The attached patch fixes the crasher reported in
https://bugs.freedesktop.org/show_bug.cgi?id=37520
The crash occurs in ScRangeList::Join() where the array size is cached
prior to the for loop, but array may shrink during the loop, in which
case an out-of-bound array access may occur which in turn results in a
crash. I'm actually surprised that this didn't cause a crash on
Linux.
Anyhow, the solution is to always dynamically check the size of the
array via size() method in each iteration, instead of caching it for
all iterations.
Review appreciated. I'd like this to go into the -3-4-0 branch. So I
need three sign-off's.
Kohei
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.