[Libreoffice] [REVIEW] Fix for fdo#37520

Kohei Yoshida <kohei.yoshida -AT- gmail.com>
Tue, 24 May 2011 16:03:58 -0400

The attached patch fixes the crasher reported in

https://bugs.freedesktop.org/show_bug.cgi?id=37520

The crash occurs in ScRangeList::Join() where the array size is cached
prior to the for loop, but array may shrink during the loop, in which
case an out-of-bound array access may occur which in turn results in a
crash.  I'm actually surprised that this didn't cause a crash on
Linux.

Anyhow, the solution is to always dynamically check the size of the
array via size() method in each iteration, instead of caching it for
all iterations.

Review appreciated.  I'd like this to go into the -3-4-0 branch.  So I
need three sign-off's.

Kohei

Attachment: 0001-fdo-37520-Don-t-cache-the-array-size-but-query-it-dy.patch
Description: Binary data

Context

[Libreoffice] [REVIEW] Fix for fdo#37520 · Kohei Yoshida
- Re: [Libreoffice] [REVIEW] Fix for fdo#37520 · Markus Mohrhard
- Re: [Libreoffice] [REVIEW] Fix for fdo#37520 · Jonathan Aquilina
- Re: [Libreoffice] [REVIEW] Fix for fdo#37520 · Norbert Thiebaud
- Re: [Libreoffice] [REVIEW] Fix for fdo#37520 · Noel Power
  - Re: [Libreoffice] [REVIEW] Fix for fdo#37520 · Kohei Yoshida

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.