From 9bcdcd06781ea8a291510c42075ab08154a6d666 Mon Sep 17 00:00:00 2001
Message-Id: <9bcdcd06781ea8a291510c42075ab08154a6d666.1399592425.git.erack@redhat.com>
From: Eike Rathke <erack@redhat.com>
Date: Fri, 9 May 2014 00:11:06 +0200
Subject: [PATCH] resolve fdo#77509 memory corruption / crash in Consolidate
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------erAck-patch-parts"
This is a multi-part message in MIME format.
--------------erAck-patch-parts
Content-Type: text/plain; charset=UTF-8; format=fixed
Content-Transfer-Encoding: 8bit
Regression introduced with c81dec478ab0618f2acd2580654a93d3a7185444
memcpy some sizeof(OUString) is doomed to fail.
Change-Id: I81dc9cc7eaf02607ed05b4d284a7e5e462eeeb0a
(cherry picked from commit e891afeccba8f20f8bdaeacb20f2215cfcb1abfd)
---
sc/inc/consoli.hxx | 7 +++---
sc/source/core/tool/consoli.cxx | 52 +++++++++++++++--------------------------
2 files changed, 22 insertions(+), 37 deletions(-)
--------------erAck-patch-parts
Content-Type: text/x-patch; name="0001-resolve-fdo-77509-memory-corruption-crash-in-Consoli.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="0001-resolve-fdo-77509-memory-corruption-crash-in-Consoli.patch"
diff --git a/sc/inc/consoli.hxx b/sc/inc/consoli.hxx
index 9ae5060..e93ea8a 100644
--- a/sc/inc/consoli.hxx
+++ b/sc/inc/consoli.hxx
@@ -80,11 +80,10 @@ private:
double** ppCount;
double** ppSumSqr;
ScReferenceList** ppRefs;
- OUString* mpColHeaders;
- OUString* mpRowHeaders;
+ ::std::vector<OUString> maColHeaders;
+ ::std::vector<OUString> maRowHeaders;
+ ::std::vector<OUString> maTitles;
SCSIZE nDataCount;
- SCSIZE nTitleCount;
- OUString* mpTitles;
SCSIZE** ppTitlePos;
sal_Bool bCornerUsed;
OUString aCornerText; // only for bColByName && bRowByName
diff --git a/sc/source/core/tool/consoli.cxx b/sc/source/core/tool/consoli.cxx
index 3dbe8f9..c2a5121 100644
--- a/sc/source/core/tool/consoli.cxx
+++ b/sc/source/core/tool/consoli.cxx
@@ -70,16 +70,9 @@ void ScReferenceList::AddEntry( SCCOL nCol, SCROW nRow, SCTAB nTab )
}
template< typename T >
-static void lcl_AddString( OUString*& pData, T& nCount, const OUString& rInsert )
+static void lcl_AddString( ::std::vector<OUString>& rData, T& nCount, const OUString& rInsert )
{
- OUString* pOldData = pData;
- pData = new OUString[ nCount+1 ];
- if (pOldData)
- {
- memcpy( pData, pOldData, nCount * sizeof(OUString) );
- delete[] pOldData;
- }
- pData[nCount] = rInsert;
+ rData.push_back( rInsert);
++nCount;
}
@@ -95,11 +88,7 @@ ScConsData::ScConsData() :
ppCount(NULL),
ppSumSqr(NULL),
ppRefs(NULL),
- mpColHeaders(NULL),
- mpRowHeaders(NULL),
nDataCount(0),
- nTitleCount(0),
- mpTitles(NULL),
ppTitlePos(NULL),
bCornerUsed(false)
{
@@ -140,16 +129,12 @@ void ScConsData::DeleteData()
DELETEARR( ppSumSqr,nColCount );
DELETEARR( ppUsed, nColCount ); // erst nach ppRefs !!!
DELETEARR( ppTitlePos, nRowCount );
- delete[] mpColHeaders;
- mpColHeaders = NULL;
- delete[] mpRowHeaders;
- mpRowHeaders = NULL;
- delete[] mpTitles;
- mpTitles = NULL;
- nTitleCount = 0;
+ ::std::vector<OUString>().swap( maColHeaders);
+ ::std::vector<OUString>().swap( maRowHeaders);
+ ::std::vector<OUString>().swap( maTitles);
nDataCount = 0;
- if (bColByName) nColCount = 0; // sonst stimmt mpColHeaders nicht
+ if (bColByName) nColCount = 0; // sonst stimmt maColHeaders nicht
if (bRowByName) nRowCount = 0;
bCornerUsed = false;
@@ -256,10 +241,10 @@ void ScConsData::AddFields( ScDocument* pSrcDoc, SCTAB nTab,
{
bool bFound = false;
for (SCSIZE i=0; i<nColCount && !bFound; i++)
- if ( mpColHeaders[i] == aTitle )
+ if ( maColHeaders[i] == aTitle )
bFound = true;
if (!bFound)
- lcl_AddString( mpColHeaders, nColCount, aTitle );
+ lcl_AddString( maColHeaders, nColCount, aTitle );
}
}
}
@@ -273,10 +258,10 @@ void ScConsData::AddFields( ScDocument* pSrcDoc, SCTAB nTab,
{
bool bFound = false;
for (SCSIZE i=0; i<nRowCount && !bFound; i++)
- if ( mpRowHeaders[i] == aTitle )
+ if ( maRowHeaders[i] == aTitle )
bFound = true;
if (!bFound)
- lcl_AddString( mpRowHeaders, nRowCount, aTitle );
+ lcl_AddString( maRowHeaders, nRowCount, aTitle );
}
}
}
@@ -289,7 +274,8 @@ void ScConsData::AddName( const OUString& rName )
if (bReference)
{
- lcl_AddString( mpTitles, nTitleCount, rName );
+ maTitles.push_back( rName);
+ size_t nTitleCount = maTitles.size();
for (nArrY=0; nArrY<nRowCount; nArrY++)
{
@@ -528,7 +514,7 @@ void ScConsData::AddData( ScDocument* pSrcDoc, SCTAB nTab,
{
bool bFound = false;
for (SCSIZE i=0; i<nColCount && !bFound; i++)
- if ( mpColHeaders[i] == aTitle )
+ if ( maColHeaders[i] == aTitle )
{
nPos = static_cast<SCCOL>(i);
bFound = true;
@@ -549,7 +535,7 @@ void ScConsData::AddData( ScDocument* pSrcDoc, SCTAB nTab,
{
bool bFound = false;
for (SCSIZE i=0; i<nRowCount && !bFound; i++)
- if ( mpRowHeaders[i] == aTitle )
+ if ( maRowHeaders[i] == aTitle )
{
nPos = static_cast<SCROW>(i);
bFound = true;
@@ -661,10 +647,10 @@ void ScConsData::OutputToDocument( ScDocument* pDestDoc, SCCOL nCol, SCROW nRow,
if (bColByName)
for (SCSIZE i=0; i<nColCount; i++)
- pDestDoc->SetString( sal::static_int_cast<SCCOL>(nStartCol+i), nRow, nTab, mpColHeaders[i] );
+ pDestDoc->SetString( sal::static_int_cast<SCCOL>(nStartCol+i), nRow, nTab, maColHeaders[i] );
if (bRowByName)
for (SCSIZE j=0; j<nRowCount; j++)
- pDestDoc->SetString( nCol, sal::static_int_cast<SCROW>(nStartRow+j), nTab, mpRowHeaders[j] );
+ pDestDoc->SetString( nCol, sal::static_int_cast<SCROW>(nStartRow+j), nTab, maRowHeaders[j] );
nCol = nStartCol;
nRow = nStartRow;
@@ -774,7 +760,7 @@ void ScConsData::OutputToDocument( ScDocument* pDestDoc, SCCOL nCol, SCROW nRow,
// Zwischentitel
- if (ppTitlePos && mpTitles && mpRowHeaders)
+ if (ppTitlePos && !maTitles.empty() && !maRowHeaders.empty())
{
OUString aDelim( " / " );
for (SCSIZE nPos=0; nPos<nDataCount; nPos++)
@@ -786,9 +772,9 @@ void ScConsData::OutputToDocument( ScDocument* pDestDoc, SCCOL nCol, SCROW nRow,
bDo = false; // leer
if ( bDo && nTPos < nNeeded )
{
- aString = mpRowHeaders[nArrY];
+ aString = maRowHeaders[nArrY];
aString += aDelim;
- aString += mpTitles[nPos];
+ aString += maTitles[nPos];
pDestDoc->SetString( nCol-1, nRow+nArrY+nTPos, nTab, aString );
}
}
--------------erAck-patch-parts--