memcpy-param-overlap

At least UITest_impress_tests started to fail at

> ==608818==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x6020000ef270,0x6020000ef276) and [0x6020000ef274, 0x6020000ef27a) overlap
>  #0 in __asan_memcpy at ~/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
>  #1 in RemoveWhichRange(unsigned short const*, unsigned short, unsigned short) at svx/source/svdraw/svdetc.cxx:413:17
>  #2 in SdrObjEditView::SetAttributes(SfxItemSet const&, bool) at svx/source/svdraw/svdedxv.cxx:2222:19
>  #3 in SdrCreateView::SetAttributes(SfxItemSet const&, bool) at svx/source/svdraw/svdcrtv.cxx:883:29
>  #4 in SdrView::SetAttributes(SfxItemSet const&, bool) at include/svx/svdview.hxx:193:96
>  #5 in sd::View::SetAttributes(SfxItemSet const&, bool, bool, bool) at sd/source/ui/view/sdview.cxx:488:28
>  #6 in sd::DrawView::SetAttributes(SfxItemSet const&, bool, bool, bool) at sd/source/ui/view/drawview.cxx:288:27
>  #7 in sd::TextObjectBar::Execute(SfxRequest&) at sd/source/ui/view/drtxtob1.cxx:819:21
>  #8 in SfxStubTextObjectBarExecute(SfxShell*, SfxRequest&) at workdir/SdiTarget/sd/sdi/sdslots.hxx:17883:1
[...]

(followed by

> ==647521==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000258856 at pc 0x0000002f7b0a bp 0x7f7f7a69fdb0 sp 0x7f7f7a69f560
> READ of size 6 at 0x602000258856 thread T9 (cppu_threadpool)
>  #0 in __asan_memmove at /data/sbergman/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:30:3
>  #1 in RemoveWhichRange(unsigned short const*, unsigned short, unsigned short) at svx/source/svdraw/svdetc.cxx:413:17
>  #2 in SdrObjEditView::SetAttributes(SfxItemSet const&, bool) at svx/source/svdraw/svdedxv.cxx:2222:19
>  #3 in SdrCreateView::SetAttributes(SfxItemSet const&, bool) at svx/source/svdraw/svdcrtv.cxx:883:29
>  #4 in SdrView::SetAttributes(SfxItemSet const&, bool) at include/svx/svdview.hxx:193:96
>  #5 in sd::View::SetAttributes(SfxItemSet const&, bool, bool, bool) at sd/source/ui/view/sdview.cxx:488:28
>  #6 in sd::DrawView::SetAttributes(SfxItemSet const&, bool, bool, bool) at sd/source/ui/view/drawview.cxx:288:27
>  #7 in sd::TextObjectBar::Execute(SfxRequest&) at sd/source/ui/view/drtxtob1.cxx:819:21
>  #8 in SfxStubTextObjectBarExecute(SfxShell*, SfxRequest&) at workdir/SdiTarget/sd/sdi/sdslots.hxx:17883:1
[...]
> 0x602000258856 is located 0 bytes to the right of 6-byte region [0x602000258850,0x602000258856)
> allocated by thread T9 (cppu_threadpool) here:
[...]

if the memcpy were replaced with memmove) after
8aaa28ed43978a9a4a20d62368410a57ec05c23f "Assert on valid order of which ids in
ranges on SfxItemSet creation":

Where in the past it had called

RemoveWhichRange({10951, 10951, 4007, 4007, 0}, 4007, 4062)

and

RemoveWhichRange({10950, 10950, 4007, 4007, 0}, 4007, 4062)

on wrongly sorted ranges, for which the implementation of RemoveWhichRange
happened to work, it now calls

RemoveWhichRange({4007, 4007, 10951, 10951, 0}, 4007, 4062)

and

RemoveWhichRange({4007, 4007, 10950, 10950, 0}, 4007, 4062)

on correctly sorted ranges, which uncovered the broken implementation.

Given that RemoveWhichRange is presumably not hot (e.g., being called just two
times during UITest_impress_tests), turn it into a less sophisticated, but also
likely less error-prone algorithm.

(Leaving unit tests as a TODO, given that RemoveWhichRange is not
currently exported from Library_svxcore, and the existing CppunitTest_svx_unit
links against Library_svxcore rather than using
gb_CppunitTest_use_library_objects.)

Change-Id: I8a1c1d5db8073928ad2f6e88d581f24a0e882925
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117264
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>

0 files changed, 0 insertions, 0 deletions