svl/source/numbers/zforlist.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 5dc9d944f1d88881b65660a5a2c347f29b99bf72
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Aug 19 21:32:48 2021 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Fri Aug 20 10:30:36 2021 +0200
msan: MemorySanitizer: use-of-uninitialized-value
nCheckPos is always set to something, but for nCheckPos != 0 nType might
be left uninitialized, so test nCheckPos == 0 before nType
seen in ooo76602-1.slk and ooo10703-1.html with
distro-configs/LibreOfficeOssFuzz.conf
==623515==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x59600b4 in SvNumberFormatter::PutandConvertEntry(rtl::OUString&,
int&, SvNumFormatType&, unsigned int&, o3tl::strong_int<unsigned short,
LanguageTypeTag>, o3tl::strong_int<unsigned short, LanguageTypeTag>, bool,
bool) svl/source/numbers/zforlist.cxx:658:72
#1 0x8c7f72 in ScImportExport::Sylk2Doc(SvStream&)
sc/source/ui/docshell/impex.cxx:2130:48
#2 0x8bcb26 in ScImportExport::ImportStream(SvStream&, rtl::OUString
const&, SotClipboardFormatId) sc/source/ui/docshell/impex.cxx:392:13
#3 0x650f4b in TestImportSLK sc/source/ui/docshell/docsh.cxx:3360:19
#4 0x6055a7 in LLVMFuzzerTestOneInput vcl/workben/slkfuzzer.cxx:87:11
#5 0x555b53 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*,
unsigned long) (/out/slkfuzzer+0x555b53)
#6 0x541622 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*,
unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
#7 0x54722e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned
char const*, unsigned long)) (/out/slkfuzzer+0x54722e)
#8 0x56fa82 in main
/src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#9 0x7fbd8b65ebf6 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#10 0x51cc49 in _start (/out/slkfuzzer+0x51cc49)
Uninitialized value was created by an allocation of 'nType' in the stack
frame of function '_ZN14ScImportExport8Sylk2DocER8SvStream'
#0 0x8c27c0 in ScImportExport::Sylk2Doc(SvStream&)
sc/source/ui/docshell/impex.cxx:1837
Change-Id: I0422ca34827319d1e35d453606a7afe6a9de3840
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120762
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/svl/source/numbers/zforlist.cxx b/svl/source/numbers/zforlist.cxx
index 0d7c2d36eba1..6ef3dddcd016 100644
--- a/svl/source/numbers/zforlist.cxx
+++ b/svl/source/numbers/zforlist.cxx
@@ -652,7 +652,7 @@ bool SvNumberFormatter::PutandConvertEntry(OUString&
rString,
bRes = PutEntry(rString, nCheckPos, nType, nKey, eLnge,
bReplaceBooleanEquivalent);
pFormatScanner->SetConvertMode(false);
- if (bReplaceBooleanEquivalent && nType == SvNumFormatType::DEFINED &&
nCheckPos == 0
+ if (bReplaceBooleanEquivalent && nCheckPos == 0 && nType ==
SvNumFormatType::DEFINED
&& nKey != NUMBERFORMAT_ENTRY_NOT_FOUND)
{
// The boolean string formats are always "user defined" without any
