oox/source/drawingml/diagram/diagramlayoutatoms.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit ae4a69d7559a537e86630b2890d28b0d8f6f47d0
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Fri Jul 31 22:31:11 2020 +0200
Commit: Stephan Bergmann <sberg...@redhat.com>
CommitDate: Sat Aug 1 08:20:46 2020 +0200
Avoid UBSan signed-integer-overflow
...during CppunitTest_sd_import_tests_smartart:
> oox/source/drawingml/diagram/diagramlayoutatoms.cxx:656:50: runtime
error: signed integer overflow: 1924451 - -2147483647 cannot be represented in
type 'int'
> #0 in
oox::drawingml::AlgAtom::layoutShape(std::shared_ptr<oox::drawingml::Shape>
const&, std::__debug::vector<oox::drawingml::Constraint,
std::allocator<oox::drawingml::Constraint> > const&,
std::__debug::vector<oox::drawingml::Rule, std::allocator<oox::drawingml::Rule>
> const&) at oox/source/drawingml/diagram/diagramlayoutatoms.cxx:656:50
> #1 in
oox::drawingml::ShapeLayoutingVisitor::visit(oox::drawingml::AlgAtom&) at
oox/source/drawingml/diagram/layoutatomvisitors.cxx:202:19
> #2 in
oox::drawingml::AlgAtom::accept(oox::drawingml::LayoutAtomVisitor&) at
oox/source/drawingml/diagram/diagramlayoutatoms.cxx:386:14
> #3 in
oox::drawingml::LayoutAtomVisitorBase::defaultVisit(oox::drawingml::LayoutAtom
const&) at oox/source/drawingml/diagram/layoutatomvisitorbase.cxx:32:16
> #4 in
oox::drawingml::ShapeLayoutingVisitor::visit(oox::drawingml::LayoutNode&) at
oox/source/drawingml/diagram/layoutatomvisitors.cxx:243:5
> #5 in
oox::drawingml::LayoutNode::accept(oox::drawingml::LayoutAtomVisitor&) at
oox/source/drawingml/diagram/diagramlayoutatoms.cxx:1452:14
> #6 in
oox::drawingml::LayoutAtomVisitorBase::defaultVisit(oox::drawingml::LayoutAtom
const&) at oox/source/drawingml/diagram/layoutatomvisitorbase.cxx:32:16
> #7 in
oox::drawingml::ShapeLayoutingVisitor::visit(oox::drawingml::LayoutNode&) at
oox/source/drawingml/diagram/layoutatomvisitors.cxx:245:5
> #8 in
oox::drawingml::LayoutNode::accept(oox::drawingml::LayoutAtomVisitor&) at
oox/source/drawingml/diagram/diagramlayoutatoms.cxx:1452:14
> #9 in
oox::drawingml::LayoutAtomVisitorBase::visit(oox::drawingml::ForEachAtom&) at
oox/source/drawingml/diagram/layoutatomvisitorbase.cxx:98:20
> #10 in
oox::drawingml::ForEachAtom::accept(oox::drawingml::LayoutAtomVisitor&) at
oox/source/drawingml/diagram/diagramlayoutatoms.cxx:167:14
> #11 in
oox::drawingml::LayoutAtomVisitorBase::defaultVisit(oox::drawingml::LayoutAtom
const&) at oox/source/drawingml/diagram/layoutatomvisitorbase.cxx:32:16
> #12 in
oox::drawingml::ShapeLayoutingVisitor::visit(oox::drawingml::LayoutNode&) at
oox/source/drawingml/diagram/layoutatomvisitors.cxx:245:5
> #13 in
oox::drawingml::LayoutNode::accept(oox::drawingml::LayoutAtomVisitor&) at
oox/source/drawingml/diagram/diagramlayoutatoms.cxx:1452:14
> #14 in
oox::drawingml::Diagram::addTo(std::shared_ptr<oox::drawingml::Shape> const&)
at oox/source/drawingml/diagram/diagram.cxx:122:30
> #15 in
oox::drawingml::loadDiagram(std::shared_ptr<oox::drawingml::Shape> const&,
oox::core::XmlFilterBase&, rtl::OUString const&, rtl::OUString const&,
rtl::OUString const&, rtl::OUString const&, oox::core::Relations const&) at
oox/source/drawingml/diagram/diagram.cxx:356:15
> #16 in oox::drawingml::DiagramGraphicDataContext::onCreateContext(int,
oox::AttributeList const&) at oox/source/drawingml/graphicshapecontext.cxx:252:9
> #17 in non-virtual thunk to
oox::drawingml::DiagramGraphicDataContext::onCreateContext(int,
oox::AttributeList const&) at oox/source/drawingml/graphicshapecontext.cxx
> #18 in oox::core::ContextHandler2Helper::implCreateChildContext(int,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList>
const&) at oox/source/core/contexthandler2.cxx:94:34
> #19 in oox::core::ContextHandler2::createFastChildContext(int,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList>
const&) at oox/source/core/contexthandler2.cxx:191:12
> #20 in non-virtual thunk to
oox::core::ContextHandler2::createFastChildContext(int,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList>
const&) at oox/source/core/contexthandler2.cxx
> #21 in (anonymous namespace)::Entity::startElement((anonymous
namespace)::Event const*) at sax/source/fastparser/fastparser.cxx:432:44
> #22 in sax_fastparser::FastSaxParserImpl::callbackStartElement(unsigned
char const*, unsigned char const*, unsigned char const*, int, unsigned char
const**, int, unsigned char const**) at
sax/source/fastparser/fastparser.cxx:1246:21
> #23 in (anonymous namespace)::call_callbackStartElement(void*, unsigned
char const*, unsigned char const*, unsigned char const*, int, unsigned char
const**, int, int, unsigned char const**) at
sax/source/fastparser/fastparser.cxx:305:18
> #24 in xmlParseStartTag2 at
workdir/UnpackedTarball/libxml2/parser.c:9588:6
> #25 in xmlParseTryOrFinish at
workdir/UnpackedTarball/libxml2/parser.c:11378:14
> #26 in xmlParseChunk__internal_alias at
workdir/UnpackedTarball/libxml2/parser.c:12280:13
> #27 in sax_fastparser::FastSaxParserImpl::parse() at
sax/source/fastparser/fastparser.cxx:1046:21
> #28 in
sax_fastparser::FastSaxParserImpl::parseStream(com::sun::star::xml::sax::InputSource
const&) at sax/source/fastparser/fastparser.cxx:866:9
> #29 in
sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource
const&) at sax/source/fastparser/fastparser.cxx:1369:13
> #30 in
oox::core::FastParser::parseStream(com::sun::star::xml::sax::InputSource
const&, bool) at oox/source/core/fastparser.cxx:121:15
> #31 in
oox::core::FastParser::parseStream(com::sun::star::uno::Reference<com::sun::star::io::XInputStream>
const&, rtl::OUString const&) at oox/source/core/fastparser.cxx:129:5
> #32 in
oox::core::XmlFilterBase::importFragment(rtl::Reference<oox::core::FragmentHandler>
const&, oox::core::FastParser&) at oox/source/core/xmlfilterbase.cxx:402:21
> #33 in
oox::core::XmlFilterBase::importFragment(rtl::Reference<oox::core::FragmentHandler>
const&) at oox/source/core/xmlfilterbase.cxx:331:12
> #34 in
oox::ppt::PresentationFragmentHandler::importSlide(rtl::Reference<oox::core::FragmentHandler>
const&, std::shared_ptr<oox::ppt::SlidePersist> const&) at
oox/source/ppt/presentationfragmenthandler.cxx:610:17
> #35 in oox::ppt::PresentationFragmentHandler::importSlide(unsigned int,
bool, bool) at oox/source/ppt/presentationfragmenthandler.cxx:348:13
> #36 in oox::ppt::PresentationFragmentHandler::finalizeImport() at
oox/source/ppt/presentationfragmenthandler.cxx:499:17
> #37 in oox::core::FragmentHandler2::endDocument() at
oox/source/core/fragmenthandler2.cxx:54:5
> #38 in
sax_fastparser::FastSaxParserImpl::parseStream(com::sun::star::xml::sax::InputSource
const&) at sax/source/fastparser/fastparser.cxx:872:36
> #39 in
sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource
const&) at sax/source/fastparser/fastparser.cxx:1369:13
> #40 in
oox::core::FastParser::parseStream(com::sun::star::xml::sax::InputSource
const&, bool) at oox/source/core/fastparser.cxx:121:15
> #41 in
oox::core::FastParser::parseStream(com::sun::star::uno::Reference<com::sun::star::io::XInputStream>
const&, rtl::OUString const&) at oox/source/core/fastparser.cxx:129:5
> #42 in
oox::core::XmlFilterBase::importFragment(rtl::Reference<oox::core::FragmentHandler>
const&, oox::core::FastParser&) at oox/source/core/xmlfilterbase.cxx:402:21
> #43 in
oox::core::XmlFilterBase::importFragment(rtl::Reference<oox::core::FragmentHandler>
const&) at oox/source/core/xmlfilterbase.cxx:331:12
> #44 in oox::ppt::PowerPointImport::importDocument() at
oox/source/ppt/pptimport.cxx:145:17
> #45 in
oox::core::FilterBase::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) at oox/source/core/filterbase.cxx:485:49
> #46 in
oox::ppt::PowerPointImport::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) at oox/source/ppt/pptimport.cxx:223:24
> #47 in SfxObjectShell::ImportFrom(SfxMedium&,
com::sun::star::uno::Reference<com::sun::star::text::XTextRange> const&) at
sfx2/source/doc/objstor.cxx:2251:34
> #48 in sd::DrawDocShell::ImportFrom(SfxMedium&,
com::sun::star::uno::Reference<com::sun::star::text::XTextRange> const&) at
sd/source/ui/docshell/docshel4.cxx:399:39
> #49 in SfxObjectShell::DoLoad(SfxMedium*) at
sfx2/source/doc/objstor.cxx:738:23
> #50 in SdModelTestBase::loadURL(rtl::OUString const&, int,
std::shared_ptr<SfxAllItemSet>) at sd/qa/unit/sdmodeltestbase.hxx:181:30
> #51 in SdImportTestSmartArt::testText() at
sd/qa/unit/import-tests-smartart.cxx:250:37
As discussed on IRC:
> Jul 31 18:52:58 <vmiklos> sberg: yes, that looks reasonable, clearly the
> expectation is that there is at least one element, in which case that
> nVertMin grows from 0 and nVertMax shrinks from
> std::numeric_limits<sal_Int32>::max()
> Jul 31 18:54:43 <vmiklos> sberg: sounds like i made that mistake in
> acdde3c643fde015214c546b1567727272ea799e, but recently i added a test
that
> now uncovered the problem :)
Change-Id: I0ee11dbab568af788f9e2786c3dca2c1a5e1ee08
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/99902
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
diff --git a/oox/source/drawingml/diagram/diagramlayoutatoms.cxx
b/oox/source/drawingml/diagram/diagramlayoutatoms.cxx
index 2c588e0d716f..2fb4e60d2f2d 100644
--- a/oox/source/drawingml/diagram/diagramlayoutatoms.cxx
+++ b/oox/source/drawingml/diagram/diagramlayoutatoms.cxx
@@ -651,7 +651,7 @@ void AlgAtom::layoutShape(const ShapePtr& rShape, const
std::vector<Constraint>&
}
// See if all vertical space is used or we have to center the
content.
- if (nVertMin >= 0 && nVertMax <= rParent[XML_h])
+ if (nVertMin >= 0 && nVertMin <= nVertMax && nVertMax <=
rParent[XML_h])
{
sal_Int32 nDiff = rParent[XML_h] - (nVertMax - nVertMin);
if (nDiff > 0)
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
