sc/source/core/data/dpoutput.cxx | 54 ++++++++++++++++++++++++++++++---------
1 file changed, 42 insertions(+), 12 deletions(-)
New commits:
commit 8bd3be9915ff28458d010fc8f0a1a1ab66d730b0
Author: Eike Rathke <er...@redhat.com>
Date: Thu Apr 11 16:50:15 2013 +0200
prevent vector and sequence out of bounds access, fdo#60300
This fixes the symptom of the crash but not the underlying cause why a
subtotal count would be wrong.
Change-Id: I3782b5e39f18bc65ffe510b847ffa7969a26cd37
diff --git a/sc/source/core/data/dpoutput.cxx b/sc/source/core/data/dpoutput.cxx
index 4964a21..b12edc5 100644
--- a/sc/source/core/data/dpoutput.cxx
+++ b/sc/source/core/data/dpoutput.cxx
@@ -1697,11 +1697,19 @@ void lcl_FilterInclude( std::vector<bool>& rResult,
std::vector< sal_Int32 >& rS
{
// grand total is always automatic
sal_Int32 nDataPos = j - ( nSize - nGrandTotals );
- OSL_ENSURE( nDataPos < (sal_Int32)rDataNames.size(),
"wrong data count" );
- OUString aSourceName( rDataNames[nDataPos] ); //
vector contains source names
- OUString aGivenName( rGivenNames[nDataPos] );
+ if (nDataPos >= 0 && nDataPos <
(sal_Int32)rDataNames.size() &&
+ nDataPos < (sal_Int32)rGivenNames.size())
+ {
+ OUString aSourceName( rDataNames[nDataPos] ); //
vector contains source names
+ OUString aGivenName( rGivenNames[nDataPos] );
- rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName,
aGivenName );
+ rResult[j] = lcl_IsNamedDataField( rTarget,
aSourceName, aGivenName );
+ }
+ else
+ {
+ OSL_FAIL( "wrong data count for grand total" );
+ rResult[j] = false;
+ }
}
}
@@ -1737,27 +1745,49 @@ void lcl_FilterInclude( std::vector<bool>& rResult,
std::vector< sal_Int32 >& rS
OUString aSourceName( rDataNames[nDataPos] );
// vector contains source names
OUString aGivenName( rGivenNames[nDataPos] );
- OSL_ENSURE( nFuncPos < aSubTotals.getLength(), "wrong
subtotal count" );
- rResult[j] = lcl_IsNamedDataField( rTarget,
aSourceName, aGivenName ) &&
+ if (nFuncPos < aSubTotals.getLength())
+ {
+ rResult[j] = lcl_IsNamedDataField( rTarget,
aSourceName, aGivenName ) &&
aSubTotals[nFuncPos] ==
aFilter.meFunction;
+ }
+ else
+ {
+ OSL_FAIL( "wrong subtotal count for manual
subtotals and several data fields" );
+ rResult[j] = false;
+ }
}
else
{
// manual subtotals for a single data field
- OSL_ENSURE( nSubTotalCount < aSubTotals.getLength(),
"wrong subtotal count" );
- rResult[j] = ( aSubTotals[nSubTotalCount] ==
aFilter.meFunction );
+ if (nSubTotalCount < aSubTotals.getLength())
+ {
+ rResult[j] = ( aSubTotals[nSubTotalCount] ==
aFilter.meFunction );
+ }
+ else
+ {
+ OSL_FAIL( "wrong subtotal count for manual
subtotals for a single data field" );
+ rResult[j] = false;
+ }
}
}
else // automatic subtotals
{
if ( rBeforeDataLayout )
{
- OSL_ENSURE( nSubTotalCount <
(sal_Int32)rDataNames.size(), "wrong data count" );
- OUString aSourceName( rDataNames[nSubTotalCount] );
// vector contains source names
- OUString aGivenName( rGivenNames[nSubTotalCount] );
+ if (nSubTotalCount < (sal_Int32)rDataNames.size() &&
+ nSubTotalCount < (sal_Int32)rGivenNames.size())
+ {
+ OUString aSourceName( rDataNames[nSubTotalCount]
); // vector contains source names
+ OUString aGivenName( rGivenNames[nSubTotalCount] );
- rResult[j] = lcl_IsNamedDataField( rTarget,
aSourceName, aGivenName );
+ rResult[j] = lcl_IsNamedDataField( rTarget,
aSourceName, aGivenName );
+ }
+ else
+ {
+ OSL_FAIL( "wrong data count for automatic
subtotals" );
+ rResult[j] = false;
+ }
}
// if a function was specified, automatic subtotals never
match
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
