diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2017-11-12 21:16:42 +0000 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2017-11-27 12:55:07 +0100 |
| commit | 4ce85db20254a20ff5f8a7a73f09a9f601a1ee62 (patch) | |
| tree | 5662b0e9e6967a19d9c6840ee64f7d950dd8d5cc /sc | |
| parent | 82094d1a77bc5ad8d732f640c1a05a6b5339b666 (diff) | |
ofz+valgrind: Conditional jump or move depends on uninitialised value
if, before lcl_UnicodeStrNCpy is called, aSymbol contains embedded
nulls then the aSymbol.getLength() and the mnRangeOpPosInSymbol value
derived from an earlier aSymbol.getLength() include the range after
the embedded null, while lcl_UnicodeStrNCpy stops at the first
embedded null leaving cSymbol with uninitialized value that
are later read from it.
Conditional jump or move depends on uninitialised value(s)
at 0x23BFBCA0: ScCompiler::IsReference(rtl::OUString const&, rtl::OUString const*) (compiler.cxx:3275)
by 0x23BFFF4C: ScCompiler::NextNewToken(bool) (compiler.cxx:4248)
by 0x23C00D20: ScCompiler::CompileString(rtl::OUString const&) (compiler.cxx:4419)
by 0x23A29FAF: ScFormulaCell::Compile(rtl::OUString const&, bool, formula::FormulaGrammar::Grammar) (formulacell.cxx:1118)
by 0x23A278B7: ScFormulaCell::ScFormulaCell(ScDocument*, ScAddress const&, rtl::OUString const&, formula::FormulaGrammar::Grammar, ScMatrixMode) (formulacell.cxx:656)
by 0x23772EC3: ScColumn::ParseString(ScCellValue&, int, short, rtl::OUString const&, formula::FormulaGrammar::AddressConvention, ScSetStringParam const*) (column3.cxx:1729)
by 0x2377354B: ScColumn::SetString(int, short, rtl::OUString const&, formula::FormulaGrammar::AddressConvention, ScSetStringParam*) (column3.cxx:1851)
by 0x23AE2B97: ScTable::SetString(short, int, short, rtl::OUString const&, ScSetStringParam*) (table2.cxx:1369)
by 0x23897045: ScDocument::SetString(short, int, short, rtl::OUString const&, ScSetStringParam*) (document.cxx:3377)
by 0x1F35F41C: ScEEImport::WriteToDocument(bool, double, SvNumberFormatter*, bool) (eeimpars.cxx:400)
by 0x1F366F3B: ScFormatFilterPluginImpl::ScImportRTF(SvStream&, rtl::OUString const&, ScDocument*, ScRange&) (rtfimp.cxx:34)
Change-Id: Iefc6be6c3a383bd9b3cdeaa896c07e24e5100dc7
Reviewed-on: https://gerrit.libreoffice.org/44658
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Eike Rathke <erack@redhat.com>
(cherry picked from commit 6be596c282f84a3cb3a62edccfdfbf69663cf59e)
Reviewed-on: https://gerrit.libreoffice.org/44690
(cherry picked from commit 8959754d2617dad38968ca008791e6431afcbdbd)
Diffstat (limited to 'sc')
| -rw-r--r-- | sc/source/core/tool/compiler.cxx | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sc/source/core/tool/compiler.cxx b/sc/source/core/tool/compiler.cxx index 5e74e5e35576..69e33b128ea3 100644 --- a/sc/source/core/tool/compiler.cxx +++ b/sc/source/core/tool/compiler.cxx @@ -1939,7 +1939,7 @@ void ScCompiler::SetError(FormulaError nError) static sal_Unicode* lcl_UnicodeStrNCpy( sal_Unicode* pDst, const sal_Unicode* pSrc, sal_Int32 nMax ) { const sal_Unicode* const pStop = pDst + nMax; - while ( *pSrc && pDst < pStop ) + while ( pDst < pStop ) { *pDst++ = *pSrc++; } |