diff options
| author | Eike Rathke <erack@redhat.com> | 2013-04-11 16:50:15 +0200 |
|---|---|---|
| committer | Eike Rathke <erack@redhat.com> | 2013-04-11 16:54:15 +0200 |
| commit | 8bd3be9915ff28458d010fc8f0a1a1ab66d730b0 (patch) | |
| tree | 8a5794927e6553e55dea96dacf9b183d1c85fad6 /sc | |
| parent | a33e45182cb8ca95c8772cb2185de59522480501 (diff) | |
prevent vector and sequence out of bounds access, fdo#60300
This fixes the symptom of the crash but not the underlying cause why a
subtotal count would be wrong.
Change-Id: I3782b5e39f18bc65ffe510b847ffa7969a26cd37
Diffstat (limited to 'sc')
| -rw-r--r-- | sc/source/core/data/dpoutput.cxx | 54 |
1 files changed, 42 insertions, 12 deletions
diff --git a/sc/source/core/data/dpoutput.cxx b/sc/source/core/data/dpoutput.cxx index 4964a2136452..b12edc57279c 100644 --- a/sc/source/core/data/dpoutput.cxx +++ b/sc/source/core/data/dpoutput.cxx @@ -1697,11 +1697,19 @@ void lcl_FilterInclude( std::vector<bool>& rResult, std::vector< sal_Int32 >& rS { // grand total is always automatic sal_Int32 nDataPos = j - ( nSize - nGrandTotals ); - OSL_ENSURE( nDataPos < (sal_Int32)rDataNames.size(), "wrong data count" ); - OUString aSourceName( rDataNames[nDataPos] ); // vector contains source names - OUString aGivenName( rGivenNames[nDataPos] ); + if (nDataPos >= 0 && nDataPos < (sal_Int32)rDataNames.size() && + nDataPos < (sal_Int32)rGivenNames.size()) + { + OUString aSourceName( rDataNames[nDataPos] ); // vector contains source names + OUString aGivenName( rGivenNames[nDataPos] ); - rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ); + rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ); + } + else + { + OSL_FAIL( "wrong data count for grand total" ); + rResult[j] = false; + } } } @@ -1737,27 +1745,49 @@ void lcl_FilterInclude( std::vector<bool>& rResult, std::vector< sal_Int32 >& rS OUString aSourceName( rDataNames[nDataPos] ); // vector contains source names OUString aGivenName( rGivenNames[nDataPos] ); - OSL_ENSURE( nFuncPos < aSubTotals.getLength(), "wrong subtotal count" ); - rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ) && + if (nFuncPos < aSubTotals.getLength()) + { + rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ) && aSubTotals[nFuncPos] == aFilter.meFunction; + } + else + { + OSL_FAIL( "wrong subtotal count for manual subtotals and several data fields" ); + rResult[j] = false; + } } else { // manual subtotals for a single data field - OSL_ENSURE( nSubTotalCount < aSubTotals.getLength(), "wrong subtotal count" ); - rResult[j] = ( aSubTotals[nSubTotalCount] == aFilter.meFunction ); + if (nSubTotalCount < aSubTotals.getLength()) + { + rResult[j] = ( aSubTotals[nSubTotalCount] == aFilter.meFunction ); + } + else + { + OSL_FAIL( "wrong subtotal count for manual subtotals for a single data field" ); + rResult[j] = false; + } } } else // automatic subtotals { if ( rBeforeDataLayout ) { - OSL_ENSURE( nSubTotalCount < (sal_Int32)rDataNames.size(), "wrong data count" ); - OUString aSourceName( rDataNames[nSubTotalCount] ); // vector contains source names - OUString aGivenName( rGivenNames[nSubTotalCount] ); + if (nSubTotalCount < (sal_Int32)rDataNames.size() && + nSubTotalCount < (sal_Int32)rGivenNames.size()) + { + OUString aSourceName( rDataNames[nSubTotalCount] ); // vector contains source names + OUString aGivenName( rGivenNames[nSubTotalCount] ); - rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ); + rResult[j] = lcl_IsNamedDataField( rTarget, aSourceName, aGivenName ); + } + else + { + OSL_FAIL( "wrong data count for automatic subtotals" ); + rResult[j] = false; + } } // if a function was specified, automatic subtotals never match |