[Libreoffice] [REVIEW][3-5] Prevent excessvie references to formula result tokens

Kohei Yoshida <kohei.yoshida -AT- suse.com>
Mon, 30 Jan 2012 16:35:46 -0500

Hi,

I'd like

http://cgit.freedesktop.org/libreoffice/core/commit/?id=e2b11f4fd79dce4116badb0ecf6477546ca5d0d4

cherry-picked to the 3-5 branch.  It is probably too late for change
like this to be in the 3-5-0 branch so I won't even try.

To reproduce the problem, open the following file in Calc

http://people.freedesktop.org/~kohei/test-formula-fill-crash.ods

then

1. select B1:B65536 (or just hit ctrl-shift-up)
2. fill down (or ctrl-D if you use the default key binding).

That will currently either crash, or do a totally wrong thing.  If it
doesn't crash, try undo and redo and it will eventually crash.

The reason is that, during the fill, the formula token instance inside
ScFormulaResult gets "copied" i.e. it re-uses the existing instance and
increases its reference counter by one.  The problem is, this counter is
unsigned 16-bit integer, and as soon as it goes above 65535 it rolls
back to zero, and eventually the token instance gets deleted
prematurely.

The above change ensures that the formula result is cleared after each
formula cell instance gets copied.  We don't need to copy the formula
result during fill because they get re-interpreted once the copying is
complete.

As an aside, although it's not necessary for this fix, on master we
should probably use unsigned 32-bit integer to store reference counter
for this just to future-proof ourselves.  16-bit integer seems a bit too
small for this purpose.

Regards,

Kohei

-- 
Kohei Yoshida, LibreOffice hacker, Calc

Context

[Libreoffice] [REVIEW][3-5] Prevent excessvie references to formula result tokens · Kohei Yoshida
- Re: [Libreoffice] [REVIEW][3-5] Prevent excessvie references to formula result tokens · Michael Meeks
- Re: [Libreoffice] [REVIEW][3-5] Prevent excessvie references to formula result tokens · Eike Rathke
  - Re: [Libreoffice] [REVIEW][3-5] Prevent excessvie references to formula result tokens · Kohei Yoshida
    - Re: [Libreoffice] [REVIEW][3-5][3-5-0][3-4] Prevent excessvie references to formula result tokens · Eike Rathke
      - Re: [Libreoffice] [REVIEW][3-5][3-5-0][3-4] Prevent excessvie references to formula result tokens · Kohei Yoshida
        
        Re: [Libreoffice] [REVIEW][3-5][3-5-0][3-4] Prevent excessvie references to formula result tokens · Markus Mohrhard
        
        Re: [Libreoffice] [REVIEW][3-5][3-5-0][3-4] Prevent excessvie references to formula result tokens · Petr Mladek
        
        Re: [Libreoffice] [PUSHED][3-5][3-5-0][3-4] Prevent excessvie references to formula result tokens · Petr Mladek
- Re: [Libreoffice] [REVIEW][3-5] Prevent excessvie references to formula result tokens · Tommy
  - Re: [Libreoffice] autocorrect limits · Caolán McNamara

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.