sc/source/core/data/colorscale.cxx | 9 +++++++++ 1 file changed, 9 insertions(+)
New commits: commit 27b351f4ebac1c62535fea9b8c0e600f6b4560cf Author: Caolán McNamara <[email protected]> AuthorDate: Wed Oct 22 08:43:36 2025 +0100 Commit: Andras Timar <[email protected]> CommitDate: Wed Oct 22 11:14:44 2025 +0200 crash in GetPercentile with empty std::vector first arg /opt/collaboraoffice/program/../program/libsclo.so (anonymous namespace)::GetPercentile(std::vector<double, std::allocator<double> > const&, double) sc/source/core/data/colorscale.cxx:624 /opt/collaboraoffice/program/../program/libsclo.so __gnu_cxx::__normal_iterator<std::unique_ptr<ScColorScaleEntry, o3tl::default_delete<ScColorScaleEntry> > const*, std::vector<std::unique_ptr<ScColorScaleEntry, o3tl::default_delete<ScColorScaleEntry> >, std::allocator<std::unique_ptr<ScColorScaleEntry, o3tl::default_delete<ScColorScaleEntry> > > > >::operator*() const /opt/rh/devtoolset-12/root/usr/include/c++/12/bits/stl_iterator.h:1096 /opt/collaboraoffice/program/libscfiltlo.so ScHTMLExport::WriteCell(sc::ColumnBlockPosition&, short, int, short) sc/source/filter/html/htmlexp.cxx:923 /opt/collaboraoffice/program/libscfiltlo.so ScHTMLExport::WriteTables() sc/source/filter/html/htmlexp.cxx:864 /opt/collaboraoffice/program/libscfiltlo.so ScHTMLExport::WriteBody() sc/source/filter/html/htmlexp.cxx:699 /opt/collaboraoffice/program/libscfiltlo.so ScHTMLExport::Write() sc/source/filter/html/htmlexp.cxx:313 /opt/collaboraoffice/program/libscfiltlo.so rtl::OUString::operator=(rtl::OUString const&) include/rtl/ustring.hxx:586 /opt/collaboraoffice/program/../program/libsclo.so ErrCode::IgnoreWarning() const include/comphelper/errcode.hxx:102 (discriminator 1) /opt/collaboraoffice/program/../program/libsclo.so rtl::OUString::~OUString() include/rtl/ustring.hxx:546 /opt/collaboraoffice/program/libmergedlo.so TransferableHelper::SetObject(void*, unsigned int, com::sun::star::datatransfer::DataFlavor const&) vcl/source/treelist/transfer.cxx:912 (discriminator 1) /opt/collaboraoffice/program/../program/libsclo.so ScTransferObj::GetData(com::sun::star::datatransfer::DataFlavor const&, rtl::OUString const&) sc/source/ui/app/transobj.cxx:395 ScColorScaleFormat::CalcValue is optimized out, but it has to be case COLORSCALE_PERCENTILE and getValues() must return an empty vector Change-Id: I2cf09f19edcb5f30c82eca02e2a0fe95e86c78db Reviewed-on: https://gerrit.libreoffice.org/c/core/+/192823 Reviewed-by: Miklos Vajna <[email protected]> Tested-by: Jenkins CollaboraOffice <[email protected]> (cherry picked from commit 1e280e30a88e9b7840c0bcfe3ac38b375879fec4) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/192829 Reviewed-by: Andras Timar <[email protected]> Tested-by: Andras Timar <[email protected]> diff --git a/sc/source/core/data/colorscale.cxx b/sc/source/core/data/colorscale.cxx index 0947971a73ee..e947857b7497 100644 --- a/sc/source/core/data/colorscale.cxx +++ b/sc/source/core/data/colorscale.cxx @@ -682,6 +682,15 @@ std::optional<Color> ScColorScaleFormat::GetColor( const ScAddress& rAddr ) cons return std::optional<Color>(); ScColorScaleEntries::const_iterator itr = begin(); + + // CalcValue will call GetPercentile for COLORSCALE_PERCENTILE. An empty + // getValues() is invalid for COLORSCALE_PERCENTILE. + if ((*itr)->GetType() == COLORSCALE_PERCENTILE && getValues().empty()) + { + SAL_WARN("sc", "empty COLORSCALE_PERCENTILE"); + return std::optional<Color>(); + } + double nValMin = CalcValue(nMin, nMax, itr); Color rColMin = (*itr)->GetColor(); ++itr;
