Fix calculation of alloca'ed memory size

...after 16d645e5b8f11b4ddb49a2b58bde388b28960abc "speedup Transliteration_body::transliterateImpl", which caused dynamic-stack-buffer-overflow (<https://ci.libreoffice.org/job/lo_ubsan/2137/), > ==4003==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7fffe890f7d2 at pc 0x0000004b1c2d bp 0x7fffe890f490 sp 0x7fffe890ec40 > WRITE of size 2 at 0x7fffe890f7d2 thread T0 > #0 0x4b1c2c in __asan_memmove /home/tdf/lode/packages/llvm-llvmorg-9.0.1.src/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:30 > #1 0x2b8b4222ef65 in char16_t* std::__copy_move<false, true, std::random_access_iterator_tag>::__copy_m<char16_t>(char16_t const*, char16_t const*, char16_t*) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_algobase.h:368:6 > #2 0x2b8b4222eec0 in char16_t* std::__copy_move_a<false, char16_t const*, char16_t*>(char16_t const*, char16_t const*, char16_t*) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_algobase.h:385:14 > #3 0x2b8b4222d9be in char16_t* std::__copy_move_a2<false, char16_t const*, char16_t*>(char16_t const*, char16_t const*, char16_t*) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_algobase.h:422:18 > #4 0x2b8b4222d2be in char16_t* std::copy<char16_t const*, char16_t*>(char16_t const*, char16_t const*, char16_t*) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_algobase.h:454:15 > #5 0x2b8b4222cf43 in char16_t* std::__copy_n<char16_t const*, signed char, char16_t*>(char16_t const*, signed char, char16_t*, std::random_access_iterator_tag) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_algo.h:782:14 > #6 0x2b8b4222b495 in char16_t* std::copy_n<char16_t const*, signed char, char16_t*>(char16_t const*, signed char, char16_t*) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_algo.h:806:14 > #7 0x2b8b42225872 in i18npool::Transliteration_body::transliterateImpl(rtl::OUString const&, int, int, com::sun::star::uno::Sequence<int>*) /i18npool/source/transliteration/transliteration_body.cxx:145:13 > #8 0x2b8b42236f35 in i18npool::transliteration_commonclass::transliterateString2String(rtl::OUString const&, int, int) /i18npool/source/transliteration/transliteration_commonclass.cxx:109:12 > #9 0x2b8b41fbc740 in i18npool::cclass_Unicode::toUpper(rtl::OUString const&, int, int, com::sun::star::lang::Locale const&) /i18npool/source/characterclassification/cclass_unicode.cxx:67:19 > #10 0x2b8b41fbc7b2 in non-virtual thunk to i18npool::cclass_Unicode::toUpper(rtl::OUString const&, int, int, com::sun::star::lang::Locale const&) /i18npool/source/characterclassification/cclass_unicode.cxx > #11 0x2b8b41ff1335 in i18npool::CharacterClassificationImpl::toUpper(rtl::OUString const&, int, int, com::sun::star::lang::Locale const&) /i18npool/source/characterclassification/characterclassificationImpl.cxx:47:63 [...] Change-Id: I5273e234c8921f635e31c414cb0e427ee8b04a95 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122234 Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk> Reviewed-by: Stephan Bergmann <sbergman@redhat.com> Tested-by: Jenkins
author: Stephan Bergmann <sbergman@redhat.com> 2021-09-17 09:24:22 +0200
committer: Stephan Bergmann <sbergman@redhat.com> 2021-09-17 11:24:46 +0200
commit: 061f7ba80efe621503531ca9512b194ad8cefcd3 (patch)
tree: 4f4170d5339251baaf3af9ae98f42cabdb1ec709 /i18npool/source/transliteration
parent: a6db8971bf37b696ae7b1d0f8fb4d11a1e541da1 (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/i18npool/source/transliteration/transliteration_body.cxx b/i18npool/source/transliteration/transliteration_body.cxx
index 3581212af8b3..1f4541082435 100644
--- a/i18npool/source/transliteration/transliteration_body.cxx
+++ b/i18npool/source/transliteration/transliteration_body.cxx
@@ -104,9 +104,8 @@ Transliteration_body::transliterateImpl(
     constexpr sal_Int32 nLocalBuf = 2048;
     sal_Unicode* out;
     std::unique_ptr<sal_Unicode[]> pHeapBuf;
-    size_t nBytes = (nCount + 1) * sizeof(sal_Unicode);
-    if (nBytes <= nLocalBuf * NMAPPINGMAX)
-        out = static_cast<sal_Unicode*>(alloca(nBytes));
+    if (nCount <= nLocalBuf)
+        out = static_cast<sal_Unicode*>(alloca(nCount * NMAPPINGMAX * sizeof(sal_Unicode)));
     else
     {
         pHeapBuf.reset(new sal_Unicode[ nCount * NMAPPINGMAX ]);
author	Stephan Bergmann <sbergman@redhat.com>	2021-09-17 09:24:22 +0200
committer	Stephan Bergmann <sbergman@redhat.com>	2021-09-17 11:24:46 +0200
commit	061f7ba80efe621503531ca9512b194ad8cefcd3 (patch)
tree	4f4170d5339251baaf3af9ae98f42cabdb1ec709 /i18npool/source/transliteration
parent	a6db8971bf37b696ae7b1d0f8fb4d11a1e541da1 (diff)