sc/inc/document.hxx | 5 +++++
sc/qa/extras/scpdfexport.cxx | 14 ++++++++++++++
sc/qa/extras/testdocuments/forcepoint97.xlsx |binary
sc/source/core/data/documen2.cxx | 1 +
sc/source/core/data/formulacell.cxx | 3 ++-
sc/source/ui/view/output2.cxx | 7 +++++++
6 files changed, 29 insertions(+), 1 deletion(-)
New commits:
commit 0181f557b35eab1a96beb86736e5f76dbb0182e7
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Fri Apr 1 15:08:09 2022 +0100
Commit: Eike Rathke <er...@redhat.com>
CommitDate: Mon May 16 15:40:27 2022 +0200
forcepoint#97 avoid Invalid read of size 2
==143282== Invalid read of size 2
==143282== at 0x190CDBFC: SfxItemSet::Count() const (itemset.hxx:96)
==143282== by 0x1910F33E: SfxItemSet::Get(unsigned short, bool) const
(itemset.cxx:748)
==143282== by 0x1F14D76C: ScPatternAttr::GetItem(unsigned short,
SfxItemSet const&, SfxItemSet const*) (patattr.cxx:1347)
==143282== by 0x1F14D7DA: ScPatternAttr::GetItem(unsigned short,
SfxItemSet const*) const (patattr.cxx:1352)
==143282== by 0x202A3E44: ScLineBreakCell const&
ScPatternAttr::GetItem<ScLineBreakCell>(TypedWhichId<ScLineBreakCell>,
SfxItemSet const*) const (patattr.hxx:83)
==143282== by 0x2028E8BC: ScOutputData::LayoutStrings(bool, bool,
ScAddress const&) (output2.cxx:1677)
==143282== by 0x2028D4A8: ScOutputData::DrawStrings(bool)
(output2.cxx:1473)
==143282== by 0x202D9879: ScPrintFunc::PrintArea(short, int, short,
int, long, long, bool, bool, bool, bool) (printfun.cxx:1675)
==143282== by 0x202DD459: ScPrintFunc::PrintPage(long, short, int,
short, int, bool, ScPreviewLocationData*) (printfun.cxx:2301)
==143282== by 0x202DF491: ScPrintFunc::DoPrint(MultiSelection const&,
long, long, bool, ScPreviewLocationData*) (printfun.cxx:2713)
==143282== by 0x20031888: ScModelObj::render(int,
com::sun::star::uno::Any const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(docuno.cxx:2259)
==143282== by 0x30C1A485: PDFExport::ExportSelection(vcl::PDFWriter&,
com::sun::star::uno::Reference<com::sun::star::view::XRenderable> const&,
com::sun::star::uno::Any const&, StringRangeEnumerator const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&, int)
(pdfexport.cxx:219)
==143282== by 0x30C1F879: PDFExport::Export(rtl::OUString const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(pdfexport.cxx:987)
==143282== by 0x30C33BA2:
PDFFilter::implExport(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) (pdffilter.cxx:174)
==143282== by 0x30C33F2A:
PDFFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) (pdffilter.cxx:237)
==143282== by 0x21AC6986: SfxObjectShell::ExportTo(SfxMedium&)
(objstor.cxx:2488)
==143282== by 0x21AC2363: SfxObjectShell::SaveTo_Impl(SfxMedium&,
SfxItemSet const*) (objstor.cxx:1553)
==143282== by 0x21ACE816:
SfxObjectShell::PreDoSaveAs_Impl(rtl::OUString const&, rtl::OUString const&,
SfxItemSet const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(objstor.cxx:2966)
==143282== by 0x21ACCA87:
SfxObjectShell::CommonSaveAs_Impl(INetURLObject const&, rtl::OUString const&,
SfxItemSet&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(objstor.cxx:2756)
==143282== by 0x21AA8CDB: SfxObjectShell::APISaveAs_Impl(rtl::OUString
const&, SfxItemSet&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(objserv.cxx:317)
==143282== by 0x21B2B4AD: SfxBaseModel::impl_store(rtl::OUString
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&, bool) (sfxbasemodel.cxx:3132)
==143282== by 0x21B2CB12: SfxBaseModel::storeToURL(rtl::OUString
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) (sfxbasemodel.cxx:1768)
==143282== by 0x1C507AFE:
ScPDFExportTest::exportToPDF(com::sun::star::uno::Reference<com::sun::star::frame::XModel>
const&, ScRange const&) (scpdfexport.cxx:192)
==143282== by 0x1C511A33: ScPDFExportTest::testForcepoint97()
(scpdfexport.cxx:571)
==143282== by 0x1C52778D: void std::__invoke_impl<void, void
(ScPDFExportTest::*&)(), ScPDFExportTest*&>(std::__invoke_memfun_deref, void
(ScPDFExportTest::*&)(), ScPDFExportTest*&) (invoke.h:74)
==143282== by 0x1C5276C1: std::__invoke_result<void
(ScPDFExportTest::*&)(), ScPDFExportTest*&>::type std::__invoke<void
(ScPDFExportTest::*&)(), ScPDFExportTest*&>(void (ScPDFExportTest::*&)(),
ScPDFExportTest*&) (invoke.h:96)
==143282== by 0x1C527659: void std::_Bind<void
(ScPDFExportTest::*(ScPDFExportTest*))()>::__call<void, , 0ul>(std::tuple<>&&,
std::_Index_tuple<0ul>) (functional:420)
==143282== by 0x1C5275E2: void std::_Bind<void
(ScPDFExportTest::*(ScPDFExportTest*))()>::operator()<, void>() (functional:503)
==143282== by 0x1C52758C: void std::__invoke_impl<void, std::_Bind<void
(ScPDFExportTest::*(ScPDFExportTest*))()>&>(std::__invoke_other,
std::_Bind<void (ScPDFExportTest::*(ScPDFExportTest*))()>&) (invoke.h:61)
==143282== by 0x1C52753C: std::enable_if<is_invocable_r_v<void,
std::_Bind<void (ScPDFExportTest::*(ScPDFExportTest*))()>&>, void>::type
std::__invoke_r<void, std::_Bind<void
(ScPDFExportTest::*(ScPDFExportTest*))()>&>(std::_Bind<void
(ScPDFExportTest::*(ScPDFExportTest*))()>&) (invoke.h:111)
==143282== by 0x1C52731C: std::_Function_handler<void (),
std::_Bind<void (ScPDFExportTest::*(ScPDFExportTest*))()>
>::_M_invoke(std::_Any_data const&) (std_function.h:290)
==143282== by 0x1C527A34: std::function<void ()>::operator()() const
(std_function.h:590)
==143282== by 0x1C527078:
CppUnit::TestCaller<ScPDFExportTest>::runTest() (TestCaller.h:175)
==143282== by 0x49326F2: CppUnit::TestCaseMethodFunctor::operator()()
const (TestCase.cpp:32)
==143282== by 0x15937E3D: (anonymous
namespace)::Protector::protect(CppUnit::Functor const&,
CppUnit::ProtectorContext const&) (vclbootstrapprotector.cxx:46)
==143282== by 0x4929ED1:
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
(ProtectorChain.cpp:20)
==143282== by 0x4B05D6D: (anonymous
namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext
const&) (unobootstrapprotector.cxx:78)
==143282== by 0x4929ED1:
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
(ProtectorChain.cpp:20)
==143282== by 0x4AF2F2A: (anonymous
namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext
const&) (unoexceptionprotector.cxx:62)
==143282== by 0x4929ED1:
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
(ProtectorChain.cpp:20)
==143282== by 0x491261E:
CppUnit::DefaultProtector::protect(CppUnit::Functor const&,
CppUnit::ProtectorContext const&) (DefaultProtector.cpp:15)
==143282== by 0x4929ED1:
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
(ProtectorChain.cpp:20)
==143282== by 0x4928690:
CppUnit::ProtectorChain::protect(CppUnit::Functor const&,
CppUnit::ProtectorContext const&) (ProtectorChain.cpp:86)
==143282== by 0x4946ACD: CppUnit::TestResult::protect(CppUnit::Functor
const&, CppUnit::Test*, std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&) (TestResult.cpp:182)
==143282== by 0x4932103: CppUnit::TestCase::run(CppUnit::TestResult*)
(TestCase.cpp:91)
==143282== by 0x4932BCF:
CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*)
(TestComposite.cpp:64)
==143282== by 0x4932A5F:
CppUnit::TestComposite::run(CppUnit::TestResult*) (TestComposite.cpp:23)
==143282== by 0x4932BCF:
CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*)
(TestComposite.cpp:64)
==143282== by 0x4932A5F:
CppUnit::TestComposite::run(CppUnit::TestResult*) (TestComposite.cpp:23)
==143282== by 0x494FDBF:
CppUnit::TestRunner::WrappingSuite::run(CppUnit::TestResult*)
(TestRunner.cpp:47)
==143282== Address 0x1d7624b0 is 64 bytes inside a block of size 120
free'd
==143282== at 0x4847669: operator delete(void*)
(vg_replace_malloc.c:923)
==143282== by 0x1F150EA1: ScPatternAttr::~ScPatternAttr()
(patattr.hxx:53)
==143282== by 0x190D29B2: SfxItemPool::Remove(SfxPoolItem const&)
(itempool.cxx:802)
==143282== by 0x1EA27F8E: ScAttrArray::SetPatternAreaImpl(int, int,
ScPatternAttr const*, bool, ScEditDataArray*, bool) (attarray.cxx:574)
==143282== by 0x1EBF43D5: ScAttrArray::SetPattern(int, ScPatternAttr
const*, bool) (attarray.hxx:148)
==143282== by 0x1EBD9068: ScColumn::ApplyAttr(int, SfxPoolItem const&)
(column.cxx:634)
==143282== by 0x1EC6C1EB: ScColumn::SetNumberFormat(int, unsigned int)
(column2.cxx:3094)
==143282== by 0x1F1CB737: ScTable::SetNumberFormat(short, int, unsigned
int) (table2.cxx:2238)
==143282== by 0x1EE3F135: ScDocument::SetNumberFormat(ScAddress const&,
unsigned int) (document.cxx:3717)
==143282== by 0x1F09CCA5:
ScFormulaCell::InterpretTail(ScInterpreterContext&,
ScFormulaCell::ScInterpretTailParameter) (formulacell.cxx:2155)
==143282== by 0x1F099D9F: ScFormulaCell::Interpret(int, int)
(formulacell.cxx:1615)
==143282== by 0x1ECC048D: ScFormulaCell::MaybeInterpret()
(formulacell.hxx:465)
==143282== by 0x1F09F5C8: ScFormulaCell::IsValue()
(formulacell.cxx:2760)
==143282== by 0x1EA82355: (anonymous
namespace)::hasNumericImpl(CellType, ScFormulaCell*) (cellvalue.cxx:155)
==143282== by 0x1EA822FA: ScRefCellValue::hasNumeric() const
(cellvalue.cxx:624)
==143282== by 0x2028E876: ScOutputData::LayoutStrings(bool, bool,
ScAddress const&) (output2.cxx:1676)
==143282== by 0x2028D4A8: ScOutputData::DrawStrings(bool)
(output2.cxx:1473)
==143282== by 0x202D9879: ScPrintFunc::PrintArea(short, int, short,
int, long, long, bool, bool, bool, bool) (printfun.cxx:1675)
==143282== by 0x202DD459: ScPrintFunc::PrintPage(long, short, int,
short, int, bool, ScPreviewLocationData*) (printfun.cxx:2301)
==143282== by 0x202DF491: ScPrintFunc::DoPrint(MultiSelection const&,
long, long, bool, ScPreviewLocationData*) (printfun.cxx:2713)
==143282== by 0x20031888: ScModelObj::render(int,
com::sun::star::uno::Any const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
(docuno.cxx:2259)
==143282== by 0x30C1A485: PDFExport::ExportSelection(vcl::PDFWriter&,
com::sun::star::uno::Reference<com::sun::star::view::XRenderable> const&,
com::sun::star::uno::Any const&, StringRangeEnumerator const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&, int)
(pdfexport.cxx:219)
Change-Id: Idf19b79f5aef7e07666249f5f9ec510003a3f886
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132431
Tested-by: Jenkins
Reviewed-by: Eike Rathke <er...@redhat.com>
diff --git a/sc/inc/document.hxx b/sc/inc/document.hxx
index 718079f9cf5f..59606dd6db38 100644
--- a/sc/inc/document.hxx
+++ b/sc/inc/document.hxx
@@ -569,6 +569,8 @@ private:
bool mbFinalTrackFormulas : 1;
// This indicates if a ScDocShell::DoRecalc() or
ScDocShell::DoHardRecalc() is in progress.
bool mbDocShellRecalc : 1;
+ // This indicates if a ScOutputData::LayoutStrings() is in progress.
+ bool mbLayoutStrings : 1;
size_t mnMutationGuardFlags;
@@ -2624,6 +2626,9 @@ public:
bool IsInDocShellRecalc() const { return mbDocShellRecalc; }
void SetDocShellRecalc(bool bSet) { mbDocShellRecalc = bSet; }
+ bool IsInLayoutStrings() const { return mbLayoutStrings; }
+ void SetLayoutStrings(bool bSet) { mbLayoutStrings = bSet; }
+
/**
* Serializes the specified sheet's geometry data.
*
diff --git a/sc/qa/extras/scpdfexport.cxx b/sc/qa/extras/scpdfexport.cxx
index 63ed2120c985..20edc99646ed 100644
--- a/sc/qa/extras/scpdfexport.cxx
+++ b/sc/qa/extras/scpdfexport.cxx
@@ -71,6 +71,7 @@ public:
void testTdf143978();
void testTdf84012();
void testTdf78897();
+ void testForcepoint97();
CPPUNIT_TEST_SUITE(ScPDFExportTest);
CPPUNIT_TEST(testExportRange_Tdf120161);
@@ -80,6 +81,7 @@ public:
CPPUNIT_TEST(testTdf143978);
CPPUNIT_TEST(testTdf84012);
CPPUNIT_TEST(testTdf78897);
+ CPPUNIT_TEST(testForcepoint97);
CPPUNIT_TEST_SUITE_END();
};
@@ -558,6 +560,18 @@ void ScPDFExportTest::testTdf78897()
CPPUNIT_ASSERT_EQUAL(OUString(" 11.00 11.00 "), aActualText);
}
+// just needs to not crash on export to pdf
+void ScPDFExportTest::testForcepoint97()
+{
+ mxComponent = loadFromDesktop(m_directories.getURLFromSrc(DATA_DIRECTORY)
+ "forcepoint97.xlsx",
+ "com.sun.star.sheet.SpreadsheetDocument");
+ uno::Reference<frame::XModel> xModel(mxComponent, uno::UNO_QUERY);
+
+ // A1:H81
+ ScRange range1(0, 0, 0, 7, 81, 0);
+ std::shared_ptr<utl::TempFile> pPDFFile = exportToPDF(xModel, range1);
+}
+
CPPUNIT_TEST_SUITE_REGISTRATION(ScPDFExportTest);
CPPUNIT_PLUGIN_IMPLEMENT();
diff --git a/sc/qa/extras/testdocuments/forcepoint97.xlsx
b/sc/qa/extras/testdocuments/forcepoint97.xlsx
new file mode 100644
index 000000000000..152fbbc45a9f
Binary files /dev/null and b/sc/qa/extras/testdocuments/forcepoint97.xlsx differ
diff --git a/sc/source/core/data/documen2.cxx b/sc/source/core/data/documen2.cxx
index 83137e93ac37..bcdbd9b586e9 100644
--- a/sc/source/core/data/documen2.cxx
+++ b/sc/source/core/data/documen2.cxx
@@ -190,6 +190,7 @@ ScDocument::ScDocument( ScDocumentMode eMode,
SfxObjectShell* pDocShell ) :
mbTrackFormulasPending(false),
mbFinalTrackFormulas(false),
mbDocShellRecalc(false),
+ mbLayoutStrings(false),
mnMutationGuardFlags(0)
{
maPreviewSelection = { *mxSheetLimits };
diff --git a/sc/source/core/data/formulacell.cxx
b/sc/source/core/data/formulacell.cxx
index e8ee8682df60..404abe0988cc 100644
--- a/sc/source/core/data/formulacell.cxx
+++ b/sc/source/core/data/formulacell.cxx
@@ -2148,7 +2148,8 @@ void ScFormulaCell::InterpretTail( ScInterpreterContext&
rContext, ScInterpretTa
// XXX if mbNeedsNumberFormat was set even if the current format
// was not General then we'd have to obtain the current format here
// and check at least the types.
- if (bSetFormat && (bForceNumberFormat || ((nFormatIndex %
SV_COUNTRY_LANGUAGE_OFFSET) != 0)))
+ const bool bSetNumberFormat = bSetFormat && (bForceNumberFormat ||
((nFormatIndex % SV_COUNTRY_LANGUAGE_OFFSET) != 0));
+ if (bSetNumberFormat && !rDocument.IsInLayoutStrings())
{
// set number format explicitly
if (!rDocument.IsThreadedGroupCalcInProgress())
diff --git a/sc/source/ui/view/output2.cxx b/sc/source/ui/view/output2.cxx
index 3fbd8eab65e9..55291b388514 100644
--- a/sc/source/ui/view/output2.cxx
+++ b/sc/source/ui/view/output2.cxx
@@ -75,6 +75,7 @@
#include <scopetools.hxx>
#include <com/sun/star/i18n/DirectionProperty.hpp>
+#include <comphelper/scopeguard.hxx>
#include <comphelper/string.hxx>
#include <memory>
@@ -1472,6 +1473,12 @@ void ScOutputData::DrawStrings( bool bPixelToLogic )
tools::Rectangle ScOutputData::LayoutStrings(bool bPixelToLogic, bool bPaint,
const ScAddress &rAddress)
{
+ bool bOrigIsInLayoutStrings = mpDoc->IsInLayoutStrings();
+ mpDoc->SetLayoutStrings(true);
+ comphelper::ScopeGuard g([this, bOrigIsInLayoutStrings] {
+ mpDoc->SetLayoutStrings(bOrigIsInLayoutStrings);
+ });
+
OSL_ENSURE( mpDev == mpRefDevice ||
mpDev->GetMapMode().GetMapUnit() ==
mpRefDevice->GetMapMode().GetMapUnit(),
"LayoutStrings: different MapUnits ?!?!" );
