sc/source/core/data/dpoutput.cxx | 54 ++++++++++++++++++++++++++++++---------
1 file changed, 42 insertions(+), 12 deletions(-)
New commits:
commit e58a8b6d7dc1b01af9f54bec8fdce718b1d8bccd
Author: Eike Rathke <er...@redhat.com>
Date: Thu Apr 11 16:50:15 2013 +0200
prevent vector and sequence out of bounds access, fdo#60300
This fixes the symptom of the crash but not the underlying cause why a
subtotal count would be wrong.
(cherry picked from commit 8bd3be9915ff28458d010fc8f0a1a1ab66d730b0)
Conflicts:
sc/source/core/data/dpoutput.cxx
Change-Id: I3782b5e39f18bc65ffe510b847ffa7969a26cd37
Reviewed-on: https://gerrit.libreoffice.org/3340
Reviewed-by: Kohei Yoshida <kohei.yosh...@gmail.com>
Tested-by: Kohei Yoshida <kohei.yosh...@gmail.com>
diff --git a/sc/source/core/data/dpoutput.cxx b/sc/source/core/data/dpoutput.cxx
index a59fc77..72fe4de 100644
--- a/sc/source/core/data/dpoutput.cxx
+++ b/sc/source/core/data/dpoutput.cxx
@@ -1707,11 +1707,19 @@ void lcl_FilterInclude( std::vector<bool>& rResult,
std::vector< sal_Int32 >& rS
{
// grand total is always automatic
sal_Int32 nDataPos = j - ( nSize - nGrandTotals );
- OSL_ENSURE( nDataPos < (sal_Int32)rDataNames.size(),
"wrong data count" );
- rtl::OUString aSourceName( rDataNames[nDataPos] ); //
vector contains source names
- rtl::OUString aGivenName( rGivenNames[nDataPos] );
+ if (nDataPos >= 0 && nDataPos <
(sal_Int32)rDataNames.size() &&
+ nDataPos < (sal_Int32)rGivenNames.size())
+ {
+ OUString aSourceName( rDataNames[nDataPos] ); //
vector contains source names
+ OUString aGivenName( rGivenNames[nDataPos] );
- rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName,
aGivenName );
+ rResult[j] = lcl_IsNamedDataField( rTarget,
aSourceName, aGivenName );
+ }
+ else
+ {
+ OSL_FAIL( "wrong data count for grand total" );
+ rResult[j] = false;
+ }
}
}
@@ -1747,27 +1755,49 @@ void lcl_FilterInclude( std::vector<bool>& rResult,
std::vector< sal_Int32 >& rS
rtl::OUString aSourceName( rDataNames[nDataPos] );
// vector contains source names
rtl::OUString aGivenName( rGivenNames[nDataPos] );
- OSL_ENSURE( nFuncPos < aSubTotals.getLength(), "wrong
subtotal count" );
- rResult[j] = lcl_IsNamedDataField( rTarget,
aSourceName, aGivenName ) &&
+ if (nFuncPos < aSubTotals.getLength())
+ {
+ rResult[j] = lcl_IsNamedDataField( rTarget,
aSourceName, aGivenName ) &&
aSubTotals[nFuncPos] ==
aFilter.meFunction;
+ }
+ else
+ {
+ OSL_FAIL( "wrong subtotal count for manual
subtotals and several data fields" );
+ rResult[j] = false;
+ }
}
else
{
// manual subtotals for a single data field
- OSL_ENSURE( nSubTotalCount < aSubTotals.getLength(),
"wrong subtotal count" );
- rResult[j] = ( aSubTotals[nSubTotalCount] ==
aFilter.meFunction );
+ if (nSubTotalCount < aSubTotals.getLength())
+ {
+ rResult[j] = ( aSubTotals[nSubTotalCount] ==
aFilter.meFunction );
+ }
+ else
+ {
+ OSL_FAIL( "wrong subtotal count for manual
subtotals for a single data field" );
+ rResult[j] = false;
+ }
}
}
else // automatic subtotals
{
if ( rBeforeDataLayout )
{
- OSL_ENSURE( nSubTotalCount <
(sal_Int32)rDataNames.size(), "wrong data count" );
- rtl::OUString aSourceName( rDataNames[nSubTotalCount]
); // vector contains source names
- rtl::OUString aGivenName( rGivenNames[nSubTotalCount]
);
+ if (nSubTotalCount < (sal_Int32)rDataNames.size() &&
+ nSubTotalCount < (sal_Int32)rGivenNames.size())
+ {
+ OUString aSourceName( rDataNames[nSubTotalCount]
); // vector contains source names
+ OUString aGivenName( rGivenNames[nSubTotalCount] );
- rResult[j] = lcl_IsNamedDataField( rTarget,
aSourceName, aGivenName );
+ rResult[j] = lcl_IsNamedDataField( rTarget,
aSourceName, aGivenName );
+ }
+ else
+ {
+ OSL_FAIL( "wrong data count for automatic
subtotals" );
+ rResult[j] = false;
+ }
}
// if a function was specified, automatic subtotals never
match
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
