[Libreoffice-bugs] [Bug 72293] EDITING: Crash after a second deleting of rows in the sample file.

Fri, 10 Jan 2014 16:39:57 -0800 

https://bugs.freedesktop.org/show_bug.cgi?id=72293

Julien Nabet <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[email protected],
                   |                            |[email protected],
                   |                            |markus.mohrhard@googlemail.
                   |                            |com, [email protected]

--- Comment #5 from Julien Nabet <[email protected]> ---
I gave a try with 4.2, I reproduced the exact crash of Terrence.
Here's the first pb:
http://opengrok.libreoffice.org/xref/core/sc/source/core/data/column.cxx#2384
   2384         for (; it != itEnd; ++it)
   2385         {
   2386             const ScFormulaCell& rCell = **it;
   2387             if (!rCell.IsShared())
   2388                 continue;
   2389 
   2390             if (rCell.IsSharedTop())
   2391             {
   2392                 // Check its tokens and record its reference
boundaries.
   2393                 const ScTokenArray& rCode = *rCell.GetCode();
   2394                 rCode.CheckRelativeReferenceBounds(
   2395                     mrCxt, rCell.aPos, rCell.GetSharedLength(),
mrBounds);
   2396 
   2397                 // Move to the last cell in the group, to get
incremented to
   2398                 // the next cell in the next iteration.
   2399                 size_t nOffsetToLast = rCell.GetSharedLength() - 1;
   2400                 std::advance(it, nOffsetToLast);
   2401             }
   2402         }
after line 2400 if it == itEnd, line 2384 increases again and past the end.

After checking this one by using std::distance(it, itEnd) and nOffsetToLast
I had another crash here:
http://opengrok.libreoffice.org/xref/core/sc/source/core/tool/sharedformula.cxx#71
     70     sc::formula_block::iterator itEnd = it;
     71     std::advance(itEnd, nLength2);
No check here before using advance

After a check, I got a third crash
http://opengrok.libreoffice.org/xref/core/sc/source/core/data/column3.cxx#2772
   2771                     sc::formula_block::iterator itGrpEnd = it;
   2772                     std::advance(itGrpEnd, xCurGrp->mnLength);

I stopped here.

I used Opengrok to show lines corresponding with master sources but it's almost
the same with 4.2 sources for these issues.

Kohei/Markus/Eike: any idea to make std::advance safer?

-- 
You are receiving this mail because:
You are the assignee for the bug.

_______________________________________________
Libreoffice-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

Reply via email to