svl/source/numbers/zforlist.cxx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
New commits: commit 5dc9d944f1d88881b65660a5a2c347f29b99bf72 Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Thu Aug 19 21:32:48 2021 +0100 Commit: Caolán McNamara <caol...@redhat.com> CommitDate: Fri Aug 20 10:30:36 2021 +0200 msan: MemorySanitizer: use-of-uninitialized-value nCheckPos is always set to something, but for nCheckPos != 0 nType might be left uninitialized, so test nCheckPos == 0 before nType seen in ooo76602-1.slk and ooo10703-1.html with distro-configs/LibreOfficeOssFuzz.conf ==623515==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x59600b4 in SvNumberFormatter::PutandConvertEntry(rtl::OUString&, int&, SvNumFormatType&, unsigned int&, o3tl::strong_int<unsigned short, LanguageTypeTag>, o3tl::strong_int<unsigned short, LanguageTypeTag>, bool, bool) svl/source/numbers/zforlist.cxx:658:72 #1 0x8c7f72 in ScImportExport::Sylk2Doc(SvStream&) sc/source/ui/docshell/impex.cxx:2130:48 #2 0x8bcb26 in ScImportExport::ImportStream(SvStream&, rtl::OUString const&, SotClipboardFormatId) sc/source/ui/docshell/impex.cxx:392:13 #3 0x650f4b in TestImportSLK sc/source/ui/docshell/docsh.cxx:3360:19 #4 0x6055a7 in LLVMFuzzerTestOneInput vcl/workben/slkfuzzer.cxx:87:11 #5 0x555b53 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/out/slkfuzzer+0x555b53) #6 0x541622 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6 #7 0x54722e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/out/slkfuzzer+0x54722e) #8 0x56fa82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #9 0x7fbd8b65ebf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6) #10 0x51cc49 in _start (/out/slkfuzzer+0x51cc49) Uninitialized value was created by an allocation of 'nType' in the stack frame of function '_ZN14ScImportExport8Sylk2DocER8SvStream' #0 0x8c27c0 in ScImportExport::Sylk2Doc(SvStream&) sc/source/ui/docshell/impex.cxx:1837 Change-Id: I0422ca34827319d1e35d453606a7afe6a9de3840 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120762 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> diff --git a/svl/source/numbers/zforlist.cxx b/svl/source/numbers/zforlist.cxx index 0d7c2d36eba1..6ef3dddcd016 100644 --- a/svl/source/numbers/zforlist.cxx +++ b/svl/source/numbers/zforlist.cxx @@ -652,7 +652,7 @@ bool SvNumberFormatter::PutandConvertEntry(OUString& rString, bRes = PutEntry(rString, nCheckPos, nType, nKey, eLnge, bReplaceBooleanEquivalent); pFormatScanner->SetConvertMode(false); - if (bReplaceBooleanEquivalent && nType == SvNumFormatType::DEFINED && nCheckPos == 0 + if (bReplaceBooleanEquivalent && nCheckPos == 0 && nType == SvNumFormatType::DEFINED && nKey != NUMBERFORMAT_ENTRY_NOT_FOUND) { // The boolean string formats are always "user defined" without any