external/libnumbertext/EmptyString.patch1 | 13 ++
external/libnumbertext/UnpackedTarball_libnumbertext.mk | 1
external/liborcus/UnpackedTarball_liborcus.mk | 1
external/liborcus/overrun.patch.0 | 63 ++++++++++++
filter/source/xsltfilter/LibXSLTTransformer.hxx | 2
formula/source/core/api/token.cxx | 8 +
oox/source/ole/vbacontrol.cxx | 6 -
sc/inc/document.hxx | 5
sc/qa/extras/scpdfexport.cxx | 16 +++
sc/qa/extras/testdocuments/forcepoint97.xlsx |binary
sc/qa/unit/data/xlsx/forcepoint107.xlsx |binary
sc/qa/unit/filters-test.cxx | 9 +
sc/source/core/data/colorscale.cxx | 6 -
sc/source/core/data/documen2.cxx | 1
sc/source/core/data/documentimport.cxx | 8 +
sc/source/core/data/dpobject.cxx | 11 +-
sc/source/core/data/dptabres.cxx | 12 +-
sc/source/core/data/formulacell.cxx | 6 -
sc/source/filter/orcus/filterdetect.cxx | 8 -
sc/source/filter/xml/XMLCalculationSettingsContext.cxx | 14 +-
sc/source/filter/xml/xmlexprt.cxx | 26 +++--
sc/source/ui/unoobj/chart2uno.cxx | 3
sc/source/ui/view/output2.cxx | 7 +
sfx2/source/appl/appserv.cxx | 6 -
sw/qa/core/data/rtf/pass/forcepoint110.rtf |binary
sw/qa/extras/odfimport/data/forcepoint108.fodt | 67 +++++++++++++
sw/qa/extras/odfimport/odfimport.cxx | 12 ++
sw/source/core/text/porfld.cxx | 3
sw/source/core/text/porfld.hxx | 2
sw/source/core/unocore/unoframe.cxx | 9 +
sw/source/filter/xml/XMLRedlineImportHelper.cxx | 81 ++++++++++++++++
vcl/source/outdev/text.cxx | 2
writerfilter/source/dmapper/DomainMapper_Impl.cxx | 2
33 files changed, 372 insertions(+), 38 deletions(-)
New commits:
commit 72ab21a90d5f91b455648d68cfceef2f205a8dc5
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Aug 26 14:42:32 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:40 2022 +0200
crashtesting: empty brace init of o3tl::enumarray doesn't zero each element
so the stretch used to layout fdo66401-6.docx is random, leading to
sometimes too much stretch for cairo/freetype to handle and the
conversion crashes. A problem since:
commit d51db77c8d87f210785a8a8c6dd875f7bacddb3c
Date: Tue Oct 15 01:57:12 2019 +0300
Remove some memset calls
Replace them with default initialization or calloc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138827
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 3895d4c574ac1b6bf02c493494a034bdc5d0a42e)
Change-Id: I49408eee6c7e36bd9c98cbb10c7f95a57c0f7a11
diff --git a/sw/source/core/text/porfld.cxx b/sw/source/core/text/porfld.cxx
index 5872e5688ba1..ad3acbafefa4 100644
--- a/sw/source/core/text/porfld.cxx
+++ b/sw/source/core/text/porfld.cxx
@@ -1069,6 +1069,9 @@ void SwTextFrame::StopAnimation( OutputDevice* pOut )
*/
SwCombinedPortion::SwCombinedPortion( const OUString &rText )
: SwFieldPortion( rText )
+ , aWidth{ static_cast<sal_uInt16>(0),
+ static_cast<sal_uInt16>(0),
+ static_cast<sal_uInt16>(0) }
, nUpPos(0)
, nLowPos(0)
, nProportion(55)
diff --git a/sw/source/core/text/porfld.hxx b/sw/source/core/text/porfld.hxx
index c8d7b7942ac5..7678298495d7 100644
--- a/sw/source/core/text/porfld.hxx
+++ b/sw/source/core/text/porfld.hxx
@@ -199,7 +199,7 @@ public:
class SwCombinedPortion : public SwFieldPortion
{
sal_uInt16 aPos[6]; // up to six X positions
- o3tl::enumarray<SwFontScript,sal_uInt16> aWidth = {}; // one width for
every scripttype
+ o3tl::enumarray<SwFontScript,sal_uInt16> aWidth; // one width for every
scripttype
SwFontScript aScrType[6]; // scripttype of every character
sal_uInt16 nUpPos; // the Y position of the upper baseline
sal_uInt16 nLowPos; // the Y position of the lower baseline
commit 302f727c35cf409d9e751cd4c3220d14abcc9246
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Mon Aug 15 20:47:13 2022 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:40 2022 +0200
forcepoint#108 sw: prevent creating SwRangeRedline anchored in itself
the SwRangeRedline in frame #8 triggers deleting itself at frame #0
which repeats the DeleteSection attempt which is already in progress
#0 SwRangeRedline::~SwRangeRedline() (this=0x5335300) at
sw/source/core/doc/docredln.cxx:1168
#1 0x00007fffc9b91aab in SwRedlineTable::DeleteAndDestroy(unsigned long)
(this=0x4f388f8, nP=0) at sw/source/core/doc/docredln.cxx:669
#2 0x00007fffc9c8454a in sw::DocumentRedlineManager::DeleteRedline(SwPaM
const&, bool, RedlineType) (this=0x4f388e0, rRange=SwPaM = {...},
bSaveInUndo=true, nDelType=RedlineType::Any)
at sw/source/core/doc/DocumentRedlineManager.cxx:2578
#3 0x00007fffc9c84a2f in
sw::DocumentRedlineManager::DeleteRedline(SwStartNode const&, bool,
RedlineType) (this=0x4f388e0, rNode=..., bSaveInUndo=true,
nDelType=RedlineType::Any)
at sw/source/core/doc/DocumentRedlineManager.cxx:2676
#4 0x00007fffc9c1c57f in
sw::DocumentContentOperationsManager::DeleteSection(SwNode*) (this=0x4f3b460,
pNode=0x5331780) at sw/source/core/doc/DocumentContentOperationsManager.cxx:2092
#5 0x00007fffc9cbfea7 in
sw::DocumentLayoutManager::DelLayoutFormat(SwFrameFormat*) (this=0x4edad40,
pFormat=0x53318b0) at sw/source/core/doc/DocumentLayoutManager.cxx:285
#6 0x00007fffc9a9abd2 in DelFlyInRange(SwNode&, SwNode&, SwContentIndex
const*, SwContentIndex const*) (rMkNd=..., rPtNd=..., pMkIdx=0x0, pPtIdx=0x0)
at sw/source/core/doc/docedt.cxx:254
#7 0x00007fffc9c1c53d in
sw::DocumentContentOperationsManager::DeleteSection(SwNode*) (this=0x4f3b460,
pNode=0x532a1f0) at sw/source/core/doc/DocumentContentOperationsManager.cxx:2091
#8 0x00007fffc9b965f7 in SwRangeRedline::MoveFromSection(unsigned long)
(this=0x5335300, nMyPos=0) at sw/source/core/doc/docredln.cxx:1834
#9 0x00007fffc9b951f8 in SwRangeRedline::Show(unsigned short, unsigned
long, bool) (this=0x5335300, nLoop=1, nMyPos=0, bForced=false) at
sw/source/core/doc/docredln.cxx:1277
#10 0x00007fffc9c7d64b in
sw::DocumentRedlineManager::SetRedlineFlags(RedlineFlags) (this=0x4f388e0,
eMode=RedlineFlags::ShowMask) at
sw/source/core/doc/DocumentRedlineManager.cxx:1149
#11 0x00007fffcb129668 in SwXTextDocument::setPropertyValue(rtl::OUString
const&, com::sun::star::uno::Any const&) (this=0x4f52730,
rPropertyName="ShowChanges", aValue=uno::Any("boolean": 1 '\001'))
at sw/source/uibase/uno/unotxdoc.cxx:1795
#12 0x00007fffcab7ce8d in
XMLRedlineImportHelper::~XMLRedlineImportHelper() (this=0x52792f0) at
sw/source/filter/xml/XMLRedlineImportHelper.cxx:341
#13 0x00007fffcac2366d in SwXMLTextImportHelper::~SwXMLTextImportHelper()
(this=0x527cae0) at sw/source/filter/xml/xmltexti.cxx:157
#14 0x00007fffcac236a9 in SwXMLTextImportHelper::~SwXMLTextImportHelper()
(this=0x527cae0) at sw/source/filter/xml/xmltexti.cxx:152
#15 0x00007fffea9d5ee2 in salhelper::SimpleReferenceObject::release()
(this=0x527cae0) at include/salhelper/simplereferenceobject.hxx:76
#16 0x00007fffeabc2619 in rtl::Reference<XMLTextImportHelper>::clear()
(this=0x525cd60) at include/rtl/ref.hxx:196
#17 0x00007fffeabb07e0 in SvXMLImport::cleanup() (this=0x525ccd0) at
xmloff/source/core/xmlimp.cxx:458
#18 0x00007fffeabb08bf in SvXMLImport::~SvXMLImport() (this=0x525ccd0) at
xmloff/source/core/xmlimp.cxx:464
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138191
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit a8b3953531035bf93306ed90142c4172cc32ac43)
forcepoint#108 sw: tweak a bit
* the fly-at-fly case didn't work, iteration also skips it
* delete the bad redline section in the nodes array
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138434
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 477e489e71b4a96ff10d9f2d2b802d91dec3e319)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138289
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit 2d16f0639b74bcc9328fbb77f774cf9141d1675b)
Change-Id: I640874df3fd10af935cf05df707d45bea2c9fd6e
diff --git a/sw/qa/extras/odfimport/data/forcepoint108.fodt
b/sw/qa/extras/odfimport/data/forcepoint108.fodt
new file mode 100644
index 000000000000..4328ea65f61d
--- /dev/null
+++ b/sw/qa/extras/odfimport/data/forcepoint108.fodt
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<office:document
xmlns:office="urn:oasis:names:tc:opendocument:xmlns:office:1.0"
xmlns:style="urn:oasis:names:tc:opendocument:xmlns:style:1.0"
xmlns:text="urn:oasis:names:tc:opendocument:xmlns:text:1.0"
xmlns:table="urn:oasis:names:tc:opendocument:xmlns:table:1.0"
xmlns:draw="urn:oasis:names:tc:opendocument:xmlns:drawing:1.0"
xmlns:fo="urn:oasis:names:tc:opendocument:xmlns:xsl-fo-compatible:1.0"
xmlns:xlink="http://www.w3.org/1999/xlink";
xmlns:dc="http://purl.org/dc/elements/1.1/";
xmlns:meta="urn:oasis:names:tc:opendocument:xmlns:meta:1.0"
xmlns:number="urn:oasis:names:tc:opendocument:xmlns:datastyle:1.0"
xmlns:svg="urn:oasis:names:tc:opendocument:xmlns:svg-compatible:1.0"
xmlns:chart="urn:oasis:names:tc:opendocument:xmlns:chart:1.0"
xmlns:dr3d="urn:oasis:names:tc:opendocument:xmlns:dr3d:1.0"
xmlns:math="http://www.w3.org/1998/Math/MathML";
xmlns:form="urn:oasis:names:tc:opendocument:xmlns:form:1.0"
xmlns:script="urn:oasis:names:tc:opendocument:xmlns:script:1.0"
xmlns:config="urn:oas
is:names:tc:opendocument:xmlns:config:1.0"
xmlns:ooo="http://openoffice.org/2004/office";
xmlns:ooow="http://openoffice.org/2004/writer";
xmlns:oooc="http://openoffice.org/2004/calc";
xmlns:dom="http://www.w3.org/2001/xml-events";
xmlns:xforms="http://www.w3.org/2002/xforms";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:rpt="http://openoffice.org/2005/report";
xmlns:of="urn:oasis:names:tc:opendocument:xmlns:of:1.2"
xmlns:xhtml="http://www.w3.org/1999/xhtml";
xmlns:grddl="http://www.w3.org/2003/g/data-view#";
xmlns:officeooo="http://openoffice.org/2009/office";
xmlns:tableooo="http://openoffice.org/2009/table";
xmlns:drawooo="http://openoffice.org/2010/draw";
xmlns:calcext="urn:org:documentfoundation:names:experimental:calc:xmlns:calcext:1.0"
xmlns:loext="urn:org:documentfoundation:names:experimental:office:xmlns:loext:1.0"
xmlns:field="urn:openoffice:names:experimental:ooo-ms-interop:xmlns:field:1.0"
xmlns:formx="urn:openoffice:names:
experimental:ooxml-odf-interop:xmlns:form:1.0"
xmlns:css3t="http://www.w3.org/TR/css3-text/"; office:version="1.2"
office:mimetype="application/vnd.oasis.opendocument.text">
+ <office:meta><meta:initial-creator>ms
</meta:initial-creator><meta:creation-date>2015-08-24T21:49:45.305718699</meta:creation-date><meta:document-statistic
meta:table-count="0" meta:image-count="0" meta:object-count="0"
meta:page-count="1" meta:paragraph-count="0" meta:word-count="0"
meta:character-count="0"
meta:non-whitespace-character-count="0"/><meta:generator>LibreOfficeDev/4.3.7.2$Linux_X86_64
LibreOffice_project/8a35821d8636a03b8bf4e15b48f59794652c68ba</meta:generator></office:meta>
+ <office:font-face-decls>
+ <style:font-face style:name="Lohit Devanagari1" svg:font-family="'Lohit
Devanagari'"/>
+ <style:font-face style:name="Liberation Serif"
svg:font-family="'Liberation Serif'"
style:font-family-generic="roman" style:font-pitch="variable"/>
+ <style:font-face style:name="Liberation Sans"
svg:font-family="'Liberation Sans'" style:font-family-generic="swiss"
style:font-pitch="variable"/>
+ <style:font-face style:name="Lohit Devanagari" svg:font-family="'Lohit
Devanagari'" style:font-family-generic="system"
style:font-pitch="variable"/>
+ <style:font-face style:name="Source Han Sans CN Regular"
svg:font-family="'Source Han Sans CN Regular'"
style:font-family-generic="system" style:font-pitch="variable"/>
+ </office:font-face-decls>
+ <office:styles>
+ <style:default-style style:family="graphic">
+ <style:graphic-properties svg:stroke-color="#3465a4"
draw:fill-color="#729fcf" fo:wrap-option="no-wrap" draw:shadow-offset-x="0.3cm"
draw:shadow-offset-y="0.3cm" draw:start-line-spacing-horizontal="0.283cm"
draw:start-line-spacing-vertical="0.283cm"
draw:end-line-spacing-horizontal="0.283cm"
draw:end-line-spacing-vertical="0.283cm" style:flow-with-text="false"/>
+ <style:paragraph-properties style:text-autospace="ideograph-alpha"
style:line-break="strict" style:writing-mode="lr-tb"
style:font-independent-line-spacing="false">
+ <style:tab-stops/>
+ </style:paragraph-properties>
+ <style:text-properties style:use-window-font-color="true"
style:font-name="Liberation Serif" fo:font-size="12pt" fo:language="de"
fo:country="DE" style:letter-kerning="true" style:font-name-asian="Source Han
Sans CN Regular" style:font-size-asian="10.5pt" style:language-asian="zh"
style:country-asian="CN" style:font-name-complex="Lohit Devanagari"
style:font-size-complex="12pt" style:language-complex="hi"
style:country-complex="IN"/>
+ </style:default-style>
+ <style:default-style style:family="paragraph">
+ <style:paragraph-properties fo:hyphenation-ladder-count="no-limit"
style:text-autospace="ideograph-alpha" style:punctuation-wrap="hanging"
style:line-break="strict" style:tab-stop-distance="1.251cm"
style:writing-mode="page"/>
+ <style:text-properties style:use-window-font-color="true"
style:font-name="Liberation Serif" fo:font-size="12pt" fo:language="de"
fo:country="DE" style:letter-kerning="true" style:font-name-asian="Source Han
Sans CN Regular" style:font-size-asian="10.5pt" style:language-asian="zh"
style:country-asian="CN" style:font-name-complex="Lohit Devanagari"
style:font-size-complex="12pt" style:language-complex="hi"
style:country-complex="IN" fo:hyphenate="false"
fo:hyphenation-remain-char-count="2" fo:hyphenation-push-char-count="2"/>
+ </style:default-style>
+ <style:default-style style:family="table">
+ <style:table-properties table:border-model="collapsing"/>
+ </style:default-style>
+ <style:default-style style:family="table-row">
+ <style:table-row-properties fo:keep-together="auto"/>
+ </style:default-style>
+ <style:style style:name="Standard" style:family="paragraph"
style:class="text"/>
+ </office:styles>
+ <office:automatic-styles>
+ <style:page-layout style:name="pm1">
+ <style:page-layout-properties fo:page-width="21.001cm"
fo:page-height="29.7cm" style:num-format="1" style:print-orientation="portrait"
fo:margin-top="2cm" fo:margin-bottom="2cm" fo:margin-left="2cm"
fo:margin-right="2cm" style:writing-mode="lr-tb"
style:footnote-max-height="0cm">
+ <style:footnote-sep style:width="0.018cm"
style:distance-before-sep="0.101cm" style:distance-after-sep="0.101cm"
style:line-style="solid" style:adjustment="left" style:rel-width="25%"
style:color="#000000"/>
+ </style:page-layout-properties>
+ <style:header-style/>
+ <style:footer-style/>
+ </style:page-layout>
+
+ <style:style style:name="P1" style:family="paragraph"
style:parent-style-name="Standard">
+ <style:text-properties officeooo:rsid="000b01fe"
officeooo:paragraph-rsid="000b01fe"/>
+ </style:style>
+ <style:style style:name="P2" style:family="paragraph"
style:parent-style-name="Standard">
+ <style:text-properties officeooo:rsid="000b01fe"
officeooo:paragraph-rsid="000b01fe"/>
+ </style:style>
+ <style:style style:name="fr1" style:family="graphic"
style:parent-style-name="Frame">
+ <style:graphic-properties style:vertical-pos="top"
style:vertical-rel="paragraph-content" style:horizontal-pos="center"
style:horizontal-rel="paragraph"/>
+ </style:style>
+ </office:automatic-styles>
+ <office:master-styles>
+ <style:master-page style:name="Standard" style:page-layout-name="pm1"/>
+ </office:master-styles>
+ <office:body>
+ <office:text>
+
+ <text:tracked-changes>
+ <text:changed-region xml:id="ct58510944" text:id="ct58510944">
+ <text:deletion>
+ <office:change-info>
+ <dc:creator>ms </dc:creator>
+ <dc:date>2015-09-10T15:36:00</dc:date>
+ </office:change-info>
+ <text:p text:style-name="P1"><draw:frame draw:style-name="fr1"
draw:name="Frame1" text:anchor-type="char" svg:width="2cm"
draw:z-index="-0"><draw:text-box fo:min-height="1.158cm"><text:p
text:style-name="P1">foo<text:change text:change-id="ct58510944"/></text:p>
+
+ </office:text>
+ </office:body>
diff --git a/sw/qa/extras/odfimport/odfimport.cxx
b/sw/qa/extras/odfimport/odfimport.cxx
index 27e1809eaeff..c14a4ac60c87 100644
--- a/sw/qa/extras/odfimport/odfimport.cxx
+++ b/sw/qa/extras/odfimport/odfimport.cxx
@@ -39,10 +39,12 @@
typedef std::map<OUString, css::uno::Sequence< css::table::BorderLine> >
AllBordersMap;
typedef std::pair<OUString, css::uno::Sequence< css::table::BorderLine> >
StringSequencePair;
+char const DATA_DIRECTORY[] = "/sw/qa/extras/odfimport/data/";
+
class Test : public SwModelTestBase
{
public:
- Test() : SwModelTestBase("/sw/qa/extras/odfimport/data/", "writer8") {}
+ Test() : SwModelTestBase(DATA_DIRECTORY, "writer8") {}
};
DECLARE_ODFIMPORT_TEST(testEmptySvgFamilyName, "empty-svg-family-name.odt")
@@ -1000,5 +1002,13 @@ DECLARE_ODFIMPORT_TEST(testTdf133459, "tdf133459.odt")
CPPUNIT_ASSERT_EQUAL(OUString("QQ YYYY"), getProperty<OUString>(xFormat,
"FormatString"));
}
+// just care that it doesn't crash/assert
+CPPUNIT_TEST_FIXTURE(Test, testForcepoint108)
+{
+ //load would assert because it fails to load entirely, like
testMathMalformedXml
+ OUString aURL = m_directories.getURLFromSrc(DATA_DIRECTORY) +
"forcepoint108.fodt";
+ mxComponent = mxDesktop->loadComponentFromURL(aURL, "_default", 0, {});
+}
+
CPPUNIT_PLUGIN_IMPLEMENT();
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/sw/source/filter/xml/XMLRedlineImportHelper.cxx
b/sw/source/filter/xml/XMLRedlineImportHelper.cxx
index bfd4e488fcb8..0a0c75bc9816 100644
--- a/sw/source/filter/xml/XMLRedlineImportHelper.cxx
+++ b/sw/source/filter/xml/XMLRedlineImportHelper.cxx
@@ -33,6 +33,9 @@
#include <IDocumentStylePoolAccess.hxx>
#include <tools/datetime.hxx>
#include <poolfmt.hxx>
+#include <fmtanchr.hxx>
+#include <ftnidx.hxx>
+#include <txtftn.hxx>
#include <unoredline.hxx>
#include <DocumentRedlineManager.hxx>
#include "xmlimp.hxx"
@@ -571,6 +574,73 @@ inline bool XMLRedlineImportHelper::IsReady(const
RedlineInfo* pRedline)
!pRedline->bNeedsAdjustment );
}
+/// recursively check if rPos or its anchor (if in fly or footnote) is in
redline section
+static auto RecursiveContains(SwStartNode const& rRedlineSection, SwNode
const& rPos) -> bool
+{
+ if (rRedlineSection.GetIndex() <= rPos.GetIndex()
+ && rPos.GetIndex() <= rRedlineSection.EndOfSectionIndex())
+ {
+ return true;
+ }
+ // loop to iterate "up" in the node tree and find an anchored XText
+ for (SwStartNode const* pStartNode = rPos.StartOfSectionNode();
+ pStartNode != nullptr && pStartNode->GetIndex() != 0;
+ pStartNode = pStartNode->StartOfSectionNode())
+ {
+ switch (pStartNode->GetStartNodeType())
+ {
+ case SwNormalStartNode:
+ case SwTableBoxStartNode:
+ continue;
+ break;
+ case SwFlyStartNode:
+ {
+ SwFrameFormat const*const pFormat(pStartNode->GetFlyFormat());
+ assert(pFormat);
+ SwFormatAnchor const& rAnchor(pFormat->GetAnchor());
+ if (rAnchor.GetAnchorId() == RndStdIds::FLY_AT_PAGE)
+ {
+ return false;
+ }
+ else if (rAnchor.GetAnchorId() == RndStdIds::FLY_AT_FLY)
+ { // anchor is on a start node, avoid skipping it:
+ pStartNode =
rAnchor.GetContentAnchor()->nNode.GetNode().GetStartNode();
+ assert(pStartNode);
+ // pass the next node to recursive call - it will call
+ // call StartOfSectionNode on it and go back to pStartNode
+ SwNodeIndex const next(*pStartNode, +1);
+ return RecursiveContains(rRedlineSection, next.GetNode());
+ }
+ else
+ {
+ return RecursiveContains(rRedlineSection,
rAnchor.GetContentAnchor()->nNode.GetNode());
+ }
+ }
+ break;
+ case SwFootnoteStartNode:
+ { // sigh ... need to search
+ for (SwTextFootnote const*const pFootnote :
rRedlineSection.GetDoc()->GetFootnoteIdxs())
+ {
+ if (pStartNode ==
pFootnote->GetStartNode()->GetNode().GetStartNode())
+ {
+ return RecursiveContains(rRedlineSection,
pFootnote->GetTextNode());
+ }
+ }
+ assert(false);
+ }
+ break;
+ case SwHeaderStartNode:
+ case SwFooterStartNode:
+ return false; // headers aren't anchored
+ break;
+ default:
+ assert(false);
+ break;
+ }
+ }
+ return false;
+}
+
void XMLRedlineImportHelper::InsertIntoDocument(RedlineInfo* pRedlineInfo)
{
OSL_ENSURE(nullptr != pRedlineInfo, "need redline info");
@@ -649,6 +719,17 @@ void
XMLRedlineImportHelper::InsertIntoDocument(RedlineInfo* pRedlineInfo)
}
}
}
+ else if (pRedlineInfo->pContentIndex != nullptr
+ // should be enough to check 1 position of aPaM bc CheckNodesRange()
above
+ &&
RecursiveContains(*pRedlineInfo->pContentIndex->GetNode().GetStartNode(),
aPaM.GetPoint()->nNode.GetNode()))
+ {
+ SAL_WARN("sw.xml", "Recursive change tracking, removing");
+ // reuse aPaM to remove it from nodes that will be deleted
+ *aPaM.GetPoint() = SwPosition(pRedlineInfo->pContentIndex->GetNode());
+ aPaM.SetMark();
+ *aPaM.GetMark() =
SwPosition(*pRedlineInfo->pContentIndex->GetNode().EndOfSectionNode());
+ pDoc->getIDocumentContentOperations().DeleteRange(aPaM);
+ }
else
{
// regular file loading: insert redline
commit 8191a421d4df18261b2a8d473c91067b982ffe35
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Aug 16 16:18:51 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:40 2022 +0200
forcepoint#110 set PaMs to somewhere safe to park
Change-Id: I4dbf27d67b74ff99583dad46a5448700f133c2f5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138371
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit d9655727ac688753ea12aaedc09a006134dd4a13)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/138292
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
(cherry picked from commit 6a26be4102e2e80bca4138fb0bdbb38cae90cbc8)
diff --git a/sw/qa/core/data/rtf/pass/forcepoint110.rtf
b/sw/qa/core/data/rtf/pass/forcepoint110.rtf
new file mode 100644
index 000000000000..b7594ff6b622
Binary files /dev/null and b/sw/qa/core/data/rtf/pass/forcepoint110.rtf differ
diff --git a/sw/source/core/unocore/unoframe.cxx
b/sw/source/core/unocore/unoframe.cxx
index e2e5c9411715..e5ced2a27fd0 100644
--- a/sw/source/core/unocore/unoframe.cxx
+++ b/sw/source/core/unocore/unoframe.cxx
@@ -2771,8 +2771,13 @@ void
SwXFrame::attachToRange(uno::Reference<text::XTextRange> const& xTextRange,
aFrameSet.Put( SwFormatAnchor( RndStdIds::FLY_AT_PAGE, 1 ));
}
- aPam.DeleteMark(); // mark position node will be deleted!
- aIntPam.DeleteMark(); // mark position node will be deleted!
+ // park these no longer needed PaMs somewhere safe so
MakeFlyAndMove
+ // can delete what it likes without any assert these are pointing
to
+ // that content
+ aPam.DeleteMark();
+ aIntPam.DeleteMark();
+ *aPam.GetPoint() = *aIntPam.GetPoint() =
SwPosition(pDoc->GetNodes());
+
pFormat = pDoc->MakeFlyAndMove( *pCopySource, aFrameSet,
nullptr,
pParentFrameFormat );
commit 64c75bd32df6527e1db00d6be41a04b92e065cd2
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Aug 6 15:35:29 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:40 2022 +0200
crashtesting: keep a reference to the passed in LibXSLTTransformer
otherwise, as seen with:
soffice --headless --convert-to docx forum-mso-de-42789.docx
and error will notify the other thread that the load has ended and the
other thread will destroy the passed in LibXSLTTransformer early while
this thread assumes it continues to exist
Change-Id: Ieea9ecc3439ea73cd0433e5e12b87811906c49aa
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137819
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit fafe00bb7d72d6d4bec663b40a4cd92e50f33f0f)
diff --git a/filter/source/xsltfilter/LibXSLTTransformer.hxx
b/filter/source/xsltfilter/LibXSLTTransformer.hxx
index d646d5dbfc43..1de16c81e60c 100644
--- a/filter/source/xsltfilter/LibXSLTTransformer.hxx
+++ b/filter/source/xsltfilter/LibXSLTTransformer.hxx
@@ -68,7 +68,7 @@ namespace XSLT
static const sal_Int32 OUTPUT_BUFFER_SIZE;
static const sal_Int32 INPUT_BUFFER_SIZE;
- LibXSLTTransformer* m_transformer;
+ rtl::Reference<LibXSLTTransformer> m_transformer;
Sequence<sal_Int8> m_readBuf;
Sequence<sal_Int8> m_writeBuf;
commit f0341ad0032dba83ccd8d042b016f9beab1b1e14
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Aug 2 11:52:23 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:39 2022 +0200
crashtesting: assert on export of forum-mso-en3-17256.xlsx to ods
a lang::IllegalArgumentException is thrown on seeing myEB_Y_Pos
and the xml tags become unbalanced
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137612
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit ecf0074b1582842620ce9057a27fbe10f1812b61)
Change-Id: I2bd65933c572d7bd1d1ade699fcef21a63a85e9f
diff --git a/sc/source/filter/xml/xmlexprt.cxx
b/sc/source/filter/xml/xmlexprt.cxx
index 2d16318bac7e..b9988c508556 100644
--- a/sc/source/filter/xml/xmlexprt.cxx
+++ b/sc/source/filter/xml/xmlexprt.cxx
@@ -109,6 +109,7 @@
#include <rtl/ustring.hxx>
#include <tools/color.hxx>
+#include <tools/diagnose_ex.h>
#include <rtl/math.hxx>
#include <svl/zforlist.hxx>
#include <svx/unoshape.hxx>
@@ -3404,16 +3405,23 @@ void ScXMLExport::ExportShape(const uno::Reference <
drawing::XShape >& xShape,
uno::Sequence< OUString > aRepresentations(
xReceiver->getUsedRangeRepresentations());
SvXMLAttributeList* pAttrList = nullptr;
- if(aRepresentations.hasElements())
+ try
{
- // add the ranges used by the chart to the
shape
- // element to be able to start listening
after
- // load (when the chart is not yet loaded)
- uno::Reference<
chart2::data::XRangeXMLConversion > xRangeConverter(
xChartDoc->getDataProvider(), uno::UNO_QUERY );
- sRanges = lcl_RangeSequenceToString(
aRepresentations, xRangeConverter );
- pAttrList = new SvXMLAttributeList();
- pAttrList->AddAttribute(
- GetNamespaceMap().GetQNameByKey(
XML_NAMESPACE_DRAW, GetXMLToken(XML_NOTIFY_ON_UPDATE_OF_RANGES) ), sRanges );
+ if (aRepresentations.hasElements())
+ {
+ // add the ranges used by the chart to
the shape
+ // element to be able to start
listening after
+ // load (when the chart is not yet
loaded)
+ uno::Reference<
chart2::data::XRangeXMLConversion > xRangeConverter(
xChartDoc->getDataProvider(), uno::UNO_QUERY );
+ sRanges = lcl_RangeSequenceToString(
aRepresentations, xRangeConverter );
+ pAttrList = new SvXMLAttributeList();
+ pAttrList->AddAttribute(
+ GetNamespaceMap().GetQNameByKey(
XML_NAMESPACE_DRAW, GetXMLToken(XML_NOTIFY_ON_UPDATE_OF_RANGES) ), sRanges );
+ }
+ }
+ catch (const lang::IllegalArgumentException&)
+ {
+ TOOLS_WARN_EXCEPTION("sc", "Exception in
lcl_RangeSequenceToString - invalid range?");
}
GetShapeExport()->exportShape(xShape,
SEF_DEFAULT, pPoint, pAttrList);
}
diff --git a/sc/source/ui/unoobj/chart2uno.cxx
b/sc/source/ui/unoobj/chart2uno.cxx
index 8916ee2cf09d..1db8aa750063 100644
--- a/sc/source/ui/unoobj/chart2uno.cxx
+++ b/sc/source/ui/unoobj/chart2uno.cxx
@@ -2165,7 +2165,10 @@ OUString SAL_CALL
ScChart2DataProvider::convertRangeToXML( const OUString& sRang
ScRefTokenHelper::compileRangeRepresentation(
aRefTokens, sRangeRepresentation, m_pDocument, cSep,
m_pDocument->GetGrammar(), true);
if (aRefTokens.empty())
+ {
+ SAL_WARN("sc", "convertRangeToXML throw IllegalArgumentException from
input of: " << sRangeRepresentation);
throw lang::IllegalArgumentException();
+ }
Tokens2RangeStringXML converter(m_pDocument);
converter = ::std::for_each(aRefTokens.begin(), aRefTokens.end(),
converter);
commit 37a4aeb8d8dd5a6509f23e6aefa749c750daa18f
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Jun 21 10:38:30 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:39 2022 +0200
forcepoint#107: ensure to be deleted formulas are unshared first
Change-Id: I32cee0a22616e96d85c59d76319a6f6074fcde8b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136228
Tested-by: Jenkins
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit 31c05349320aceb056d61e4ecd06b18fc31509bb)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137185
Reviewed-by: Eike Rathke <er...@redhat.com>
(cherry picked from commit a7bf0d61db1343d8af564a2b657def3e17b39b79)
diff --git a/sc/qa/unit/data/xlsx/forcepoint107.xlsx
b/sc/qa/unit/data/xlsx/forcepoint107.xlsx
new file mode 100644
index 000000000000..f5238dcb5c3e
Binary files /dev/null and b/sc/qa/unit/data/xlsx/forcepoint107.xlsx differ
diff --git a/sc/qa/unit/filters-test.cxx b/sc/qa/unit/filters-test.cxx
index 43c3483bb281..33887536e681 100644
--- a/sc/qa/unit/filters-test.cxx
+++ b/sc/qa/unit/filters-test.cxx
@@ -79,6 +79,7 @@ public:
void testSortWithSheetExternalReferencesODS_Impl( ScDocShellRef const &
xDocShRef, SCROW nRow1, SCROW nRow2,
bool bCheckRelativeInSheet );
void testSortWithFormattingXLS();
+ void testForcepoint107();
CPPUNIT_TEST_SUITE(ScFiltersTest);
CPPUNIT_TEST(testCVEs);
@@ -104,6 +105,7 @@ public:
CPPUNIT_TEST(testSortWithSharedFormulasODS);
CPPUNIT_TEST(testSortWithSheetExternalReferencesODS);
CPPUNIT_TEST(testSortWithFormattingXLS);
+ CPPUNIT_TEST(testForcepoint107);
CPPUNIT_TEST_SUITE_END();
@@ -845,6 +847,13 @@ void ScFiltersTest::testSortWithFormattingXLS()
xDocSh->DoClose();
}
+// just needs to not crash on recalc
+void ScFiltersTest::testForcepoint107()
+{
+ ScDocShellRef xDocSh = loadDoc(u"forcepoint107.", FORMAT_XLSX, true);
+ xDocSh->DoHardRecalc();
+}
+
ScFiltersTest::ScFiltersTest()
: ScBootstrapFixture( "sc/qa/unit/data" )
, mbUpdateReferenceOnSort(false)
diff --git a/sc/source/core/data/documentimport.cxx
b/sc/source/core/data/documentimport.cxx
index 739a62d553ca..948784c7157e 100644
--- a/sc/source/core/data/documentimport.cxx
+++ b/sc/source/core/data/documentimport.cxx
@@ -380,6 +380,14 @@ void ScDocumentImport::setFormulaCell(const ScAddress&
rPos, ScFormulaCell* pCel
mpImpl->mrDoc.CheckLinkFormulaNeedingCheck( *pCell->GetCode());
sc::CellStoreType& rCells = pTab->aCol[rPos.Col()].maCells;
+
+ sc::CellStoreType::position_type aPos = rCells.position(rPos.Row());
+ if (aPos.first != rCells.end() && aPos.first->type ==
sc::element_type_formula)
+ {
+ ScFormulaCell* p = sc::formula_block::at(*aPos.first->data,
aPos.second);
+ sc::SharedFormulaUtil::unshareFormulaCell(aPos, *p);
+ }
+
pBlockPos->miCellPos =
rCells.set(pBlockPos->miCellPos, rPos.Row(), pCell);
}
diff --git a/sc/source/core/data/formulacell.cxx
b/sc/source/core/data/formulacell.cxx
index 6cb60886d165..656ad813093c 100644
--- a/sc/source/core/data/formulacell.cxx
+++ b/sc/source/core/data/formulacell.cxx
@@ -939,6 +939,9 @@ ScFormulaCell::~ScFormulaCell()
if (!mxGroup || !mxGroup->mpCode)
// Formula token is not shared.
delete pCode;
+
+ if (mxGroup && mxGroup->mpTopCell == this)
+ mxGroup->mpTopCell = nullptr;
}
ScFormulaCell* ScFormulaCell::Clone() const
commit fa705b5d3e4ee658299ee658f6a8f47a4e22c612
Author: Eike Rathke <er...@redhat.com>
AuthorDate: Thu Jun 30 01:38:43 2022 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:39 2022 +0200
crashtesting: assert on reexport to ods of forum-it-7248.ods
source document available from:
https://forum.openoffice.org/it/forum/download/file.php?id=7248
The actual cause is already a bad
<table:null-date table:date-value="0000-00-00"/>
imported unchecked. For this, sax::Converter::parseDateTime()
returns a success value, just use it..
If bad keep the default NullDate.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136611
Reviewed-by: Eike Rathke <er...@redhat.com>
Tested-by: Jenkins
(cherry picked from commit 626458eaec9a1c6ef2c29fd25dc5612d3dd1555c)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136646
(cherry picked from commit a60e3c28dbf561b0d1eb190baf32f06151bf32a0)
Change-Id: If4caa57e302cfe8304e6cb49bf9d330245a97660
diff --git a/sc/source/filter/xml/XMLCalculationSettingsContext.cxx
b/sc/source/filter/xml/XMLCalculationSettingsContext.cxx
index 90c59096e300..01257cf56a6f 100644
--- a/sc/source/filter/xml/XMLCalculationSettingsContext.cxx
+++ b/sc/source/filter/xml/XMLCalculationSettingsContext.cxx
@@ -151,12 +151,14 @@ ScXMLNullDateContext::ScXMLNullDateContext( ScXMLImport&
rImport,
if (aIter != rAttrList->end())
{
util::DateTime aDateTime;
- ::sax::Converter::parseDateTime(aDateTime, aIter.toString());
- util::Date aDate;
- aDate.Day = aDateTime.Day;
- aDate.Month = aDateTime.Month;
- aDate.Year = aDateTime.Year;
- pCalcSet->SetNullDate(aDate);
+ if (::sax::Converter::parseDateTime(aDateTime, aIter.toString()))
+ {
+ util::Date aDate;
+ aDate.Day = aDateTime.Day;
+ aDate.Month = aDateTime.Month;
+ aDate.Year = aDateTime.Year;
+ pCalcSet->SetNullDate(aDate);
+ }
}
}
}
commit 5cecaf1619d59b84f073c89982c4d954c2c3c60e
Author: Noel Grandin <noel.gran...@collabora.co.uk>
AuthorDate: Mon Jun 27 16:30:19 2022 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:39 2022 +0200
tdf#149692 crash importing document with vba forms
This bug appears to date back to
commit a43cc9ec8dde4f311bcf8ff96e6a26d56b2abdcf
Author: Noel Power <noel.po...@suse.com>
Date: Wed Apr 17 17:08:59 2013 +0100
implement MultiPage, Page & TabStrip import for oox
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136500
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.gran...@collabora.co.uk>
(cherry picked from commit a15fe37bf1dc50fcf88cea9c0038b217119671b8)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136472
Reviewed-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit ef79ccd5bbd5fbc0f0c132c4fc5a48fcd1fbbc16)
Change-Id: Ia4784e4c34189f05e516704fa2e2485e4560fa4b
diff --git a/oox/source/ole/vbacontrol.cxx b/oox/source/ole/vbacontrol.cxx
index da61e818c149..cc4969e8251c 100644
--- a/oox/source/ole/vbacontrol.cxx
+++ b/oox/source/ole/vbacontrol.cxx
@@ -441,13 +441,17 @@ void VbaFormControl::importStorage( StorageBase& rStrg,
const AxClassTable& rCla
if ( xPageSiteRef.get() )
idToPage[ xPageSiteRef->getId() ] = control;
}
- else
+ else if (elem->getControlType() == API_CONTROL_TABSTRIP)
{
AxTabStripModel* pTabStrip =
static_cast<AxTabStripModel*>(elem.get());
sCaptions = pTabStrip->maItems;
pMultiPage->mnActiveTab = pTabStrip->mnListIndex;
pMultiPage->mnTabStyle = pTabStrip->mnTabStyle;
}
+ else
+ {
+ SAL_WARN("oox", "unexpected control type " <<
elem->getControlType());
+ }
}
// apply caption/titles to pages
commit fcc4812f7e35249e0c61305916918d2907c5e3d8
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Jun 27 10:00:13 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:38 2022 +0200
crashtesting: fix assert seen with forum-mso-en-8349.docx
a string that ends in spaces
Change-Id: I808f046be816d0d4a76f801a349e284024a2061c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136465
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 83923eb10c198ae86e20bf9eb7def400a8c08268)
diff --git a/writerfilter/source/dmapper/DomainMapper_Impl.cxx
b/writerfilter/source/dmapper/DomainMapper_Impl.cxx
index 0aec8482e121..666c60d04e5d 100644
--- a/writerfilter/source/dmapper/DomainMapper_Impl.cxx
+++ b/writerfilter/source/dmapper/DomainMapper_Impl.cxx
@@ -3191,7 +3191,7 @@ static OUString lcl_ExctractVariableAndHint( const
OUString& rCommand, OUString&
sal_Int32 nIndex = rCommand.indexOf( ' ', 2); //find last space after 'ASK'
if (nIndex == -1)
return OUString();
- while(rCommand[nIndex] == ' ')
+ while (nIndex < rCommand.getLength() && rCommand[nIndex] == ' ')
++nIndex;
OUString sShortCommand( rCommand.copy( nIndex ) ); //cut off the " ASK "
commit fc506627b5e4ce8bc9ff286677ae24e7dcd8001e
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Jun 27 09:40:22 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:38 2022 +0200
crashtesting: fix assert seen on loading forum-nl-1226.ods
Change-Id: If8c08a51b11a459a03b4a0604c1fb9897351e598
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136467
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
Tested-by: Jenkins
(cherry picked from commit a095f58d981569cbe79d724a301ed04f0f92748d)
diff --git a/external/libnumbertext/EmptyString.patch1
b/external/libnumbertext/EmptyString.patch1
new file mode 100644
index 000000000000..d6570117da09
--- /dev/null
+++ b/external/libnumbertext/EmptyString.patch1
@@ -0,0 +1,13 @@
+--- a/src/Soros.cxx 2022-06-27 09:36:46.486075920 +0100
++++ b/src/Soros.cxx 2022-06-27 09:37:52.594072196 +0100
+@@ -98,8 +98,8 @@
+ s = regex_replace(s, quoteEnd, L"");
+ s = translate(s, c.substr(1), m.substr(1), L"");
+ replace(s, slash, L"\\\\"); // -> \\, ", ;, #
+- begins.push_back(s[0] == L'^');
+- ends.push_back(s[s.length()-1] == L'$');
++ begins.push_back(!s.empty() && s[0] == L'^');
++ ends.push_back(!s.empty() && s[s.length()-1] == L'$');
+ s = L"^" + regex_replace(s, wregex(L"^\\^"), L"");
+ s = regex_replace(s, wregex(L"\\$$"), L"") + L"$";
+ try
diff --git a/external/libnumbertext/UnpackedTarball_libnumbertext.mk
b/external/libnumbertext/UnpackedTarball_libnumbertext.mk
index 67b147393e31..5667b138bbb0 100644
--- a/external/libnumbertext/UnpackedTarball_libnumbertext.mk
+++ b/external/libnumbertext/UnpackedTarball_libnumbertext.mk
@@ -19,6 +19,7 @@ $(eval $(call
gb_UnpackedTarball_set_patchlevel,libnumbertext,1))
# <https://github.com/Numbertext/libnumbertext/pull/43>:
$(eval $(call gb_UnpackedTarball_add_patches,libnumbertext, \
external/libnumbertext/0001-Don-t-depend-on-en_US.UTF-8-locale.patch \
+ external/libnumbertext/EmptyString.patch1 \
))
# vim: set noet sw=4 ts=4:
commit 5008756b6dc0958ea32494e62123104348770e35
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Fri Jun 24 18:21:32 2022 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:38 2022 +0200
external/liborcus: Fix heap-buffer-overflow
...as seen during CppunitTest_vcl_pdfexport:
> ==573913==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x62b0001dba0e at pc 0x560576627186 bp 0x7ffeab9fa730 sp 0x7ffeab9f9ef0
> READ of size 26624 at 0x62b0001dba0e thread T0
> #0 in StrtolFixAndCheck(void*, char const*, char**, char*, int) at
~/github.com/llvm/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:3629:3
> #1 in strtol at
~/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:485:3
> #2 in
orcus::sax_token_handler_wrapper_base::attribute(std::basic_string_view<char,
std::char_traits<char>>, std::basic_string_view<char, std::char_traits<char>>)
at workdir/UnpackedTarball/liborcus/src/parser/sax_token_parser.cpp:344:22
> #3 in
orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper::attribute(orcus::sax::parser_attribute
const&) at
workdir/UnpackedTarball/liborcus/src/liborcus/../../include/orcus/sax_ns_parser.hpp:212:27
> #4 in
orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper,
orcus::sax_parser_default_config>::attribute() at
workdir/UnpackedTarball/liborcus/src/liborcus/../../include/orcus/sax_parser.hpp:570:15
> #5 in
orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper,
orcus::sax_parser_default_config>::declaration(char const*) at
workdir/UnpackedTarball/liborcus/src/liborcus/../../include/orcus/sax_parser.hpp:389:9
> #6 in
orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper,
orcus::sax_parser_default_config>::element() at
workdir/UnpackedTarball/liborcus/src/liborcus/../../include/orcus/sax_parser.hpp:242:13
> #7 in
orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper,
orcus::sax_parser_default_config>::body() at
workdir/UnpackedTarball/liborcus/src/liborcus/../../include/orcus/sax_parser.hpp:214:13
> #8 in
orcus::sax_parser<orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::handler_wrapper,
orcus::sax_parser_default_config>::parse() at
workdir/UnpackedTarball/liborcus/src/liborcus/../../include/orcus/sax_parser.hpp:182:5
> #9 in
orcus::sax_ns_parser<orcus::sax_token_parser<orcus::xml_stream_handler>::handler_wrapper>::parse()
at
workdir/UnpackedTarball/liborcus/src/liborcus/../../include/orcus/sax_ns_parser.hpp:277:14
> #10 in orcus::sax_token_parser<orcus::xml_stream_handler>::parse() at
workdir/UnpackedTarball/liborcus/src/liborcus/../../include/orcus/sax_token_parser.hpp:215:14
> #11 in orcus::xml_stream_parser::parse() at
workdir/UnpackedTarball/liborcus/src/liborcus/xml_stream_parser.cpp:68:9
> #12 in orcus::orcus_xls_xml::detect(unsigned char const*, unsigned long)
at workdir/UnpackedTarball/liborcus/src/liborcus/orcus_xls_xml.cpp:94:16
> #13 in orcus::detect(unsigned char const*, unsigned long) at
workdir/UnpackedTarball/liborcus/src/liborcus/format_detection.cpp:68:9
> #14 in (anonymous
namespace)::OrcusFormatDetect::detect(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&)
at sc/source/filter/orcus/filterdetect.cxx:83:31
> 0x62b0001dba0e is located 0 bytes to the right of 26638-byte region
[0x62b0001d5200,0x62b0001dba0e)
> allocated by thread T0 here:
> #0 in operator new[](unsigned long) at
~/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:98:3
> #1 in SvMemoryStream::AllocateMemory(unsigned long) at
tools/source/stream/stream.cxx:1698:12
> #2 in SvMemoryStream::SvMemoryStream(unsigned long, unsigned long) at
tools/source/stream/stream.cxx:1544:9
> #3 in (anonymous
namespace)::OrcusFormatDetect::detect(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&)
at sc/source/filter/orcus/filterdetect.cxx:71:20
This started to occur now after a95c585433246813096e8890b7ed6ef4fe30c621
"Pump
XInputStream into an SvMemoryStream rather than an OStringBuffer" no longer
guarantees that the memory range passed into
orcus::detect(const unsigned char* buffer, size_t length)
is followed by a null byte at buffer[length]. (There appears to be no
documentation for that function, but it looks unreasonable to me that it
should
require callers to provide a buffer thus terminated, and I rather assume
that
what is observed here is an orcus bug.)
The problematic calls of std::strtol were used in code apparently meant to
parse
strings matching the XML VersionNum grammar production, and then store the
two
dot-separated numbers each as uint8_t. The new code using a local readUint8
accepts a different set of strings now than the original code using
std::strtol,
but the new set is arguably closer to what the actual XML VersionNum grammar
production accepts (which is '1.' [0-9]+ for XML 1.0 and '1.1' for XML
1.1), so
this change should be OK.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136405
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
(cherry picked from commit 3f17a643d0f943d02c7cb2b5d8e702fe0e63e38d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136417
Reviewed-by: Noel Grandin <noel.gran...@collabora.co.uk>
(cherry picked from commit 8e30b8be3ae348dce83bed40206ee2e66492f1cd)
Change-Id: I1668542c96ced64667cb9f251e79126e1a54ac30
diff --git a/external/liborcus/UnpackedTarball_liborcus.mk
b/external/liborcus/UnpackedTarball_liborcus.mk
index cf792f125f71..a6c36095f3ab 100644
--- a/external/liborcus/UnpackedTarball_liborcus.mk
+++ b/external/liborcus/UnpackedTarball_liborcus.mk
@@ -37,6 +37,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\
external/liborcus/forcepoint-84.patch.1 \
external/liborcus/forcepoint-87.patch.1 \
external/liborcus/forcepoint-95.patch.1 \
+ external/liborcus/overrun.patch.0 \
))
ifeq ($(OS),WNT)
diff --git a/external/liborcus/overrun.patch.0
b/external/liborcus/overrun.patch.0
new file mode 100644
index 000000000000..8b5bc5366da1
--- /dev/null
+++ b/external/liborcus/overrun.patch.0
@@ -0,0 +1,63 @@
+--- src/parser/sax_token_parser.cpp
++++ src/parser/sax_token_parser.cpp
+@@ -10,6 +10,7 @@
+
+ #include <mdds/sorted_string_map.hpp>
+ #include <cctype>
++#include <limits>
+
+ namespace orcus {
+
+@@ -329,6 +330,28 @@
+ m_elem.raw_name = elem.name;
+ }
+
++static uint8_t readUint8(char const * begin, char const * end, char const **
endptr) {
++ unsigned n = 0;
++ char const * p = begin;
++ for (; p != end; ++p) {
++ char const c = *p;
++ if (c < '0' || c > '9') {
++ break;
++ }
++ n = 10 * n + (c - '0');
++ if (n > std::numeric_limits<uint8_t>::max()) {
++ *endptr = nullptr;
++ return 0;
++ }
++ }
++ if (p == begin) {
++ *endptr = nullptr;
++ return 0;
++ }
++ *endptr = p;
++ return n;
++}
++
+ void sax_token_handler_wrapper_base::attribute(const pstring& name, const
pstring& val)
+ {
+ decl_attr_type dat = decl_attr::get().find(name.data(), name.size());
+@@ -340,18 +362,18 @@
+ const char* p = val.data();
+ const char* p_end = p + val.size();
+
+- char* endptr = nullptr;
+- long v = std::strtol(p, &endptr, 10);
++ const char* endptr = nullptr;
++ uint8_t v = readUint8(p, p_end, &endptr);
+
+- if (!endptr || endptr >= p_end || *endptr != '.')
++ if (!endptr || endptr == p_end || *endptr != '.')
+ break;
+
+ m_declaration.version_major = v;
+ p = endptr + 1;
+
+- v = std::strtol(p, &endptr, 10);
++ v = readUint8(p, p_end, &endptr);
+
+- if (!endptr || endptr > p_end)
++ if (!endptr)
+ break;
+
+ m_declaration.version_minor = v;
commit cf1793a4dfd278d757620611a110d22b38ab5a3f
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Wed Jun 22 20:37:34 2022 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:38 2022 +0200
Pump XInputStream into an SvMemoryStream rather than an OStringBuffer
...to avoid overflow with streams >= 2^31 bytes. This should fix
<https://crashreport.libreoffice.org/stats/crash_details/d9613c81-de37-4de2-8c64-e36634d10ddc>
which I could reproduce with a recent master Linux build with
> $ truncate -s 3G test.xml
> $ instdir/program/soffice test.xml
causing a SIGSEGV at
> #0 0x00007ffff7f193a0 in rtl::str::stringbuffer_insert<_rtl_String,
char>(_rtl_String**, int*, int, char const*, int) (ppThis=0x7fffffffb330,
capacity=<optimized out>, offset=2147479552, pStr=0x20a92e8 "", len=4096) at
sal/rtl/strtmpl.hxx:1424
> #1 0x00007fffb6af04e5 in rtl::OStringBuffer::append(char const*, int)
(len=4096, str=<optimized out>, this=0x7fffffffb330) at
include/rtl/strbuf.hxx:594
> #2 (anonymous
namespace)::OrcusFormatDetect::detect(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&)
(this=<optimized out>, rMediaDescSeq=<optimized out>) at
sc/source/filter/orcus/filterdetect.cxx:80
[...]
(Ideally, orcus::detect would only need a short prefix of the stream's
content,
but the implementation in
workdir/UnpackedTarball/liborcus/src/liborcus/format_detection.cpp
delegates to
functions like orcus_ods::detect in
workdir/UnpackedTarball/liborcus/src/liborcus/orcus_ods.cpp, which passes
the
content through some zip_archive that presumably needs the full content.)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136297
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
(cherry picked from commit a95c585433246813096e8890b7ed6ef4fe30c621)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136253
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 5a0b9af53650c8a54f159d6677fc653d28539a54)
Change-Id: Ifaa37ee887d8296cbcf971313bde347ddfb17c12
diff --git a/sc/source/filter/orcus/filterdetect.cxx
b/sc/source/filter/orcus/filterdetect.cxx
index 106248854b1d..c0a3f922de46 100644
--- a/sc/source/filter/orcus/filterdetect.cxx
+++ b/sc/source/filter/orcus/filterdetect.cxx
@@ -14,7 +14,7 @@
#include <unotools/mediadescriptor.hxx>
-#include <rtl/strbuf.hxx>
+#include <tools/stream.hxx>
#include <orcus/format_detection.hpp>
@@ -68,7 +68,7 @@ OUString
OrcusFormatDetect::detect(css::uno::Sequence<css::beans::PropertyValue>
return OUString();
css::uno::Reference<css::io::XInputStream>
xInputStream(aMediaDescriptor[utl::MediaDescriptor::PROP_INPUTSTREAM()],
css::uno::UNO_QUERY );
- OStringBuffer aContent(xInputStream->available());
+ SvMemoryStream aContent(xInputStream->available());
static const sal_Int32 nBytes = 4096;
css::uno::Sequence<sal_Int8> aSeq(nBytes);
@@ -77,10 +77,10 @@ OUString
OrcusFormatDetect::detect(css::uno::Sequence<css::beans::PropertyValue>
{
sal_Int32 nReadBytes = xInputStream->readBytes(aSeq, nBytes);
bEnd = (nReadBytes != nBytes);
- aContent.append(reinterpret_cast<const char*>(aSeq.getConstArray()),
nReadBytes);
+ aContent.WriteBytes(aSeq.getConstArray(), nReadBytes);
}
- orcus::format_t eFormat = orcus::detect(reinterpret_cast<const unsigned
char*>(aContent.getStr()), aContent.getLength());
+ orcus::format_t eFormat = orcus::detect(static_cast<const unsigned
char*>(aContent.GetData()), aContent.GetSize());
switch (eFormat)
{
commit 63629f9be564b5bf9f15f6484cc07b6e699fa788
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Jun 22 16:05:53 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:37 2022 +0200
crashtesting: assert seen with forum-mso-de-53682
not reproducible for me, but appears to be an empty string here
sometimes.
Change-Id: I8465f178cc7e5a6efdc08c1d15c154eeb2277c7b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136247
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit dff039e61ac737c779b538d20a57a5e0a401cf60)
diff --git a/formula/source/core/api/token.cxx
b/formula/source/core/api/token.cxx
index 17594207234f..cc5fb5426a70 100644
--- a/formula/source/core/api/token.cxx
+++ b/formula/source/core/api/token.cxx
@@ -1193,8 +1193,12 @@ bool FormulaMissingContext::AddMissingExternal(
FormulaTokenArray *pNewArr ) con
const OUString &rName = mpFunc->GetExternal();
- // initial (fast) check:
- sal_Unicode nLastChar = rName[ rName.getLength() - 1];
+ // initial (fast) checks:
+ sal_Int32 nLength = rName.getLength();
+ if (!nLength)
+ return false;
+
+ sal_Unicode nLastChar = rName[ nLength - 1];
if ( nLastChar != 't' && nLastChar != 'm' )
return false;
commit 26446c1061bc8ad1b125bd29e4a439931a4c1b68
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Jun 14 12:24:41 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:37 2022 +0200
crashtesting: negative index seen on loading forum-de3-15472.ods
Change-Id: I737e6132f117a85c4d7e5df4a33561d09eff86af
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135837
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit d26e960fb3cb6dcff887654b3ec51e5cdea5a878)
diff --git a/sc/source/core/data/colorscale.cxx
b/sc/source/core/data/colorscale.cxx
index 64c0d990c147..674ee87f2edf 100644
--- a/sc/source/core/data/colorscale.cxx
+++ b/sc/source/core/data/colorscale.cxx
@@ -541,8 +541,10 @@ Color CalcColor( double nVal, double nVal1, const Color&
rCol1, double nVal2, co
double GetPercentile( const std::vector<double>& rArray, double fPercentile )
{
size_t nSize = rArray.size();
- size_t nIndex = static_cast<size_t>(::rtl::math::approxFloor( fPercentile
* (nSize-1)));
- double fDiff = fPercentile * (nSize-1) - ::rtl::math::approxFloor(
fPercentile * (nSize-1));
+ double fFloor = ::rtl::math::approxFloor(fPercentile * (nSize-1));
+ SAL_WARN_IF(fFloor < 0, "sc", "negative percentile");
+ size_t nIndex = fFloor >= 0 ? static_cast<size_t>(fFloor) : 0;
+ double fDiff = fPercentile * (nSize-1) - fFloor;
std::vector<double>::const_iterator iter = rArray.begin() + nIndex;
if (fDiff == 0.0)
return *iter;
commit 268d8cd47312df921ed05385a25966a75165cede
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Jun 14 12:56:41 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:37 2022 +0200
crashtesting: assert seen on loading forum-en-38962.ods
mismatched Push/Pop, catch offending exception
Change-Id: Ib2297a8ab04a2f2491e4c922d9e4db82a66ea911
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135841
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit adc0d38ea1b434e0f5c996acce87fc9106706801)
diff --git a/sc/source/core/data/dpobject.cxx b/sc/source/core/data/dpobject.cxx
index 73762cc70c54..33f923d4a26e 100644
--- a/sc/source/core/data/dpobject.cxx
+++ b/sc/source/core/data/dpobject.cxx
@@ -1022,7 +1022,16 @@ bool ScDPObject::GetMembers( sal_Int32 nDim, sal_Int32
nHier, vector<ScDPLabelDa
for (sal_Int32 i = 0; i < nCount; ++i)
{
- Reference<container::XNamed> xMember(xMembersIA->getByIndex(i),
UNO_QUERY);
+ Reference<container::XNamed> xMember;
+ try
+ {
+ xMember = Reference<container::XNamed>(xMembersIA->getByIndex(i),
UNO_QUERY);
+ }
+ catch (const container::NoSuchElementException&)
+ {
+ TOOLS_WARN_EXCEPTION("sc", "ScNameToIndexAccess getByIndex
failed");
+ }
+
ScDPLabelData::Member aMem;
if (xMember.is())
commit bfedcc7c0b72819937ac0fb8a62852b4ec5f9f72
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Jun 14 10:51:13 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:36 2022 +0200
crashtesting: crash seen on exporting forum-it-5909.ods to xlsx
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135752
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
(cherry picked from commit 8e14296fcf11bafe91f3ec45598841ba117b20b8)
Change-Id: I64b629e2f5b0ece7f903049bd006775463f97586
diff --git a/sc/source/core/data/dptabres.cxx b/sc/source/core/data/dptabres.cxx
index 67f742dece8b..f9b132c1ca4f 100644
--- a/sc/source/core/data/dptabres.cxx
+++ b/sc/source/core/data/dptabres.cxx
@@ -2762,7 +2762,10 @@ ScDPResultDimension::~ScDPResultDimension()
ScDPResultMember *ScDPResultDimension::FindMember( SCROW iData ) const
{
if( bIsDataLayout )
- return maMemberArray[0].get();
+ {
+ SAL_WARN_IF(maMemberArray.empty(), "sc.core", "MemberArray is empty");
+ return !maMemberArray.empty() ? maMemberArray[0].get() : nullptr;
+ }
MemberHash::const_iterator aRes = maMemberHash.find( iData );
if( aRes != maMemberHash.end()) {
@@ -2969,8 +2972,11 @@ void ScDPResultDimension::LateInitFrom(
long ScDPResultDimension::GetSize(long nMeasure) const
{
- long nTotal = 0;
long nMemberCount = maMemberArray.size();
+ if (!nMemberCount)
+ return 0;
+
+ long nTotal = 0;
if (bIsDataLayout)
{
OSL_ENSURE(nMeasure == SC_DPMEASURE_ALL ||
pResultData->GetMeasureCount() == 1,
@@ -3123,7 +3129,7 @@ void ScDPResultDimension::SortMembers( ScDPResultMember*
pRefMember )
// handle children
// for data layout, call only once - sorting measure is always taken from
settings
- long nLoopCount = bIsDataLayout ? 1 : nCount;
+ long nLoopCount = bIsDataLayout ? std::min<long>(1, nCount) : nCount;
for (long i=0; i<nLoopCount; i++)
{
ScDPResultMember* pMember = maMemberArray[i].get();
commit 699f64b66e3a89b1258df2101811b64abbb5dfd2
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Apr 1 15:08:09 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:36 2022 +0200
forcepoint#97 avoid Invalid read of size 2
==143282== Invalid read of size 2
==143282== at 0x190CDBFC: SfxItemSet::Count() const (itemset.hxx:96)
==143282== by 0x1910F33E: SfxItemSet::Get(unsigned short, bool) const
(itemset.cxx:748)
==143282== by 0x1F14D76C: ScPatternAttr::GetItem(unsigned short,
SfxItemSet const&, SfxItemSet const*) (patattr.cxx:1347)
==143282== by 0x1F14D7DA: ScPatternAttr::GetItem(unsigned short,
SfxItemSet const*) const (patattr.cxx:1352)
==143282== by 0x202A3E44: ScLineBreakCell const&
ScPatternAttr::GetItem<ScLineBreakCell>(TypedWhichId<ScLineBreakCell>,
SfxItemSet const*) const (patattr.hxx:83)
==143282== by 0x2028E8BC: ScOutputData::LayoutStrings(bool, bool,
ScAddress const&) (output2.cxx:1677)
==143282== by 0x2028D4A8: ScOutputData::DrawStrings(bool)
(output2.cxx:1473)
==143282== by 0x202D9879: ScPrintFunc::PrintArea(short, int, short,
int, long, long, bool, bool, bool, bool) (printfun.cxx:1675)
==143282== by 0x202DD459: ScPrintFunc::PrintPage(long, short, int,
short, int, bool, ScPreviewLocationData*) (printfun.cxx:2301)
==143282== by 0x202DF491: ScPrintFunc::DoPrint(MultiSelection const&,
long, long, bool, ScPreviewLocationData*) (printfun.cxx:2713)
==143282== by 0x20031888: ScModelObj::render(int,
com::sun::star::uno::Any const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(docuno.cxx:2259)
==143282== by 0x30C1A485: PDFExport::ExportSelection(vcl::PDFWriter&,
com::sun::star::uno::Reference<com::sun::star::view::XRenderable> const&,
com::sun::star::uno::Any const&, StringRangeEnumerator const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&, int)
(pdfexport.cxx:219)
==143282== by 0x30C1F879: PDFExport::Export(rtl::OUString const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(pdfexport.cxx:987)
==143282== by 0x30C33BA2:
PDFFilter::implExport(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) (pdffilter.cxx:174)
==143282== by 0x30C33F2A:
PDFFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) (pdffilter.cxx:237)
==143282== by 0x21AC6986: SfxObjectShell::ExportTo(SfxMedium&)
(objstor.cxx:2488)
==143282== by 0x21AC2363: SfxObjectShell::SaveTo_Impl(SfxMedium&,
SfxItemSet const*) (objstor.cxx:1553)
==143282== by 0x21ACE816:
SfxObjectShell::PreDoSaveAs_Impl(rtl::OUString const&, rtl::OUString const&,
SfxItemSet const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(objstor.cxx:2966)
==143282== by 0x21ACCA87:
SfxObjectShell::CommonSaveAs_Impl(INetURLObject const&, rtl::OUString const&,
SfxItemSet&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(objstor.cxx:2756)
==143282== by 0x21AA8CDB: SfxObjectShell::APISaveAs_Impl(rtl::OUString
const&, SfxItemSet&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(objserv.cxx:317)
==143282== by 0x21B2B4AD: SfxBaseModel::impl_store(rtl::OUString
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&, bool) (sfxbasemodel.cxx:3132)
==143282== by 0x21B2CB12: SfxBaseModel::storeToURL(rtl::OUString
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) (sfxbasemodel.cxx:1768)
==143282== by 0x1C507AFE:
ScPDFExportTest::exportToPDF(com::sun::star::uno::Reference<com::sun::star::frame::XModel>
const&, ScRange const&) (scpdfexport.cxx:192)
==143282== by 0x1C511A33: ScPDFExportTest::testForcepoint97()
(scpdfexport.cxx:571)
==143282== by 0x1C52778D: void std::__invoke_impl<void, void
(ScPDFExportTest::*&)(), ScPDFExportTest*&>(std::__invoke_memfun_deref, void
(ScPDFExportTest::*&)(), ScPDFExportTest*&) (invoke.h:74)
==143282== by 0x1C5276C1: std::__invoke_result<void
(ScPDFExportTest::*&)(), ScPDFExportTest*&>::type std::__invoke<void
(ScPDFExportTest::*&)(), ScPDFExportTest*&>(void (ScPDFExportTest::*&)(),
ScPDFExportTest*&) (invoke.h:96)
==143282== by 0x1C527659: void std::_Bind<void
(ScPDFExportTest::*(ScPDFExportTest*))()>::__call<void, , 0ul>(std::tuple<>&&,
std::_Index_tuple<0ul>) (functional:420)
==143282== by 0x1C5275E2: void std::_Bind<void
(ScPDFExportTest::*(ScPDFExportTest*))()>::operator()<, void>() (functional:503)
==143282== by 0x1C52758C: void std::__invoke_impl<void, std::_Bind<void
(ScPDFExportTest::*(ScPDFExportTest*))()>&>(std::__invoke_other,
std::_Bind<void (ScPDFExportTest::*(ScPDFExportTest*))()>&) (invoke.h:61)
==143282== by 0x1C52753C: std::enable_if<is_invocable_r_v<void,
std::_Bind<void (ScPDFExportTest::*(ScPDFExportTest*))()>&>, void>::type
std::__invoke_r<void, std::_Bind<void
(ScPDFExportTest::*(ScPDFExportTest*))()>&>(std::_Bind<void
(ScPDFExportTest::*(ScPDFExportTest*))()>&) (invoke.h:111)
==143282== by 0x1C52731C: std::_Function_handler<void (),
std::_Bind<void (ScPDFExportTest::*(ScPDFExportTest*))()>
>::_M_invoke(std::_Any_data const&) (std_function.h:290)
==143282== by 0x1C527A34: std::function<void ()>::operator()() const
(std_function.h:590)
==143282== by 0x1C527078:
CppUnit::TestCaller<ScPDFExportTest>::runTest() (TestCaller.h:175)
==143282== by 0x49326F2: CppUnit::TestCaseMethodFunctor::operator()()
const (TestCase.cpp:32)
==143282== by 0x15937E3D: (anonymous
namespace)::Protector::protect(CppUnit::Functor const&,
CppUnit::ProtectorContext const&) (vclbootstrapprotector.cxx:46)
==143282== by 0x4929ED1:
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
(ProtectorChain.cpp:20)
==143282== by 0x4B05D6D: (anonymous
namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext
const&) (unobootstrapprotector.cxx:78)
==143282== by 0x4929ED1:
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
(ProtectorChain.cpp:20)
==143282== by 0x4AF2F2A: (anonymous
namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext
const&) (unoexceptionprotector.cxx:62)
==143282== by 0x4929ED1:
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
(ProtectorChain.cpp:20)
==143282== by 0x491261E:
CppUnit::DefaultProtector::protect(CppUnit::Functor const&,
CppUnit::ProtectorContext const&) (DefaultProtector.cpp:15)
==143282== by 0x4929ED1:
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
(ProtectorChain.cpp:20)
==143282== by 0x4928690:
CppUnit::ProtectorChain::protect(CppUnit::Functor const&,
CppUnit::ProtectorContext const&) (ProtectorChain.cpp:86)
==143282== by 0x4946ACD: CppUnit::TestResult::protect(CppUnit::Functor
const&, CppUnit::Test*, std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&) (TestResult.cpp:182)
==143282== by 0x4932103: CppUnit::TestCase::run(CppUnit::TestResult*)
(TestCase.cpp:91)
==143282== by 0x4932BCF:
CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*)
(TestComposite.cpp:64)
==143282== by 0x4932A5F:
CppUnit::TestComposite::run(CppUnit::TestResult*) (TestComposite.cpp:23)
==143282== by 0x4932BCF:
CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*)
(TestComposite.cpp:64)
==143282== by 0x4932A5F:
CppUnit::TestComposite::run(CppUnit::TestResult*) (TestComposite.cpp:23)
==143282== by 0x494FDBF:
CppUnit::TestRunner::WrappingSuite::run(CppUnit::TestResult*)
(TestRunner.cpp:47)
==143282== Address 0x1d7624b0 is 64 bytes inside a block of size 120
free'd
==143282== at 0x4847669: operator delete(void*)
(vg_replace_malloc.c:923)
==143282== by 0x1F150EA1: ScPatternAttr::~ScPatternAttr()
(patattr.hxx:53)
==143282== by 0x190D29B2: SfxItemPool::Remove(SfxPoolItem const&)
(itempool.cxx:802)
==143282== by 0x1EA27F8E: ScAttrArray::SetPatternAreaImpl(int, int,
ScPatternAttr const*, bool, ScEditDataArray*, bool) (attarray.cxx:574)
==143282== by 0x1EBF43D5: ScAttrArray::SetPattern(int, ScPatternAttr
const*, bool) (attarray.hxx:148)
==143282== by 0x1EBD9068: ScColumn::ApplyAttr(int, SfxPoolItem const&)
(column.cxx:634)
==143282== by 0x1EC6C1EB: ScColumn::SetNumberFormat(int, unsigned int)
(column2.cxx:3094)
==143282== by 0x1F1CB737: ScTable::SetNumberFormat(short, int, unsigned
int) (table2.cxx:2238)
==143282== by 0x1EE3F135: ScDocument::SetNumberFormat(ScAddress const&,
unsigned int) (document.cxx:3717)
==143282== by 0x1F09CCA5:
ScFormulaCell::InterpretTail(ScInterpreterContext&,
ScFormulaCell::ScInterpretTailParameter) (formulacell.cxx:2155)
==143282== by 0x1F099D9F: ScFormulaCell::Interpret(int, int)
(formulacell.cxx:1615)
==143282== by 0x1ECC048D: ScFormulaCell::MaybeInterpret()
(formulacell.hxx:465)
==143282== by 0x1F09F5C8: ScFormulaCell::IsValue()
(formulacell.cxx:2760)
==143282== by 0x1EA82355: (anonymous
namespace)::hasNumericImpl(CellType, ScFormulaCell*) (cellvalue.cxx:155)
==143282== by 0x1EA822FA: ScRefCellValue::hasNumeric() const
(cellvalue.cxx:624)
==143282== by 0x2028E876: ScOutputData::LayoutStrings(bool, bool,
ScAddress const&) (output2.cxx:1676)
==143282== by 0x2028D4A8: ScOutputData::DrawStrings(bool)
(output2.cxx:1473)
==143282== by 0x202D9879: ScPrintFunc::PrintArea(short, int, short,
int, long, long, bool, bool, bool, bool) (printfun.cxx:1675)
==143282== by 0x202DD459: ScPrintFunc::PrintPage(long, short, int,
short, int, bool, ScPreviewLocationData*) (printfun.cxx:2301)
==143282== by 0x202DF491: ScPrintFunc::DoPrint(MultiSelection const&,
long, long, bool, ScPreviewLocationData*) (printfun.cxx:2713)
==143282== by 0x20031888: ScModelObj::render(int,
com::sun::star::uno::Any const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(docuno.cxx:2259)
==143282== by 0x30C1A485: PDFExport::ExportSelection(vcl::PDFWriter&,
com::sun::star::uno::Reference<com::sun::star::view::XRenderable> const&,
com::sun::star::uno::Any const&, StringRangeEnumerator const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&, int)
(pdfexport.cxx:219)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/134362
Tested-by: Jenkins
Reviewed-by: Eike Rathke <er...@redhat.com>
(cherry picked from commit 6d615be74e30f50b164e0342a0f8fb3324ce8058)
Change-Id: Idf19b79f5aef7e07666249f5f9ec510003a3f886
diff --git a/sc/inc/document.hxx b/sc/inc/document.hxx
index 8091f7e2ffb9..4cc98b01096e 100644
--- a/sc/inc/document.hxx
+++ b/sc/inc/document.hxx
@@ -558,6 +558,8 @@ private:
bool mbFinalTrackFormulas : 1;
// This indicates if a ScDocShell::DoRecalc() or
ScDocShell::DoHardRecalc() is in progress.
bool mbDocShellRecalc : 1;
+ // This indicates if a ScOutputData::LayoutStrings() is in progress.
+ bool mbLayoutStrings : 1;
size_t mnMutationGuardFlags;
@@ -2502,6 +2504,9 @@ public:
bool IsInDocShellRecalc() const { return mbDocShellRecalc; }
void SetDocShellRecalc(bool bSet) { mbDocShellRecalc = bSet; }
+ bool IsInLayoutStrings() const { return mbLayoutStrings; }
+ void SetLayoutStrings(bool bSet) { mbLayoutStrings = bSet; }
+
private:
/**
diff --git a/sc/qa/extras/scpdfexport.cxx b/sc/qa/extras/scpdfexport.cxx
index f6a7ea8bfbd0..ec789fe0fdeb 100644
--- a/sc/qa/extras/scpdfexport.cxx
+++ b/sc/qa/extras/scpdfexport.cxx
@@ -55,13 +55,17 @@ private:
public:
void testExportRange_Tdf120161();
void testExportFitToPage_Tdf103516();
+ void testForcepoint97();
CPPUNIT_TEST_SUITE(ScPDFExportTest);
CPPUNIT_TEST(testExportRange_Tdf120161);
CPPUNIT_TEST(testExportFitToPage_Tdf103516);
+ CPPUNIT_TEST(testForcepoint97);
CPPUNIT_TEST_SUITE_END();
};
+char const DATA_DIRECTORY[] = "/sc/qa/extras/testdocuments/";
+
void ScPDFExportTest::setUp()
{
test::BootstrapFixture::setUp();
@@ -358,6 +362,18 @@ void ScPDFExportTest::testExportFitToPage_Tdf103516()
}
}
+// just needs to not crash on export to pdf
+void ScPDFExportTest::testForcepoint97()
+{
+ mxComponent = loadFromDesktop(m_directories.getURLFromSrc(DATA_DIRECTORY)
+ "forcepoint97.xlsx",
+ "com.sun.star.sheet.SpreadsheetDocument");
+ uno::Reference<frame::XModel> xModel(mxComponent, uno::UNO_QUERY);
+
+ // A1:H81
+ ScRange range1(0, 0, 0, 7, 81, 0);
+ std::shared_ptr<utl::TempFile> pPDFFile = exportToPDF(xModel, range1);
+}
+
CPPUNIT_TEST_SUITE_REGISTRATION(ScPDFExportTest);
CPPUNIT_PLUGIN_IMPLEMENT();
diff --git a/sc/qa/extras/testdocuments/forcepoint97.xlsx
b/sc/qa/extras/testdocuments/forcepoint97.xlsx
new file mode 100644
index 000000000000..152fbbc45a9f
Binary files /dev/null and b/sc/qa/extras/testdocuments/forcepoint97.xlsx differ
diff --git a/sc/source/core/data/documen2.cxx b/sc/source/core/data/documen2.cxx
index 7271fdef0d43..dd76b6cc2dc3 100644
--- a/sc/source/core/data/documen2.cxx
+++ b/sc/source/core/data/documen2.cxx
@@ -166,6 +166,7 @@ ScDocument::ScDocument( ScDocumentMode eMode,
SfxObjectShell* pDocShell ) :
mbTrackFormulasPending(false),
mbFinalTrackFormulas(false),
mbDocShellRecalc(false),
+ mbLayoutStrings(false),
mnMutationGuardFlags(0)
{
SetStorageGrammar( formula::FormulaGrammar::GRAM_STORAGE_DEFAULT);
diff --git a/sc/source/core/data/formulacell.cxx
b/sc/source/core/data/formulacell.cxx
index dff86ec3682e..6cb60886d165 100644
--- a/sc/source/core/data/formulacell.cxx
+++ b/sc/source/core/data/formulacell.cxx
@@ -2140,7 +2140,8 @@ void ScFormulaCell::InterpretTail( ScInterpreterContext&
rContext, ScInterpretTa
// XXX if mbNeedsNumberFormat was set even if the current format
// was not General then we'd have to obtain the current format here
// and check at least the types.
- if (bSetFormat && (bForceNumberFormat || ((nFormatIndex %
SV_COUNTRY_LANGUAGE_OFFSET) != 0)))
+ const bool bSetNumberFormat = bSetFormat && (bForceNumberFormat ||
((nFormatIndex % SV_COUNTRY_LANGUAGE_OFFSET) != 0));
+ if (bSetNumberFormat && !pDocument->IsInLayoutStrings())
{
// set number format explicitly
if (!pDocument->IsThreadedGroupCalcInProgress())
diff --git a/sc/source/ui/view/output2.cxx b/sc/source/ui/view/output2.cxx
index 41a9760cc450..1dd9bc063aac 100644
--- a/sc/source/ui/view/output2.cxx
+++ b/sc/source/ui/view/output2.cxx
@@ -70,6 +70,7 @@
#include <scopetools.hxx>
#include <com/sun/star/i18n/DirectionProperty.hpp>
+#include <comphelper/scopeguard.hxx>
#include <comphelper/string.hxx>
#include <memory>
@@ -1441,6 +1442,12 @@ void ScOutputData::DrawStrings( bool bPixelToLogic )
tools::Rectangle ScOutputData::LayoutStrings(bool bPixelToLogic, bool bPaint,
const ScAddress &rAddress)
{
+ bool bOrigIsInLayoutStrings = mpDoc->IsInLayoutStrings();
+ mpDoc->SetLayoutStrings(true);
+ comphelper::ScopeGuard g([this, bOrigIsInLayoutStrings] {
+ mpDoc->SetLayoutStrings(bOrigIsInLayoutStrings);
+ });
+
OSL_ENSURE( mpDev == mpRefDevice ||
mpDev->GetMapMode().GetMapUnit() ==
mpRefDevice->GetMapMode().GetMapUnit(),
"LayoutStrings: different MapUnits ?!?!" );
commit cb556f87ecc45a67f8c46dde140171f97b199f1b
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon May 2 21:17:06 2022 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 21:54:36 2022 +0200
ofz: Use-of-uninitialized-value
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133717
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit f248b99b6f7f93b5170b4c50d7827fa0dd23421e)
Change-Id: I9ca24a135494a49449aec63615b2d945a93e8b27
diff --git a/vcl/source/outdev/text.cxx b/vcl/source/outdev/text.cxx
index 0bb1d36fd35e..cea6f18410d1 100644
--- a/vcl/source/outdev/text.cxx
+++ b/vcl/source/outdev/text.cxx
@@ -1079,7 +1079,7 @@ void OutputDevice::GetCaretPositions( const OUString&
rStr, long* pCaretXArray,
for( i = 0; i < 2 * nLen; ++i )
if( pCaretXArray[ i ] >= 0 )
break;
- long nXPos = pCaretXArray[ i ];
+ long nXPos = (i < 2 * nLen) ? pCaretXArray[i] : -1;
for( i = 0; i < 2 * nLen; ++i )
{
if( pCaretXArray[ i ] >= 0 )
commit bada2f2beeb66cbf9253a3e60afd7d571f6e0b5b
Author: Xisco Fauli <xiscofa...@libreoffice.org>
AuthorDate: Tue Jul 5 15:51:21 2022 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Sep 22 13:13:03 2022 +0200
sfx2: fix null derefs of SfxViewFrame::Current()
See
https://crashreport.libreoffice.org/stats/signature/%60anonymous%20namespace'::lcl_tryLoadBibliography
Change-Id: I80d764c4bbcf0c5affa3386fbb11f5a79e98b699
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136767
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 54d40fef93f1194bf29440cf66a567c9fc612158)
diff --git a/sfx2/source/appl/appserv.cxx b/sfx2/source/appl/appserv.cxx
index 79554da59b88..96577e81f72d 100644
--- a/sfx2/source/appl/appserv.cxx
+++ b/sfx2/source/appl/appserv.cxx
@@ -228,8 +228,10 @@ namespace
SfxStringItem aURL(SID_FILE_NAME, ".component:Bibliography/View1");
SfxStringItem aRef(SID_REFERER, "private:user");
SfxStringItem aTarget(SID_TARGETNAME, "_blank");
- SfxViewFrame::Current()->GetDispatcher()->ExecuteList(SID_OPENDOC,
- SfxCallMode::ASYNCHRON, { &aURL, &aRef, &aTarget });
+ const SfxViewFrame* pViewFrame = SfxViewFrame::Current();
+ if ( pViewFrame )
+ pViewFrame->GetDispatcher()->ExecuteList(SID_OPENDOC,
+ SfxCallMode::ASYNCHRON, { &aURL, &aRef, &aTarget });
}
catch (const Exception &)
{
