sc/source/filter/excel/xistyle.cxx | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
New commits:
commit d1e065ea7ac98c31997f1af9be82c5da18c38369
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sat May 25 20:15:41 2024 +0100
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Sun May 26 00:51:48 2024 +0200
ofz#69215 Heap-use-after-free
maybe since?
commit 397d7af2cbb1f2786ba857d350fb4641525e3bb2
Date: Wed May 22 15:03:40 2024 +0200
tdf#161210 speedup loading large XLS
==344604== Invalid read of size 4
==344604== at 0x1D74DEC5: XclImpXFRange::XclImpXFRange(int, int,
XclImpXFIndex const&) (xistyle.hxx:555)
==344604== by 0x1D746AFB: XclImpXFRangeColumn::SetXF(int, XclImpXFIndex
const&) (xistyle.cxx:1777)
==344604== by 0x1D747483: XclImpXFRangeBuffer::SetXF(ScAddress const&,
unsigned short, XclImpXFRangeBuffer::XclImpXFInsertMode) (xistyle.cxx:1908)
==344604== by 0x1D747629: XclImpXFRangeBuffer::SetXF(ScAddress const&,
unsigned short) (xistyle.cxx:1929)
==344604== by 0x1D2C0334: ImportExcel8::Labelsst() (excimp8.cxx:250)
==344604== by 0x1D32AB78: ImportExcel8::Read() (read.cxx:1196)
==344604== by 0x1D29FC2A:
ScFormatFilterPluginImpl::ScImportExcel(SfxMedium&, ScDocument*, EXCIMPFORMAT)
(excel.cxx:256)
==344604== by 0x1D2A28BC: TestImportXLS (excel.cxx:483)
==344604== by 0x405D76: sal_main_with_args(int, char**)
(fftester.cxx:393)
==344604== by 0x40363D: main (fftester.cxx:100)
==344604== Address 0x2ab5fc08 is 8 bytes inside a block of size 12 free'd
==344604== at 0x48463F3: operator delete(void*)
(vg_replace_malloc.c:1051)
==344604== by 0x1D761DDC:
std::__new_allocator<XclImpXFRange>::deallocate(XclImpXFRange*, unsigned long)
(new_allocator.h:172)
==344604== by 0x1D761B27: std::__cxx1998::_Vector_base<XclImpXFRange,
std::allocator<XclImpXFRange> >::_M_deallocate(XclImpXFRange*, unsigned long)
(allocator.h:210)
==344604== by 0x1D76170E: void std::__cxx1998::vector<XclImpXFRange,
std::allocator<XclImpXFRange>
>::_M_realloc_insert<XclImpXFRange>(__gnu_cxx::__normal_iterator<XclImpXFRange*,
std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange> > >,
XclImpXFRange&&) (vector.tcc:519)
==344604== by 0x1D763576: std::__cxx1998::vector<XclImpXFRange,
std::allocator<XclImpXFRange>
>::_M_insert_rval(__gnu_cxx::__normal_iterator<XclImpXFRange const*,
std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange> > >,
XclImpXFRange&&) (vector.tcc:372)
==344604== by 0x1D763409: std::__cxx1998::vector<XclImpXFRange,
std::allocator<XclImpXFRange>
>::_M_emplace_aux(__gnu_cxx::__normal_iterator<XclImpXFRange const*,
std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange> > >,
XclImpXFRange&&) (stl_vector.h:1887)
==344604== by 0x1D762F29: __gnu_cxx::__normal_iterator<XclImpXFRange*,
std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange> > >
std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange>
>::emplace<XclImpXFRange>(__gnu_cxx::__normal_iterator<XclImpXFRange const*,
std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange> > >,
XclImpXFRange&&) (stl_vector.h:1344)
==344604== by 0x1D762CCB:
__gnu_debug::_Safe_iterator<__gnu_cxx::__normal_iterator<XclImpXFRange*,
std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange> > >,
std::__debug::vector<XclImpXFRange, std::allocator<XclImpXFRange> >,
std::random_access_iterator_tag> std::__debug::vector<XclImpXFRange,
std::allocator<XclImpXFRange>
>::emplace<XclImpXFRange>(__gnu_debug::_Safe_iterator<__gnu_cxx::__normal_iterator<XclImpXFRange
const*, std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange> >
>, std::__debug::vector<XclImpXFRange, std::allocator<XclImpXFRange> >,
std::random_access_iterator_tag>, XclImpXFRange&&) (vector:545)
==344604== by 0x1D74E0FD:
__gnu_cxx::__enable_if<!std::__are_same<XclImpXFRange, bool>::__value,
__gnu_debug::_Safe_iterator<__gnu_cxx::__normal_iterator<XclImpXFRange*,
std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange> > >,
std::__debug::vector<XclImpXFRange, std::allocator<XclImpXFRange> >,
std::random_access_iterator_tag> >::__type std::__debug::vector<XclImpXFRange,
std::allocator<XclImpXFRange>
>::insert<XclImpXFRange>(__gnu_debug::_Safe_iterator<__gnu_cxx::__normal_iterator<XclImpXFRange
const*, std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange> >
>, std::__debug::vector<XclImpXFRange, std::allocator<XclImpXFRange> >,
std::random_access_iterator_tag>, XclImpXFRange&&) (vector:580)
==344604== by 0x1D74712E: XclImpXFRangeColumn::Insert(XclImpXFRange,
unsigned long) (xistyle.cxx:1798)
==344604== by 0x1D746AD8: XclImpXFRangeColumn::SetXF(int, XclImpXFIndex
const&) (xistyle.cxx:1776)
==344604== by 0x1D747483: XclImpXFRangeBuffer::SetXF(ScAddress const&,
unsigned short, XclImpXFRangeBuffer::XclImpXFInsertMode) (xistyle.cxx:1908)
==344604== Block was alloc'd at
==344604== at 0x4842F95: operator new(unsigned long)
(vg_replace_malloc.c:483)
==344604== by 0x1D761C4A:
std::__new_allocator<XclImpXFRange>::allocate(unsigned long, void const*)
(new_allocator.h:151)
==344604== by 0x1D761A33: std::__cxx1998::_Vector_base<XclImpXFRange,
std::allocator<XclImpXFRange> >::_M_allocate(unsigned long) (allocator.h:198)
==344604== by 0x1D7615F1: void std::__cxx1998::vector<XclImpXFRange,
std::allocator<XclImpXFRange>
>::_M_realloc_insert<XclImpXFRange>(__gnu_cxx::__normal_iterator<XclImpXFRange*,
std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange> > >,
XclImpXFRange&&) (vector.tcc:459)
==344604== by 0x1D76148D: XclImpXFRange&
std::__cxx1998::vector<XclImpXFRange, std::allocator<XclImpXFRange>
>::emplace_back<XclImpXFRange>(XclImpXFRange&&) (vector.tcc:123)
==344604== by 0x1D761371: XclImpXFRange&
std::__debug::vector<XclImpXFRange, std::allocator<XclImpXFRange>
>::emplace_back<XclImpXFRange>(XclImpXFRange&&) (vector:519)
==344604== by 0x1D74DE8C:
__gnu_cxx::__enable_if<!std::__are_same<XclImpXFRange, bool>::__value,
void>::__type std::__debug::vector<XclImpXFRange, std::allocator<XclImpXFRange>
>::push_back<XclImpXFRange>(XclImpXFRange&&) (vector:508)
==344604== by 0x1D7467AD:
XclImpXFRangeColumn::SetDefaultXF(XclImpXFIndex const&, XclImpRoot const&)
(xistyle.cxx:1727)
==344604== by 0x1D7478A7: XclImpXFRangeBuffer::SetColumnDefXF(short,
unsigned short) (xistyle.cxx:1956)
==344604== by 0x1D2713A5: XclImpColRowSettings::SetDefaultXF(short,
short, unsigned short) (colrowst.cxx:175)
==344604== by 0x1D30E12F: ImportExcel::Colinfo() (impop.cxx:682)
==344604== by 0x1D32A34E: ImportExcel8::Read() (read.cxx:1141)
Change-Id: I55cc65d511878e31646d10dc7f367f30bd4454f8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/168038
Reviewed-by: Noel Grandin <noel.gran...@collabora.co.uk>
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
diff --git a/sc/source/filter/excel/xistyle.cxx
b/sc/source/filter/excel/xistyle.cxx
index 00bc34c744bd..8c29ece09885 100644
--- a/sc/source/filter/excel/xistyle.cxx
+++ b/sc/source/filter/excel/xistyle.cxx
@@ -1772,9 +1772,10 @@ void XclImpXFRangeColumn::SetXF( SCROW nScRow, const
XclImpXFIndex& rXFIndex )
else // insert in the middle of
the range
{
pThisRange->mnScRow1 = nScRow + 1;
+ XclImpXFIndex aXFIndex(pThisRange->maXFIndex);
// List::Insert() moves entries towards end of list, so insert
twice at nIndex
Insert( XclImpXFRange( nScRow, rXFIndex ), nIndex );
- Insert( XclImpXFRange( nFirstScRow, nScRow - 1,
pThisRange->maXFIndex ), nIndex );
+ Insert( XclImpXFRange( nFirstScRow, nScRow - 1, aXFIndex ),
nIndex );
}
return;
}
