Related: tdf#153510 Avoid modification of iterated container

A crash is seen when resizing a document locally; the problem is
range-based for loop, which indirectly modifies its range:

sclo.dll!ScAutoStyleList::AddInitial(const ScRange & rRange, const rtl::OUString & rStyle1, unsigned __int64 nTimeout, const rtl::OUString & rStyle2) Line 81	C++
sclo.dll!ScDocShell::Notify(SfxBroadcaster & __formal, const SfxHint & rHint) Line 685	C++
svllo.dll!SfxBroadcaster::Broadcast(const SfxHint & rHint) Line 41	C++
sclo.dll!ScInterpreter::ScStyle() Line 2628	C++
sclo.dll!ScInterpreter::Interpret() Line 4441	C++
sclo.dll!ScFormulaCell::InterpretTail(ScInterpreterContext & rContext, ScFormulaCell::ScInterpretTailParameter eTailParam) Line 1947	C++
sclo.dll!ScFormulaCell::Interpret(long nStartOffset, long nEndOffset) Line 1619	C++
sclo.dll!ScFormulaCell::MaybeInterpret() Line 470	C++
sclo.dll!ScFormulaCell::IsValue() Line 2763	C++
sclo.dll!ScConditionEntry::Interpret(const ScAddress & rPos) Line 670	C++
sclo.dll!ScConditionEntry::IsCellValid(ScRefCellValue & rCell, const ScAddress & rPos) Line 1238	C++
sclo.dll!ScConditionalFormat::GetData(ScRefCellValue & rCell, const ScAddress & rPos) Line 1836	C++
sclo.dll!`anonymous namespace'::handleConditionalFormat(ScConditionalFormatList & rCondFormList, const o3tl::sorted_vector<unsigned long,std::less<unsigned long>,o3tl::find_unique,1> & rCondFormats, ScCellInfo * pInfo, ScTableInfo * pTableInfo, ScStyleSheetPool * pStlPool, const ScAddress & rAddr, bool & bHidden, bool & bHideFormula, bool bTabProtect) Line 297	C++
sclo.dll!ScDocument::FillInfo(ScTableInfo & rTabInfo, short nCol1, long nRow1, short nCol2, long nRow2, short nTab, double fColScale, double fRowScale, bool bPageMode, bool bFormulaMode, const ScMarkData * pMarkData) Line 569	C++
sclo.dll!ScGridWindow::Draw(short nX1, long nY1, short nX2, long nY2, ScUpdateMode eMode) Line 556	C++
sclo.dll!ScGridWindow::Paint(OutputDevice & __formal, const tools::Rectangle & rRect) Line 458	C++
vcllo.dll!PaintHelper::DoPaint(const vcl::Region * pRegion) Line 313	C++
vcllo.dll!vcl::Window::ImplCallPaint(const vcl::Region * pRegion, ImplPaintFlags nPaintFlags) Line 617	C++
vcllo.dll!PaintHelper::~PaintHelper() Line 553	C++
vcllo.dll!vcl::Window::ImplCallPaint(const vcl::Region * pRegion, ImplPaintFlags nPaintFlags) Line 623	C++
vcllo.dll!PaintHelper::~PaintHelper() Line 553	C++
vcllo.dll!vcl::Window::ImplCallPaint(const vcl::Region * pRegion, ImplPaintFlags nPaintFlags) Line 623	C++
vcllo.dll!PaintHelper::~PaintHelper() Line 553	C++
vcllo.dll!vcl::Window::ImplCallPaint(const vcl::Region * pRegion, ImplPaintFlags nPaintFlags) Line 623	C++
vcllo.dll!PaintHelper::~PaintHelper() Line 553	C++
vcllo.dll!vcl::Window::ImplCallPaint(const vcl::Region * pRegion, ImplPaintFlags nPaintFlags) Line 623	C++
vcllo.dll!PaintHelper::~PaintHelper() Line 553	C++
vcllo.dll!vcl::Window::ImplCallPaint(const vcl::Region * pRegion, ImplPaintFlags nPaintFlags) Line 623	C++
vcllo.dll!vcl::Window::ImplCallOverlapPaint() Line 646	C++
vcllo.dll!vcl::Window::ImplHandlePaintHdl(Timer * __formal) Line 668	C++
vcllo.dll!vcl::Window::LinkStubImplHandlePaintHdl(void * instance, Timer * data) Line 648	C++
vcllo.dll!Link<Timer *,void>::Call(Timer * data) Line 111	C++
vcllo.dll!Timer::Invoke(Timer * arg) Line 81	C++
vcllo.dll!vcl::Window::ImplHandleResizeTimerHdl(Timer * __formal) Line 684	C++
vcllo.dll!vcl::Window::LinkStubImplHandleResizeTimerHdl(void * instance, Timer * data) Line 674	C++
vcllo.dll!Link<Timer *,void>::Call(Timer * data) Line 111	C++
vcllo.dll!Timer::Invoke(Timer * arg) Line 81	C++
vcllo.dll!vcl::Window::GetSizePixel() Line 2420	C++
sclo.dll!ScTabView::GetGridWidth(ScHSplitPos eWhich) Line 3032	C++
sclo.dll!ScViewData::CellsAtX(short nPosX, short nDir, ScHSplitPos eWhichX, unsigned short nScrSizeX) Line 2634	C++
sclo.dll!ScViewData::VisibleCellsX(ScHSplitPos eWhichX) Line 2710	C++
sclo.dll!ScTabView::PaintArea(short nStartCol, long nStartRow, short nEndCol, long nEndRow, ScUpdateMode eMode) Line 2386	C++
sclo.dll!ScTabViewShell::Notify(SfxBroadcaster & rBC, const SfxHint & rHint) Line 63	C++
svllo.dll!SfxBroadcaster::Broadcast(const SfxHint & rHint) Line 41	C++
sclo.dll!ScDocShell::PostPaint(const ScRangeList & rRanges, PaintPartFlags nPart, unsigned short nExtFlags) Line 172	C++
sclo.dll!ScDocShell::PostPaint(short nStartCol, long nStartRow, short nStartTab, short nEndCol, long nEndRow, short nEndTab, PaintPartFlags nPart, unsigned short nExtFlags) Line 106	C++
sclo.dll!ScDocShell::DoAutoStyle(const ScRange & rRange, const rtl::OUString & rStyle) Line 1580	C++
sclo.dll!ScAutoStyleList::InitHdl(Timer * __formal) Line 92	C++
sclo.dll!ScAutoStyleList::LinkStubInitHdl(void * instance, Timer * data) Line 84	C++
vcllo.dll!Link<Timer *,void>::Call(Timer * data) Line 111	C++
vcllo.dll!Timer::Invoke() Line 76	C++
vcllo.dll!Scheduler::CallbackTaskScheduling() Line 481	C++
vcllo.dll!SalTimer::CallCallback() Line 55	C++
vclplug_winlo.dll!WinSalTimer::ImplHandleElapsedTimer() Line 166	C++
vclplug_winlo.dll!ImplSalYield(bool bWait, bool bHandleAllCurrentEvents) Line 525	C++
vclplug_winlo.dll!WinSalInstance::DoYield(bool bWait, bool bHandleAllCurrentEvents) Line 581	C++
vcllo.dll!ImplYield(bool i_bWait, bool i_bAllEvents) Line 475	C++
vcllo.dll!Application::Yield() Line 560	C++
vcllo.dll!Application::Execute() Line 453	C++
sofficeapp.dll!desktop::Desktop::Main() Line 1604	C++
vcllo.dll!ImplSVMain() Line 203	C++
vcllo.dll!SVMain() Line 236	C++
sofficeapp.dll!soffice_main() Line 94	C++
soffice.bin!sal_main() Line 51	C
soffice.bin!main(int argc, char * * argv) Line 49	C

ScAutoStyleList::InitHdl iterated over aInitials, and called
pDocSh->DoAutoStyle, which eventually called ScAutoStyleList::AddInitial,
which modified aInitials, resulting in dangling reference rInitial back
in the ScAutoStyleList::InitHdl.

Change-Id: Id4e2aac2f5b0b27a7a57f22c0c9cdf8a1e950f30
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146690
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>

0 files changed, 0 insertions, 0 deletions