diff options
author | Eike Rathke <erack@redhat.com> | 2013-04-11 16:50:15 +0200 |
---|---|---|
committer | Kohei Yoshida <kohei.yoshida@gmail.com> | 2013-04-11 18:09:42 +0000 |
commit | e58a8b6d7dc1b01af9f54bec8fdce718b1d8bccd (patch) | |
tree | e2e463623d3ff3af7d0d7a451b2b5dd224b73e8a | |
parent | 86cb5a1d0f980633754fe250c636935c028f0f82 (diff) |
prevent vector and sequence out of bounds access, fdo#60300
This fixes the symptom of the crash but not the underlying cause why a
subtotal count would be wrong.
(cherry picked from commit 8bd3be9915ff28458d010fc8f0a1a1ab66d730b0)
Conflicts:
sc/source/core/data/dpoutput.cxx
Change-Id: I3782b5e39f18bc65ffe510b847ffa7969a26cd37
Reviewed-on: https://gerrit.libreoffice.org/3340
Reviewed-by: Kohei Yoshida <kohei.yoshida@gmail.com>
Tested-by: Kohei Yoshida <kohei.yoshida@gmail.com>
-rw-r--r-- | sc/source/core/data/dpoutput.cxx | 54 |
1 files changed, 42 insertions, 12 deletions
diff --git a/sc/source/core/data/dpoutput.cxx b/sc/source/core/data/dpoutput.cxx index a59fc774ae40..72fe4ded9503 100644 --- a/sc/source/core/data/dpoutput.cxx +++ b/sc/source/core/data/dpoutput.cxx @@ -1707,11 +1707,19 @@ void lcl_FilterInclude( std::vector<bool>& rResult, std::vector< sal_Int32 >& rS { // grand total is always automatic sal_Int32 nDataPos = j - ( nSize - nGrandTotals ); - OSL_ENSURE( nDataPos < (sal_Int32)rDataNames.size(), "wrong data count" ); - rtl::OUString aSourceName( rDataNames[nDataPos] ); // vector contains source names - rtl::OUString aGivenName( rGivenNames[nDataPos] ); + if (nDataPos >= 0 && nDataPos < (sal_Int32)rDataNames.size() && + nDataPos < (sal_Int32)rGivenNames.size()) + { + OUString aSourceName( rDataNames[nDataPos] ); // vector contains source names + OUString aGivenName( rGivenNames[nDataPos] ); - rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ); + rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ); + } + else + { + OSL_FAIL( "wrong data count for grand total" ); + rResult[j] = false; + } } } @@ -1747,27 +1755,49 @@ void lcl_FilterInclude( std::vector<bool>& rResult, std::vector< sal_Int32 >& rS rtl::OUString aSourceName( rDataNames[nDataPos] ); // vector contains source names rtl::OUString aGivenName( rGivenNames[nDataPos] ); - OSL_ENSURE( nFuncPos < aSubTotals.getLength(), "wrong subtotal count" ); - rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ) && + if (nFuncPos < aSubTotals.getLength()) + { + rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ) && aSubTotals[nFuncPos] == aFilter.meFunction; + } + else + { + OSL_FAIL( "wrong subtotal count for manual subtotals and several data fields" ); + rResult[j] = false; + } } else { // manual subtotals for a single data field - OSL_ENSURE( nSubTotalCount < aSubTotals.getLength(), "wrong subtotal count" ); - rResult[j] = ( aSubTotals[nSubTotalCount] == aFilter.meFunction ); + if (nSubTotalCount < aSubTotals.getLength()) + { + rResult[j] = ( aSubTotals[nSubTotalCount] == aFilter.meFunction ); + } + else + { + OSL_FAIL( "wrong subtotal count for manual subtotals for a single data field" ); + rResult[j] = false; + } } } else // automatic subtotals { if ( rBeforeDataLayout ) { - OSL_ENSURE( nSubTotalCount < (sal_Int32)rDataNames.size(), "wrong data count" ); - rtl::OUString aSourceName( rDataNames[nSubTotalCount] ); // vector contains source names - rtl::OUString aGivenName( rGivenNames[nSubTotalCount] ); + if (nSubTotalCount < (sal_Int32)rDataNames.size() && + nSubTotalCount < (sal_Int32)rGivenNames.size()) + { + OUString aSourceName( rDataNames[nSubTotalCount] ); // vector contains source names + OUString aGivenName( rGivenNames[nSubTotalCount] ); - rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ); + rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ); + } + else + { + OSL_FAIL( "wrong data count for automatic subtotals" ); + rResult[j] = false; + } } // if a function was specified, automatic subtotals never match |