diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2020-11-03 08:33:19 +0100 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2020-11-03 22:29:36 +0100 |
| commit | 64e58879c4445bfc733d337c53ac7dc1748fdbb9 (patch) | |
| tree | 6fb1f0fc0a5bba3a4f73472d23a88df20de5afa6 /xmloff/source | |
| parent | 6f3899b27156591e65f62649a92c727eb6f5dd03 (diff) | |
Avoid UBSan pointer-overflow
...as seen with recently introduced UITest_writer_tests
UITEST_TEST_NAME=compareDocuments.compareDocuments.test_tdf137855, but where the
unsigned sal_uLong (aka sal_uIntPtr) value is apparently meant to wrap around
and address an element of m_pMemory at a negative index from m_pBDiag:
> sw/source/core/doc/doccomp.cxx:832:13: runtime error: addition of unsigned offset to 0x6250014a90d0 overflowed to 0x6250014a90b8
> #0 in (anonymous namespace)::Compare::CompareSequence::Compare(unsigned long, unsigned long, unsigned long, unsigned long) at sw/source/core/doc/doccomp.cxx:832:13
> #1 in (anonymous namespace)::Compare::CompareSequence::CompareSequence((anonymous namespace)::CompareData&, (anonymous namespace)::CompareData&, (anonymous namespace)::Compare::MovedData const&, (anonymous namespace)::Compare::MovedData const&) at sw/source/core/doc/doccomp.cxx:794:5
> #2 in (anonymous namespace)::Compare::Compare(unsigned long, (anonymous namespace)::CompareData&, (anonymous namespace)::CompareData&) at sw/source/core/doc/doccomp.cxx:605:25
> #3 in (anonymous namespace)::CompareData::CompareLines((anonymous namespace)::CompareData&) at sw/source/core/doc/doccomp.cxx:440:17
> #4 in SwDoc::CompareDoc(SwDoc const&) at sw/source/core/doc/doccomp.cxx:1877:13
> #5 in SwEditShell::CompareDoc(SwDoc const&) at sw/source/core/edit/editsh.cxx:877:34
> #6 in SwView::InsertMedium(unsigned short, std::unique_ptr<SfxMedium, std::default_delete<SfxMedium> >, short) at sw/source/uibase/uiview/view2.cxx:2377:39
> #7 in SwView::DialogClosedHdl(sfx2::FileDialogHelper*) at sw/source/uibase/uiview/view2.cxx:2574:26
[...]
Using std::make_signed_t where its canonic type happens to be `long` requires a
workaround for old Clang to avoid a false
> CXXFunctionalCastExpr, suspicious cast from 'sal_uLong' (aka 'unsigned long') to 'std::make_signed_t<decltype(d)>' (aka 'long') [loplugin:toolslong]
warning.
Change-Id: I07413ba06051f75d80832a4772ab1c541805b259
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/105234
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'xmloff/source')
0 files changed, 0 insertions, 0 deletions