To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=80954
------- Additional comments from [EMAIL PROTECTED] Wed Aug 22 21:02:50 +0000
2007 -------
sc-compressedarray-remove.diff fixes the previously described heap corruption.
The reason for the SIGABRT is that during the first Delete Rows command, there
is an ScCompressedArray<A,D>::Remove() invocation in which nStart == nIndex ==
0, causing this branch to be entered:
if ((nStart == 0 || (nIndex > 0 && nStart == pData[nIndex-1].nEnd+1)) &&
pData[nIndex].nEnd == nEnd && nIndex < nCount-1)
{
We then access an invalid array index when nIndex == 0:
if (pData[nIndex-1].aValue == pData[nIndex+1].aValue)
{
nRemove = 2;
--nIndex;
}
The above branch is executed if the uninitialized heap memory pData[-1].aValue
just happens to have a value matching pData[1].aValue, which results in heap
corruption during memmove() later (as nIndex is now -1):
memmove( pData + nIndex, pData + nIndex + nRemove, (nCount - (nIndex +
nRemove)) * sizeof(DataEntry));
---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
