Change-Id: Ia099a50583f60d93a2e20b1f7b5e44b0121a275b
Reviewed-on: https://gerrit.libreoffice.org/58198
Reviewed-by: Michael Meeks <michael.me...@collabora.com>
Tested-by: Jenkins
Reviewed-by: Luboš Luňák <l.lu...@collabora.com>
diff --git a/formula/source/core/api/FormulaCompiler.cxx
b/formula/source/core/api/FormulaCompiler.cxx
index 8e79e5ca68dd..c22f9edbdbe1 100644
--- a/formula/source/core/api/FormulaCompiler.cxx
+++ b/formula/source/core/api/FormulaCompiler.cxx
@@ -2079,7 +2079,12 @@ bool FormulaCompiler::CompileTokenArray()
pArr->DelRPN();
maArrIterator.Reset();
pStack = nullptr;
- FormulaToken* pData[ FORMULA_MAXTOKENS ];
+ FormulaToken* pDataArray[ FORMULA_MAXTOKENS + 1 ];
+ // Code in some places refers to the last token as 'pCode - 1', which
may
+ // point before the first element if the expression is bad. So insert
a dummy
+ // node in that place which will make that token be nullptr.
+ pDataArray[ 0 ] = nullptr;
+ FormulaToken** pData = pDataArray + 1;
pCode = pData;
bool bWasForced = pArr->IsRecalcModeForced();
if ( bWasForced )
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
