chart2/source/tools/InternalDataProvider.cxx
| 7
configure.ac
| 2
connectivity/source/commontools/dbconversion.cxx
| 9 -
connectivity/source/drivers/dbase/DTable.cxx
| 13 +
download.lst
| 58 ++++----
external/graphite/StaticLibrary_graphite.mk
| 4
external/graphite/UnpackedTarball_graphite.mk
| 4
external/graphite/graphite2.issue1115.patch.1
| 22 ---
external/graphite/graphite2.win64.patch.1
| 60 --------
external/graphite/ubsan.patch
| 53 -------
external/libabw/UnpackedTarball_libabw.mk
| 4
external/libabw/libabw-msvc.patch.1
| 46 ------
external/libcdr/UnpackedTarball_libcdr.mk
| 4
external/libcdr/libcdr-visibility-win.patch
| 11 +
external/libetonyek/Library_etonyek.mk
| 1
external/libetonyek/UnpackedTarball_libetonyek.mk
| 1
external/libetonyek/initial-creator.patch.1
| 26 ---
external/libetonyek/libetonyek-bundled-soname.patch.0
| 3
external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
| 1
external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
| 38 +++++
external/libmwaw/0001-ssize_t-is-not-std-type.patch.1
| 27 ---
external/libmwaw/Library_mwaw.mk
| 5
external/libmwaw/UnpackedTarball_libmwaw.mk
| 4
external/libmwaw/libmwaw-bundled-soname.patch.0
| 6
external/libodfgen/0001-tdf-101077-make-double-string-conversion-locale-agno.patch.1
| 58 --------
external/libodfgen/ExternalProject_libodfgen.mk
| 4
external/libodfgen/Library_odfgen.mk
| 3
external/libodfgen/UnpackedTarball_libodfgen.mk
| 4
external/libodfgen/libodfgen-bundled-soname.patch.0
| 5
external/libvisio/0001-fix-debug-build.patch.1
| 40 -----
external/libvisio/UnpackedTarball_libvisio.mk
| 1
external/libvisio/ubsan.patch
| 4
external/libwpd/Library_wpd.mk
| 2
external/libwpd/include.patch
| 4
external/libwpd/libwpd-bundled-soname.patch.0
| 3
external/pdfium/Library_pdfium.mk
| 44 +++---
external/pdfium/README
| 2
external/pdfium/build.patch.1
| 71 +++++++++-
external/pdfium/msvc2015.patch.1
| 2
external/pdfium/ubsan.patch
| 6
external/poppler/StaticLibrary_poppler.mk
| 2
external/poppler/poppler-config.patch.1
| 58 ++++++--
include/vcl/BitmapTools.hxx
| 5
lotuswordpro/source/filter/lwpfribptr.cxx
| 35 ++--
lotuswordpro/source/filter/lwpfribptr.hxx
| 4
sc/source/core/tool/compiler.cxx
| 9 +
sc/source/core/tool/interpr1.cxx
| 2
solenv/flatpak-manifest.in
| 55 +++----
svtools/source/svhtml/parhtml.cxx
| 8 -
sw/qa/core/data/html/pass/ofz40593-1.html
|binary
sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc
|binary
sw/qa/core/data/ww8/pass/ofz34749-1.doc
|binary
sw/qa/core/data/ww8/pass/ofz38011-1.doc
|binary
sw/source/core/inc/layact.hxx
| 8 -
sw/source/core/layout/layact.cxx
| 65 ++++++++-
sw/source/core/layout/objectformattertxtfrm.cxx
| 2
sw/source/core/layout/pagechg.cxx
| 2
sw/source/core/text/inftxt.cxx
| 2
sw/source/core/text/itrform2.cxx
| 4
sw/source/filter/html/htmltab.cxx
| 33 ++++
sw/source/filter/ww8/ww8par.cxx
| 13 +
sw/source/filter/ww8/ww8par.hxx
| 13 +
sw/source/filter/ww8/ww8par2.cxx
| 9 +
sw/source/filter/ww8/ww8par6.cxx
| 3
tools/source/generic/poly.cxx
| 2
vcl/source/gdi/jobset.cxx
| 7
vcl/source/graphic/Manager.cxx
| 7
vcl/unx/generic/printer/cpdmgr.cxx
| 49 +++---
writerperfect/qa/unit/WpftDrawFilterTest.cxx
| 2
writerperfect/qa/unit/data/draw/libmwaw/pass/CorelPainter_10
|binary
writerperfect/qa/unit/data/draw/libmwaw/pass/CorelPainter_3_win.rif
|binary
71 files changed, 527 insertions(+), 534 deletions(-)
New commits:
commit b2a84f3a491cb44c9139a117cc2520ffd702488a
Author: Michael Stahl <[email protected]>
AuthorDate: Tue Nov 16 14:41:57 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:35 2021 +0100
postgresql: upgrade to release 13.5
Fixes CVE-2021-23222.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125308
Tested-by: Jenkins
Reviewed-by: Michael Stahl <[email protected]>
(cherry picked from commit 71b9369f1cc40143108e3f2189d96e402895e315)
Change-Id: I4e16fcc60c634382a864f66b211d0e0170a06db0
diff --git a/download.lst b/download.lst
index 22cd0fb9ed4c..d20af4b159f7 100644
--- a/download.lst
+++ b/download.lst
@@ -208,8 +208,8 @@ export LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201f
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
export POPPLER_SHA256SUM :=
31b76b5cac0a48612fdd154c02d9eca01fd38fb8eaa77c1196840ecdeb53a584
export POPPLER_TARBALL := poppler-21.11.0.tar.xz
-export POSTGRESQL_SHA256SUM :=
12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f
-export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
+export POSTGRESQL_SHA256SUM :=
9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3
+export POSTGRESQL_TARBALL := postgresql-13.5.tar.bz2
export PYTHON_SHA256SUM :=
c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049
export PYTHON_TARBALL := Python-3.5.9.tar.xz
export QXP_SHA256SUM :=
e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c
commit 08a56e3f06bfd10df358818a76ccb61c7c0fe31c
Author: Michael Stahl <[email protected]>
AuthorDate: Tue Nov 16 14:28:15 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:35 2021 +0100
ofz#40766 svtools, sw: HTMLParser: really stop inserting control chars
35d248cab1f0d4800f72abb5cb6afb56f40d9083 forgot to fix one place where
control characters were in a presumed XML declaration.
Another place looks missing where comments are handled, but it's not
clear if these can be passed on to Writer.
Revert the previous fix from commit
b3325ef8cdfc2c82eec34e747106f75a9fccb7e4.
Change-Id: I11ad13de9122533626e512ce0384051e3e5bd97f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125306
Tested-by: Jenkins
Reviewed-by: Michael Stahl <[email protected]>
(cherry picked from commit a7116b890ccd6dd1721413b4de6591a8057668ef)
diff --git a/svtools/source/svhtml/parhtml.cxx
b/svtools/source/svhtml/parhtml.cxx
index dad59b28a2ab..8e0e64ec9bf3 100644
--- a/svtools/source/svhtml/parhtml.cxx
+++ b/svtools/source/svhtml/parhtml.cxx
@@ -1069,6 +1069,7 @@ HtmlTokenId HTMLParser::GetNextToken_()
aToken += sTmpBuffer.makeStringAndClear();
nNextCh = GetNextChar();
} while( '>' != nNextCh && '/' != nNextCh &&
!rtl::isAsciiWhiteSpace( nNextCh ) &&
+ !linguistic::IsControlChar(nNextCh) &&
IsParserWorking() && !rInput.eof() );
if( !sTmpBuffer.isEmpty() )
@@ -1141,8 +1142,11 @@ HtmlTokenId HTMLParser::GetNextToken_()
if( !bDone )
aToken += OUString(&nNextCh,1);
}
- else
- aToken += OUString(&nNextCh,1);
+ else if (!linguistic::IsControlChar(nNextCh)
+ || nNextCh == '\r' || nNextCh == '\n' ||
nNextCh == '\t')
+ {
+ aToken += OUString(&nNextCh, 1);
+ }
if( !bDone )
nNextCh = GetNextChar();
}
commit d4b79c0d8d4101d92fa3484dd8db2369bc213a46
Author: Caolán McNamara <[email protected]>
AuthorDate: Mon Nov 1 17:34:23 2021 +0000
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:35 2021 +0100
ofz#40593 remove Objects from m_xResizeDrawObjects if deleted during parse
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124563
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 2f01faaf88b6d172d7293f0c9e2a061d99b8ceb5)
fix misplaced line
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124630
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 4ed359093c991291216c39cffe14a60e607ec551)
Change-Id: I11fa665175ef067a36f4822676c02d4df1e1e250
diff --git a/sw/qa/core/data/html/pass/ofz40593-1.html
b/sw/qa/core/data/html/pass/ofz40593-1.html
new file mode 100644
index 000000000000..43510d5d00b2
Binary files /dev/null and b/sw/qa/core/data/html/pass/ofz40593-1.html differ
diff --git a/sw/source/filter/html/htmltab.cxx
b/sw/source/filter/html/htmltab.cxx
index 9e7230dc7b35..2a78a258fb22 100644
--- a/sw/source/filter/html/htmltab.cxx
+++ b/sw/source/filter/html/htmltab.cxx
@@ -35,6 +35,8 @@
#include <svtools/htmlkywd.hxx>
#include <svl/urihelper.hxx>
#include <o3tl/make_unique.hxx>
+#include <svx/sdrobjectuser.hxx>
+#include <sal/log.hxx>
#include <dcontact.hxx>
#include <fmtornt.hxx>
@@ -369,7 +371,7 @@ typedef std::vector<HTMLTableColumn> HTMLTableColumns;
typedef std::vector<SdrObject *> SdrObjects;
-class HTMLTable
+class HTMLTable : public sdr::ObjectUser
{
OUString m_aId;
OUString m_aStyle;
@@ -517,6 +519,8 @@ private:
sal_uInt16 GetBorderWidth( const SvxBorderLine& rBLine,
bool bWithDistance=false ) const;
+ virtual void ObjectInDestruction(const SdrObject& rObject) override;
+
public:
bool m_bFirstCell; // is there a cell created already?
@@ -526,7 +530,7 @@ public:
bool bHasToFly,
const HTMLTableOptions& rOptions);
- ~HTMLTable();
+ virtual ~HTMLTable();
// Identifying of a cell
const HTMLTableCell& GetCell(sal_uInt16 nRow, sal_uInt16 nCell) const;
@@ -1055,11 +1059,33 @@ void SwHTMLParser::DeregisterHTMLTable(HTMLTable* pOld)
m_aTables.erase(std::remove(m_aTables.begin(), m_aTables.end(), pOld));
}
+// if any m_pResizeDrawObjects members are deleted during parse, remove them
+// from m_pResizeDrawObjects and m_pDrawObjectPrcWidths
+void HTMLTable::ObjectInDestruction(const SdrObject& rObject)
+{
+ auto it = std::find(m_pResizeDrawObjects->begin(),
m_pResizeDrawObjects->end(), &rObject);
+ assert(it != m_pResizeDrawObjects->end());
+ auto nIndex = std::distance(m_pResizeDrawObjects->begin(), it);
+ m_pResizeDrawObjects->erase(it);
+ auto otherit = m_pDrawObjectPrcWidths->begin() + nIndex * 3;
+ m_pDrawObjectPrcWidths->erase(otherit, otherit + 3);
+}
+
HTMLTable::~HTMLTable()
{
m_pParser->DeregisterHTMLTable(this);
- delete m_pResizeDrawObjects;
+ if (m_pResizeDrawObjects)
+ {
+ size_t nCount = m_pResizeDrawObjects->size();
+ for (size_t i = 0; i < nCount; ++i)
+ {
+ SdrObject *pObj = (*m_pResizeDrawObjects)[i];
+ pObj->RemoveObjectUser(*this);
+ }
+ delete m_pResizeDrawObjects;
+ }
+
delete m_pDrawObjectPrcWidths;
delete m_pContext;
@@ -2454,6 +2480,7 @@ void HTMLTable::RegisterDrawObject( SdrObject *pObj,
sal_uInt8 nPrcWidth )
if( !m_pResizeDrawObjects )
m_pResizeDrawObjects = new SdrObjects;
m_pResizeDrawObjects->push_back( pObj );
+ pObj->AddObjectUser(*this);
if( !m_pDrawObjectPrcWidths )
m_pDrawObjectPrcWidths = new std::vector<sal_uInt16>;
commit 5f2e5ce8606d49355926a391b82fbbebea7a0a7e
Author: Caolán McNamara <[email protected]>
AuthorDate: Sun Sep 26 14:05:37 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:35 2021 +0100
ofz#39304 short timestamp record
Change-Id: I8f783473dd5d4679846c7c866cd1853ef7d919fc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122628
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit bfc70a9f314bbb5b03247be25544e9b4cc467f8d)
diff --git a/connectivity/source/drivers/dbase/DTable.cxx
b/connectivity/source/drivers/dbase/DTable.cxx
index f0112d35a03e..8d9539996452 100644
--- a/connectivity/source/drivers/dbase/DTable.cxx
+++ b/connectivity/source/drivers/dbase/DTable.cxx
@@ -775,10 +775,8 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const
OSQLColumns & _rCols, bool
for (std::size_t i = 1; aIter != aEnd && nByteOffset <= m_nBufferSize && i
< nCount;++aIter, i++)
{
// Lengths depending on data type:
- sal_Int32 nLen = 0;
- sal_Int32 nType = 0;
- nLen = m_aPrecisions[i-1];
- nType = m_aTypes[i-1];
+ sal_Int32 nLen = m_aPrecisions[i-1];
+ sal_Int32 nType = m_aTypes[i-1];
switch(nType)
{
@@ -837,8 +835,13 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const
OSQLColumns & _rCols, bool
else if ( DataType::TIMESTAMP == nType )
{
sal_Int32 nDate = 0,nTime = 0;
+ if (nLen < 8)
+ {
+ SAL_WARN("connectivity.drivers", "short TIMESTAMP");
+ return false;
+ }
memcpy(&nDate, pData, 4);
- memcpy(&nTime, pData+ 4, 4);
+ memcpy(&nTime, pData + 4, 4);
if ( !nDate && !nTime )
{
(_rRow->get())[i]->setNull();
commit 1b6450be9aff65b2a65f47c7dad9c581e49fea6a
Author: Caolán McNamara <[email protected]>
AuthorDate: Sun Sep 26 14:23:54 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:35 2021 +0100
ofz#39301 month has to be in range [1-12]
Change-Id: I5a4ca534b24098342d8f465a32bc1887f40f5b63
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122629
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 4a93b7a2f8a3fc13fed800d93e2103b785abeb62)
diff --git a/connectivity/source/commontools/dbconversion.cxx
b/connectivity/source/commontools/dbconversion.cxx
index fe600a7b8063..10fcda252ee4 100644
--- a/connectivity/source/commontools/dbconversion.cxx
+++ b/connectivity/source/commontools/dbconversion.cxx
@@ -27,6 +27,7 @@
#include <rtl/character.hxx>
#include <rtl/ustrbuf.hxx>
#include <rtl/math.hxx>
+#include <sal/log.hxx>
#include <unotools/datetime.hxx>
#include <sstream>
#include <iomanip>
@@ -167,10 +168,13 @@ namespace dbtools
;
}
-
static sal_Int32 implDaysInMonth(sal_Int32 _nMonth, sal_Int32 _nYear)
{
- OSL_ENSURE(_nMonth > 0 && _nMonth < 13,"Month as invalid value!");
+ SAL_WARN_IF(_nMonth < 1 || _nMonth > 12, "connectivity.commontools",
"Month has invalid value: " << _nMonth);
+ if (_nMonth < 1)
+ _nMonth = 1;
+ else if (_nMonth > 12)
+ _nMonth = 12;
if (_nMonth != 2)
return aDaysInMonth[_nMonth-1];
else
@@ -182,7 +186,6 @@ namespace dbtools
}
}
-
static sal_Int32 implRelativeToAbsoluteNull(const css::util::Date& _rDate)
{
sal_Int32 nDays = 0;
commit f3d505122a0251759d0fb8403f2b6208760861f1
Author: Caolán McNamara <[email protected]>
AuthorDate: Sat Sep 25 19:57:36 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:34 2021 +0100
ofz#39252 use safer SwUnoCursor for the pos to move back to
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/122611
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit ca844cbdc3e933e3082e9cde0632445916de819e)
Change-Id: Iba6f200cea92196986bd30564cf56ab5d8b954b1
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 5b6f185fdcca..e90b9c67bb9b 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -1974,7 +1974,7 @@ void SwWW8ImplReader::ImportDopTypography(const
WW8DopTypography &rTypo)
* Footnotes and Endnotes
*/
WW8ReaderSave::WW8ReaderSave(SwWW8ImplReader* pRdr ,WW8_CP nStartCp) :
- maTmpPos(*pRdr->m_pPaM->GetPoint()),
+ mxTmpPos(pRdr->m_rDoc.CreateUnoCursor(*pRdr->m_pPaM->GetPoint())),
mxOldStck(std::move(pRdr->m_xCtrlStck)),
mxOldAnchorStck(std::move(pRdr->m_xAnchorStck)),
mxOldRedlines(std::move(pRdr->m_xRedlineStack)),
@@ -2072,7 +2072,7 @@ void WW8ReaderSave::Restore( SwWW8ImplReader* pRdr )
pRdr->DeleteAnchorStack();
pRdr->m_xAnchorStck = std::move(mxOldAnchorStck);
- *pRdr->m_pPaM->GetPoint() = maTmpPos;
+ *pRdr->m_pPaM->GetPoint() = GetStartPos();
if (mxOldPlcxMan != pRdr->m_xPlcxMan)
pRdr->m_xPlcxMan = mxOldPlcxMan;
diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx
index a0d500a6eb81..82d861adc0a8 100644
--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -46,6 +46,7 @@
#include <com/sun/star/drawing/TextVerticalAdjust.hpp>
#include <swtypes.hxx>
+#include <unocrsr.hxx>
#include <fmtfsize.hxx>
#include <fmtornt.hxx>
#include <fmtsrnd.hxx>
@@ -584,7 +585,7 @@ class WW8ReaderSave
{
private:
WW8PLCFxSaveAll maPLCFxSave;
- SwPosition maTmpPos;
+ std::shared_ptr<SwUnoCursor> mxTmpPos;
std::deque<bool> maOldApos;
std::deque<WW8FieldEntry> maOldFieldStack;
std::unique_ptr<SwWW8FltControlStack> mxOldStck;
@@ -612,7 +613,7 @@ private:
public:
WW8ReaderSave(SwWW8ImplReader* pRdr, WW8_CP nStart=-1);
void Restore(SwWW8ImplReader* pRdr);
- const SwPosition &GetStartPos() const { return maTmpPos; }
+ const SwPosition &GetStartPos() const { return *mxTmpPos->GetPoint(); }
};
enum class eF_ResT { OK, TEXT, TAGIGN, READ_FSPA };
commit 80152d19a1ae19ad83fa7032a785b38f2cc09377
Author: Caolán McNamara <[email protected]>
AuthorDate: Thu Sep 2 13:35:34 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:34 2021 +0100
ofz#38011 save and restore m_pLastAnchorPos via UnoCursor
when we do some operations that may delete paragraphs
Change-Id: I2165dd287771f06c6d0fd061dd7659b06db4bd72
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121511
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit bc7baa18435000f47f90e47d3300710bcb4cf56b)
diff --git a/sw/qa/core/data/ww8/pass/ofz38011-1.doc
b/sw/qa/core/data/ww8/pass/ofz38011-1.doc
new file mode 100644
index 000000000000..8ef58ca5395d
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/ofz38011-1.doc differ
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index 487e98791c32..209c594ffcc5 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -2744,8 +2744,17 @@ void WW8TabDesc::FinishSwTable()
{
m_pIo->m_xRedlineStack->closeall(*m_pIo->m_pPaM->GetPoint());
m_pIo->m_aFrameRedlines.emplace(std::move(m_pIo->m_xRedlineStack));
+
+ // ofz#38011 drop m_pLastAnchorPos during RedlineStack dtor and restore it
afterwards to the same
+ // place, or somewhere close if that place got destroyed
+ std::shared_ptr<SwUnoCursor> xLastAnchorCursor(m_pIo->m_pLastAnchorPos ?
m_pIo->m_rDoc.CreateUnoCursor(*m_pIo->m_pLastAnchorPos) : nullptr);
+ m_pIo->m_pLastAnchorPos.reset();
+
m_pIo->m_xRedlineStack = std::move(mxOldRedlineStack);
+ if (xLastAnchorCursor)
+ m_pIo->m_pLastAnchorPos.reset(new
SwPosition(*xLastAnchorCursor->GetPoint()));
+
WW8DupProperties aDup(m_pIo->m_rDoc,m_pIo->m_xCtrlStck.get());
m_pIo->m_xCtrlStck->SetAttr( *m_pIo->m_pPaM->GetPoint(), 0, false);
commit 26bc198d9a2f00a82df3d4074d3502224953ef9b
Author: Caolán McNamara <[email protected]>
AuthorDate: Sun Aug 29 16:58:11 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:34 2021 +0100
ofz#37796 limit to numeric_limits<int>::max
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121230
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 72da4c623baf60eb2b7073697cd36ffb3022847d)
Change-Id: I6e09226fad1e566ba2758d0084042b603b84d221
diff --git a/include/vcl/BitmapTools.hxx b/include/vcl/BitmapTools.hxx
index 2ff0f69eea79..941ef8c9c381 100644
--- a/include/vcl/BitmapTools.hxx
+++ b/include/vcl/BitmapTools.hxx
@@ -24,6 +24,7 @@
#include <basegfx/matrix/b2dhommatrix.hxx>
#include <o3tl/safeint.hxx>
#include <array>
+#include <limits>
namespace vcl {
namespace bitmap {
@@ -43,6 +44,10 @@ public:
mnBitCount(nBitCount)
{
assert(nBitCount == 24 || nBitCount == 32);
+ if (rSize.getWidth() > std::numeric_limits<sal_Int32>::max() ||
rSize.getWidth() < 0)
+ throw std::bad_alloc();
+ if (rSize.getHeight() > std::numeric_limits<sal_Int32>::max() ||
rSize.getHeight() < 0)
+ throw std::bad_alloc();
sal_Int32 nRowSize, nDataSize;
if (o3tl::checked_multiply<sal_Int32>(rSize.getWidth(), nBitCount/8,
nRowSize) ||
o3tl::checked_multiply<sal_Int32>(nRowSize, rSize.getHeight(),
nDataSize) ||
commit cb05fd09ddaf3eac850c1c1f967a89024d2294e3
Author: Caolán McNamara <[email protected]>
AuthorDate: Wed Aug 18 16:57:18 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:34 2021 +0100
ofz#37322 Bad-cast
use a SwUnoCursor for the LastAnchorPos around here, this is similar to
ofz#9858 Bad-cast
Change-Id: I194a39ae13c382740b0ba8145dcc33fb2107105d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120679
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit c1cd505c67a53a0a27589889b34641612d10946d)
diff --git a/sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc
b/sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc
new file mode 100644
index 000000000000..fd64eeed2963
Binary files /dev/null and b/sw/qa/core/data/ww5/pass/ooo37322-1-WW2.doc differ
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index d23c5b0d7421..5b6f185fdcca 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -2058,8 +2058,17 @@ void WW8ReaderSave::Restore( SwWW8ImplReader* pRdr )
pRdr->m_xRedlineStack->closeall(*pRdr->m_pPaM->GetPoint());
pRdr->m_aFrameRedlines.emplace(std::move(pRdr->m_xRedlineStack));
+
+ // ofz#37322 drop m_pLastAnchorPos during RedlineStack dtor and restore it
afterwards to the same
+ // place, or somewhere close if that place got destroyed
+ std::shared_ptr<SwUnoCursor> xLastAnchorCursor(pRdr->m_pLastAnchorPos ?
pRdr->m_rDoc.CreateUnoCursor(*pRdr->m_pLastAnchorPos) : nullptr);
+ pRdr->m_pLastAnchorPos.reset();
+
pRdr->m_xRedlineStack = std::move(mxOldRedlines);
+ if (xLastAnchorCursor)
+ pRdr->m_pLastAnchorPos.reset(new
SwPosition(*xLastAnchorCursor->GetPoint()));
+
pRdr->DeleteAnchorStack();
pRdr->m_xAnchorStck = std::move(mxOldAnchorStck);
commit 39ef8c46df7eb7ce4e184a14ad64a2740a16030b
Author: Caolán McNamara <[email protected]>
AuthorDate: Fri Jul 16 12:45:21 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:34 2021 +0100
crashtesting: UaF on layout of fdo53985-1.docx
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119060
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit ceb32f59d96a17c3007ed883fb44bc880673c8e0)
Change-Id: Id8ca0d277f485347e21bd8d6d68de2a7de13de48
diff --git a/sw/source/core/inc/layact.hxx b/sw/source/core/inc/layact.hxx
index 4e9a01d34830..9ca134c535f1 100644
--- a/sw/source/core/inc/layact.hxx
+++ b/sw/source/core/inc/layact.hxx
@@ -62,6 +62,9 @@ class SwLayAction
SwWait *m_pWait;
+ std::vector<SwFrame*> m_aFrameStack;
+ std::vector<std::unique_ptr<SwFrameDeleteGuard>> m_aFrameDeleteGuards;
+
// If a paragraph (or anything else) moved more than one page when
// formatting, it adds its new page number here.
// The InternalAction can then take the appropriate steps.
@@ -115,6 +118,9 @@ class SwLayAction
bool RemoveEmptyBrowserPages();
+ void PushFormatLayout(SwFrame* pLow);
+ void PopFormatLayout();
+
inline void CheckIdleEnd();
public:
@@ -146,7 +152,7 @@ public:
void SetReschedule ( bool bNew ) { m_bReschedule = bNew; }
void SetWaitAllowed ( bool bNew ) { m_bWaitAllowed = bNew; }
- void SetAgain(bool bAgain) { m_bAgain = bAgain; }
+ void SetAgain(bool bAgain);
void SetUpdateExpFields() {m_bUpdateExpFields = true; }
inline void SetCheckPageNum( sal_uInt16 nNew );
diff --git a/sw/source/core/layout/layact.cxx b/sw/source/core/layout/layact.cxx
index b4924390af50..e26c4fd3bafe 100644
--- a/sw/source/core/layout/layact.cxx
+++ b/sw/source/core/layout/layact.cxx
@@ -313,6 +313,53 @@ bool SwLayAction::RemoveEmptyBrowserPages()
return bRet;
}
+void SwLayAction::SetAgain(bool bAgain)
+{
+ if (bAgain == m_bAgain)
+ return;
+
+ m_bAgain = bAgain;
+
+ assert(m_aFrameStack.size() == m_aFrameDeleteGuards.size());
+ size_t nCount = m_aFrameStack.size();
+ if (m_bAgain)
+ {
+ // LayAction::FormatLayout is now flagged to exit early and will avoid
+ // dereferencing any SwFrames in the stack of FormatLayouts so allow
+ // their deletion
+ for (size_t i = 0; i < nCount; ++i)
+ m_aFrameDeleteGuards[i].reset();
+ }
+ else
+ {
+ // LayAction::FormatLayout is now continue normally and will
+ // dereference the top SwFrame in the stack of m_aFrameStack as each
+ // FormatLevel returns so disallow their deletion
+ for (size_t i = 0; i < nCount; ++i)
+ m_aFrameDeleteGuards[i] =
std::make_unique<SwFrameDeleteGuard>(m_aFrameStack[i]);
+ }
+}
+
+void SwLayAction::PushFormatLayout(SwFrame* pLow)
+{
+ /* Workaround crash seen in crashtesting with fdo53985-1.docx
+
+ Lock pLow against getting deleted when it will be dereferenced
+ after FormatLayout
+
+ If SetAgain is called to make SwLayAction exit early to avoid that
+ dereference, then it clears these guards
+ */
+ m_aFrameStack.push_back(pLow);
+ m_aFrameDeleteGuards.push_back(std::make_unique<SwFrameDeleteGuard>(pLow));
+}
+
+void SwLayAction::PopFormatLayout()
+{
+ m_aFrameDeleteGuards.pop_back();
+ m_aFrameStack.pop_back();
+}
+
void SwLayAction::Action(OutputDevice* pRenderContext)
{
m_bActionInProgress = true;
@@ -1360,7 +1407,11 @@ bool SwLayAction::FormatLayout( OutputDevice
*pRenderContext, SwLayoutFrame *pLa
bTabChanged |= FormatLayoutTab(
static_cast<SwTabFrame*>(pLow), bAddRect );
// Skip the ones already registered for deletion
else if( !pLow->IsSctFrame() ||
static_cast<SwSectionFrame*>(pLow)->GetSection() )
+ {
+ PushFormatLayout(pLow);
bChanged |= FormatLayout( pRenderContext,
static_cast<SwLayoutFrame*>(pLow), bAddRect );
+ PopFormatLayout();
+ }
}
else if ( m_pImp->GetShell()->IsPaintLocked() )
// Shortcut to minimize the cycles. With Lock, the
commit 7785d980d64fd2a98027d1f485de39c8280ba7e7
Author: Caolán McNamara <[email protected]>
AuthorDate: Thu Jul 15 14:13:35 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:34 2021 +0100
Only change SwLayAction::m_bAgain via SetAgain
no logic change intended
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118983
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 3a5383892e1f0e22558cd56cb77d56a09c515b7a)
Change-Id: Ib0174f8040faa3efde7b9c5ba9b062bac5a35da3
diff --git a/sw/source/core/inc/layact.hxx b/sw/source/core/inc/layact.hxx
index 9240ef9d2a98..4e9a01d34830 100644
--- a/sw/source/core/inc/layact.hxx
+++ b/sw/source/core/inc/layact.hxx
@@ -146,7 +146,7 @@ public:
void SetReschedule ( bool bNew ) { m_bReschedule = bNew; }
void SetWaitAllowed ( bool bNew ) { m_bWaitAllowed = bNew; }
- void SetAgain() { m_bAgain = true; }
+ void SetAgain(bool bAgain) { m_bAgain = bAgain; }
void SetUpdateExpFields() {m_bUpdateExpFields = true; }
inline void SetCheckPageNum( sal_uInt16 nNew );
diff --git a/sw/source/core/layout/layact.cxx b/sw/source/core/layout/layact.cxx
index ae643be49d37..b4924390af50 100644
--- a/sw/source/core/layout/layact.cxx
+++ b/sw/source/core/layout/layact.cxx
@@ -276,12 +276,13 @@ SwLayAction::~SwLayAction()
void SwLayAction::Reset()
{
+ SetAgain(false);
m_pOptTab = nullptr;
m_nStartTicks = std::clock();
m_nInputType = VclInputFlags::NONE;
m_nEndPage = m_nPreInvaPage = m_nCheckPageNum = USHRT_MAX;
m_bPaint = m_bComplete = m_bWaitAllowed = m_bCheckPages = true;
- m_bInput = m_bAgain = m_bNextCycle = m_bCalcLayout = m_bIdle =
m_bReschedule =
+ m_bInput = m_bNextCycle = m_bCalcLayout = m_bIdle = m_bReschedule =
m_bUpdateExpFields = m_bBrowseActionStop = false;
}
@@ -339,12 +340,15 @@ void SwLayAction::Action(OutputDevice* pRenderContext)
SetCheckPages( false );
InternalAction(pRenderContext);
- m_bAgain |= RemoveEmptyBrowserPages();
+ if (RemoveEmptyBrowserPages())
+ SetAgain(true);
while ( IsAgain() )
{
- m_bAgain = m_bNextCycle = false;
+ SetAgain(false);
+ m_bNextCycle = false;
InternalAction(pRenderContext);
- m_bAgain |= RemoveEmptyBrowserPages();
+ if (RemoveEmptyBrowserPages())
+ SetAgain(true);
}
m_pRoot->DeleteEmptySct();
@@ -635,7 +639,7 @@ void SwLayAction::InternalAction(OutputDevice*
pRenderContext)
{
bool bOld = IsAgain();
m_pRoot->RemoveSuperfluous();
- m_bAgain = bOld;
+ SetAgain(bOld);
}
if ( IsAgain() )
{
diff --git a/sw/source/core/layout/objectformattertxtfrm.cxx
b/sw/source/core/layout/objectformattertxtfrm.cxx
index 1af4476d4946..88f0bc28904f 100644
--- a/sw/source/core/layout/objectformattertxtfrm.cxx
+++ b/sw/source/core/layout/objectformattertxtfrm.cxx
@@ -293,7 +293,7 @@ bool SwObjectFormatterTextFrame::DoFormatObjs()
{
// notify layout action, thus is can restart the layout process on
// a previous page.
- GetLayAction()->SetAgain();
+ GetLayAction()->SetAgain(true);
}
else
{
diff --git a/sw/source/core/layout/pagechg.cxx
b/sw/source/core/layout/pagechg.cxx
index f3b80311c52f..68a0536fa2de 100644
--- a/sw/source/core/layout/pagechg.cxx
+++ b/sw/source/core/layout/pagechg.cxx
@@ -283,7 +283,7 @@ void SwPageFrame::DestroyImpl()
SwViewShellImp *pImp = pSh->Imp();
pImp->SetFirstVisPageInvalid();
if ( pImp->IsAction() )
- pImp->GetLayAction().SetAgain();
+ pImp->GetLayAction().SetAgain(true);
// #i9719# - retouche area of page
// including border and shadow area.
const bool bRightSidebar = (SidebarPosition() ==
sw::sidebarwindows::SidebarPosition::RIGHT);
commit 4b493442cc81d988b95ddab1b818de0aa0e7b7f9
Author: Caolán McNamara <[email protected]>
AuthorDate: Mon Jul 12 16:21:04 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:34 2021 +0100
crashtesting: UaF on layout of ooo98566-1.odt
in:
sw/source/core/text/itrform2.cxx:2643 SwTextFormatter::NewFlyCntPortion
at: pFly = static_cast<SwTextFlyCnt*>(pHint)->GetFlyFrame(pFrame)
(gdb) print m_pCurr
$2 = (SwLineLayout *) 0x55ea220a0020
after calling GetFlyFrame m_pCurr is unchanged and we will call
m_pCurr->MaxAscentDescent
on it.
But m_pCurr is deleted during GetFlyFrame by...
#18 0x00007f98c5cd337f in SwLineLayout::~SwLineLayout()
(this=this@entry=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/portxt.hxx:26
#19 0x00007f98c5cd347a in SwParaPortion::~SwParaPortion()
(this=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/porlay.cxx:2491
#20 0x00007f98c5cd3485 in SwParaPortion::~SwParaPortion()
(this=0x55ea220a0020, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/text/porlay.cxx:2491
#21 0x00007f98c5d05e70 in
std::default_delete<SwParaPortion>::operator()(SwParaPortion*) const
(__ptr=<optimized out>, this=<optimized out>)
at /usr/include/c++/8/bits/unique_ptr.h:75
#22 0x00007f98c5d05e70 in std::unique_ptr<SwParaPortion,
std::default_delete<SwParaPortion> >::reset(SwParaPortion*)
(__p=<optimized out>, this=<optimized out>) at
/usr/include/c++/8/bits/unique_ptr.h:382
#23 0x00007f98c5d05e70 in SwTextLine::SetPara(SwParaPortion*, bool)
(bDelete=true, pNew=0x0, this=<optimized out>)
at source/libo-core/sw/source/core/text/txtcache.hxx:45
#24 0x00007f98c5d05e70 in SwTextFrame::ClearPara()
(this=this@entry=0x55ea21302b60) at
source/libo-core/sw/source/core/text/txtcache.cxx:113
#25 0x00007f98c5d1be89 in SwTextFrame::Init()
(this=this@entry=0x55ea21302b60) at
source/libo-core/sw/source/core/text/txtfrm.cxx:757
#26 0x00007f98c5d2630c in SwTextFrame::Prepare(PrepareHint, void const*,
bool)
(this=0x55ea21302b60, ePrep=PrepareHint::FlyFrameArrive,
pVoid=<optimized out>, bNotify=<optimized out>)
at source/libo-core/sw/source/core/text/txtfrm.cxx:3086
#27 0x00007f98c5b1edb8 in
SwFlyInContentFrame::NotifyBackground(SwPageFrame*, SwRect const&, PrepareHint)
(this=<optimized out>, rRect=..., eHint=<optimized out>) at
source/libo-core/sw/inc/anchoredobject.hxx:205
#28 0x00007f98c5b261a6 in Notify(SwFlyFrame*, SwPageFrame*, SwRect const&,
SwRect const*)
(pFly=pFly@entry=0x55ea21a18d60, pOld=0x0, rOld=SwRect = {...},
pOldPrt=pOldPrt@entry=0x7ffeb50390f8)
at source/libo-core/sw/source/core/inc/frame.hxx:1177
#29 0x00007f98c5b2ceca in SwFlyNotify::~SwFlyNotify()
(this=0x7ffeb50390d0, __in_chrg=<optimized out>)
at source/libo-core/sw/source/core/layout/frmtool.cxx:648
#30 0x00007f98c5b1fa25 in SwFlyInContentFrame::MakeAll(OutputDevice*)
(this=0x55ea21a18d60)
at source/libo-core/sw/source/core/inc/frmtool.hxx:419
#31 0x00007f98c5aec3a9 in SwFrame::PrepareMake(OutputDevice*)
(this=0x55ea21a18d60, pRenderContext=0x55ea212bc4c0)
at source/libo-core/sw/source/core/layout/calcmove.cxx:375
#32 0x00007f98c5b17ad2 in SwFlyFrame::Calc(OutputDevice*) const
(this=<optimized out>, pRenderContext=<optimized out>)
at source/libo-core/sw/source/core/layout/fly.cxx:2890
#33 0x00007f98c5b636c5 in SwObjectFormatter::FormatLayout_(SwLayoutFrame&)
(this=this@entry=0x55ea2244d150, _rLayoutFrame=...)
at source/libo-core/include/rtl/ref.hxx:206
#34 0x00007f98c5b6413e in SwObjectFormatter::FormatObj_(SwAnchoredObject&)
(this=this@entry=0x55ea2244d150, _rAnchoredObj=...)
at source/libo-core/sw/source/core/layout/objectformatter.cxx:296
#35 0x00007f98c5b6705b in
SwObjectFormatterTextFrame::DoFormatObj(SwAnchoredObject&, bool)
(this=0x55ea2244d150, _rAnchoredObj=..., _bCheckForMovedFwd=<optimized
out>)
at source/libo-core/sw/source/core/layout/objectformattertxtfrm.cxx:136
#36 0x00007f98c5b6359f in SwObjectFormatter::FormatObj(SwAnchoredObject&,
SwFrame*, SwPageFrame const*)
(_rAnchoredObj=..., _pAnchorFrame=<optimized out>,
_pPageFrame=<optimized out>)
at source/libo-core/sw/source/core/layout/objectformatter.cxx:190
#37 0x00007f98c5d717aa in SwTextFlyCnt::GetFlyFrame_(SwFrame const*)
(this=this@entry=0x55ea214d8810, pCurrFrame=pCurrFrame@entry=0x55ea21302b60)
at source/libo-core/sw/source/core/inc/frame.hxx:1177
#38 0x00007f98c5cb511b in SwTextFlyCnt::GetFlyFrame(SwFrame const*)
(pCurrFrame=0x55ea21302b60, this=0x55ea214d8810)
at source/libo-core/sw/inc/txtflcnt.hxx:48
#39 0x00007f98c5cb511b in
SwTextFormatter::NewFlyCntPortion(SwTextFormatInfo&, SwTextAttr*) const
(this=this@entry=0x7ffeb503a6b0, rInf=..., pHint=0x55ea214d8810) at
source/libo-core/sw/source/core/text/itrform2.cxx:2643
(gdb) print this
(SwLinePortion * const) 0x55ea220a0020
The SwTextFrame of SwTextFrame::ClearPara is the same pFrame/m_pFrame at
SwTextFormatter::NewFlyCntPortion
ClearPara is not called if the SwTextFrame is "Locked", so try using that
to protect GetFlyFrame
Change-Id: Ia9dcb1f345f6953d995f2acf1ec23492d1680364
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118784
Tested-by: Jenkins
Tested-by: Caolán McNamara <[email protected]>
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 7e016df70d4ceb6c90ec5f1b129b50a65ff07505)
diff --git a/sw/source/core/text/itrform2.cxx b/sw/source/core/text/itrform2.cxx
index e21c06c8fd23..8f3f8284d850 100755
--- a/sw/source/core/text/itrform2.cxx
+++ b/sw/source/core/text/itrform2.cxx
@@ -2520,7 +2520,11 @@ SwFlyCntPortion *SwTextFormatter::NewFlyCntPortion(
SwTextFormatInfo &rInf,
SwFlyInContentFrame *pFly;
SwFrameFormat* pFrameFormat =
static_cast<SwTextFlyCnt*>(pHint)->GetFlyCnt().GetFrameFormat();
if( RES_FLYFRMFMT == pFrameFormat->Which() )
+ {
+ // set Lock pFrame to avoid m_pCurr getting deleted
+ TextFrameLockGuard aGuard(m_pFrame);
pFly = static_cast<SwTextFlyCnt*>(pHint)->GetFlyFrame(pFrame);
+ }
else
pFly = nullptr;
// aBase is the document-global position, from which the new extra portion
is placed
commit 8aa75ac6568e6e577379b49f743cc183d83db303
Author: Caolán McNamara <[email protected]>
AuthorDate: Thu Jul 1 14:56:45 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:34 2021 +0100
ofz#34749 don't remove trailing paragraph if something got anchored to it
Change-Id: Ic6eec2f9829c415abd4f2628bc51efbf98f918fb
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/118228
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit e803875fbb86b24b39fcd9adcf7df40ed255ea8f)
diff --git a/sw/qa/core/data/ww8/pass/ofz34749-1.doc
b/sw/qa/core/data/ww8/pass/ofz34749-1.doc
new file mode 100644
index 000000000000..d657a71b5245
Binary files /dev/null and b/sw/qa/core/data/ww8/pass/ofz34749-1.doc differ
diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx
index c15c07afb7fa..a0d500a6eb81 100644
--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -916,6 +916,14 @@ public:
explicit wwExtraneousParas(SwDoc &rDoc) : m_rDoc(rDoc) {}
~wwExtraneousParas() { delete_all_from_doc(); }
void insert(SwTextNode *pTextNode) { m_aTextNodes.insert(pTextNode); }
+ void check_anchor_destination(SwTextNode *pTextNode)
+ {
+ auto it = m_aTextNodes.find(pTextNode);
+ if (it == m_aTextNodes.end())
+ return;
+ SAL_WARN("sw.ww8", "It is unexpected to anchor something in a para
scheduled for removal");
+ m_aTextNodes.erase(it);
+ }
void delete_all_from_doc();
};
diff --git a/sw/source/filter/ww8/ww8par6.cxx b/sw/source/filter/ww8/ww8par6.cxx
index c7dc9724a4b3..9f12bcce353e 100644
--- a/sw/source/filter/ww8/ww8par6.cxx
+++ b/sw/source/filter/ww8/ww8par6.cxx
@@ -2359,6 +2359,9 @@ bool SwWW8ImplReader::StartApo(const ApoTestResults
&rApo, const WW8_TablePos *p
}
else
{
+ // ofz#34749 we shouldn't anchor anything into an 'extra'
paragraph scheduled for
+ // removal at end of import, but check if that scenario is
happening
+
m_aExtraneousParas.check_anchor_destination(m_pPaM->GetNode().GetTextNode());
m_xSFlyPara->pFlyFormat =
m_rDoc.MakeFlySection(WW8SwFlyPara::eAnchor,
m_pPaM->GetPoint(), &aFlySet);
OSL_ENSURE(m_xSFlyPara->pFlyFormat->GetAnchor().GetAnchorId() ==
commit d8fb3705b6ef4ee1046b1034491f9093ce7cf8cd
Author: Caolán McNamara <[email protected]>
AuthorDate: Sun Jun 27 19:08:36 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:34 2021 +0100
ofz#35504 Integer-overflow
Change-Id: I7a462b821f286411d759b5259461fcdbf1741859
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117955
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 228cb26a6a1afe668dd17471bedf0ab52f133d5a)
diff --git a/tools/source/generic/poly.cxx b/tools/source/generic/poly.cxx
index 5b00e6bc56a3..00efb7b2ac4b 100644
--- a/tools/source/generic/poly.cxx
+++ b/tools/source/generic/poly.cxx
@@ -251,7 +251,7 @@ ImplPolygon::ImplPolygon( const tools::Rectangle& rBound,
const Point& rStart, c
}
- if( ( nRadX > 32 ) && ( nRadY > 32 ) && ( nRadX + nRadY ) < 8192 )
+ if (nRadX > 32 && nRadY > 32 && o3tl::saturating_add(nRadX, nRadY) <
8192)
nPoints >>= 1;
// compute threshold
commit 83e5a2bd1d8250e067f03f1ac54d74c851be2eed
Author: Caolán McNamara <[email protected]>
AuthorDate: Fri Apr 2 14:28:37 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:34 2021 +0100
ofz: Segv on unknown address
Change-Id: I6c69375a89781fc0b87230203335c861efb562f9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113518
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 8de38977838d5a044271cb170730e3d557659f17)
diff --git a/sc/source/core/tool/compiler.cxx b/sc/source/core/tool/compiler.cxx
index 70554ae93861..b307bc6dea12 100644
--- a/sc/source/core/tool/compiler.cxx
+++ b/sc/source/core/tool/compiler.cxx
@@ -2532,7 +2532,14 @@ Label_MaskStateMachine:
if (eState != ssSkipReference)
{
*pSym++ = c;
- *pSym++ = *pSrc++;
+
+ if( pSym == &cSymbol[ MAXSTRLEN ] )
+ {
+ SetError(
FormulaError::StringOverflow);
+ eState = ssStop;
+ }
+ else
+ *pSym++ = *pSrc++;
}
bAddToSymbol = false;
}
commit 26f3986c3e7607d3c75c7f9b40be9d7e5914c587
Author: Caolán McNamara <[email protected]>
AuthorDate: Fri Apr 3 16:35:36 2020 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:33 2021 +0100
crashtesting: crash on reexport of tdf118346-1.odg to odg
make a copy of m_pImpGraphicList because if we swap out a svg, the svg
filter
may create more temp Graphics which are auto-added to m_pImpGraphicList
invalidating a loop over m_pImpGraphicList
#0 0x00007ffff0d25ae5 in vcl::graphic::Manager::reduceGraphicMemory()
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:88
#1 0x00007ffff0d25ee9 in
vcl::graphic::Manager::registerGraphic(std::shared_ptr<ImpGraphic> const&,
rtl::OUString const&)
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>,
pImpGraphic=std::shared_ptr<ImpGraphic> (use count 1, weak count 0) = {...})
at vcl/source/graphic/Manager.cxx:139
#2 0x00007ffff0d26406 in vcl::graphic::Manager::newInstance()
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:184
#3 0x00007ffff0b6735c in Graphic::Graphic() (this=0x7fffffff84f0) at
vcl/source/gdi/graph.cxx:182
#4 0x00007fffdc526600 in
svgio::svgreader::SvgImageNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x555556817940, rTarget=...) at
svgio/source/svgreader/svgimagenode.cxx:219
#5 0x00007fffdc52e75d in
svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a6a93d0, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svgnode.cxx:529
#6 0x00007fffdc522339 in
svgio::svgreader::SvgGNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a6a93d0, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svggnode.cxx:106
#7 0x00007fffdc52e75d in
svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a6a9070, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svgnode.cxx:529
#8 0x00007fffdc522339 in
svgio::svgreader::SvgGNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a6a9070, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svggnode.cxx:106
#9 0x00007fffdc52e75d in
svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a5f9150, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svgnode.cxx:529
#10 0x00007fffdc54d19f in
svgio::svgreader::SvgSvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&,
bool) const
(this=0x55555a5f9150, rTarget=..., bReferenced=false) at
svgio/source/svgreader/svgsvgnode.cxx:304
#11 0x00007fffdc571373 in svgio::svgreader::(anonymous
namespace)::XSvgParser::getDecomposition(com::sun::star::uno::Reference<com::sun::star::io::XInputStream>
const&, rtl::OUString const&) (this=0x55555a69c6d0, xSVGStream=uno::Reference
to (comphelper::SequenceInputStream *) 0x555557480668, aAbsolutePath="")
at svgio/source/svguno/xsvgparser.cxx:160
#12 0x00007ffff0cf849b in VectorGraphicData::ensureSequenceAndRange()
(this=0x555556ea7540)
at vcl/source/gdi/vectorgraphicdata.cxx:196
#13 0x00007ffff0cf9124 in VectorGraphicData::getRange() const
(this=0x555556ea7540)
at vcl/source/gdi/vectorgraphicdata.cxx:323
#14 0x00007ffff0b74da7 in ImpGraphic::ImplGetPrefSize() const
(this=0x5555588b00f0) at vcl/source/gdi/impgraph.cxx:778
#15 0x00007ffff0b76623 in ImpGraphic::ImplWriteEmbedded(SvStream&)
(this=0x5555588b00f0, rOStm=...)
at vcl/source/gdi/impgraph.cxx:1235
#16 0x00007ffff0b770a1 in ImpGraphic::ImplSwapOut(SvStream*)
(this=0x5555588b00f0, xOStm=0x55555826b7d0)
at vcl/source/gdi/impgraph.cxx:1377
#17 0x00007ffff0b76bdb in ImpGraphic::ImplSwapOut() (this=0x5555588b00f0)
at vcl/source/gdi/impgraph.cxx:1328
#18 0x00007ffff0d25c88 in vcl::graphic::Manager::reduceGraphicMemory()
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:107
#19 0x00007ffff0d25ee9 in
vcl::graphic::Manager::registerGraphic(std::shared_ptr<ImpGraphic> const&,
rtl::OUString const&)
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>,
pImpGraphic=std::shared_ptr<ImpGraphic> (use count 1, weak count 0) = {...})
at vcl/source/graphic/Manager.cxx:139
#20 0x00007ffff0d26406 in vcl::graphic::Manager::newInstance()
(this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
at vcl/source/graphic/Manager.cxx:184
#21 0x00007ffff0b6735c in Graphic::Graphic() (this=0x555556d5ea68) at
vcl/source/gdi/graph.cxx:182
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91650
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 6fa2891da4852716fe62d925ffdbeeb380a2ed66)
Change-Id: I4e1ffcb12ead0d53b7ca2f369154e9c753af77d8
diff --git a/vcl/source/graphic/Manager.cxx b/vcl/source/graphic/Manager.cxx
index c2146a680e8a..a7359982b9f2 100644
--- a/vcl/source/graphic/Manager.cxx
+++ b/vcl/source/graphic/Manager.cxx
@@ -72,7 +72,12 @@ Manager::Manager()
void Manager::reduceGraphicMemory()
{
- for (ImpGraphic* pEachImpGraphic : m_pImpGraphicList)
+ // make a copy of m_pImpGraphicList because if we swap out a svg, the svg
+ // filter may create more temp Graphics which are auto-added to
+ // m_pImpGraphicList invalidating a loop over m_pImpGraphicList, e.g.
+ // reexport of tdf118346-1.odg
+ auto const aImpGraphicList = m_pImpGraphicList;
+ for (ImpGraphic* pEachImpGraphic : aImpGraphicList)
{
if (mnUsedSize < mnMemoryLimit * 0.7)
return;
commit dcb101988fc858e22d9c69d0342863cb4ba2e763
Author: Caolán McNamara <[email protected]>
AuthorDate: Fri Mar 19 14:11:45 2021 +0000
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:33 2021 +0100
cid#1473818 Use after free
Change-Id: Idd74e0debd12e42ff97d79b56e76cde6fd98aa2c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112745
Tested-by: Caolán McNamara <[email protected]>
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 236f3a8e60e05147a37f294774b0c07d40aff36f)
diff --git a/vcl/unx/generic/printer/cpdmgr.cxx
b/vcl/unx/generic/printer/cpdmgr.cxx
index 1e221d9547cd..f093eb87f4b8 100644
--- a/vcl/unx/generic/printer/cpdmgr.cxx
+++ b/vcl/unx/generic/printer/cpdmgr.cxx
@@ -41,11 +41,11 @@ void CPDManager::onNameAcquired (GDBusConnection
*connection,
gpointer user_data)
{
gchar* contents;
- GDBusNodeInfo *introspection_data;
-
// Get Interface for introspection
- g_file_get_contents (FRONTEND_INTERFACE, &contents, nullptr, nullptr);
- introspection_data = g_dbus_node_info_new_for_xml (contents, nullptr);
+ if (!g_file_get_contents (FRONTEND_INTERFACE, &contents, nullptr, nullptr))
+ return;
+
+ GDBusNodeInfo *introspection_data = g_dbus_node_info_new_for_xml
(contents, nullptr);
g_dbus_connection_register_object (connection,
"/org/libreoffice/PrintDialog",
@@ -61,28 +61,29 @@ void CPDManager::onNameAcquired (GDBusConnection
*connection,
std::vector<std::pair<std::string, gchar*>> backends =
current->getTempBackends();
for (auto const& backend : backends)
{
- GDBusProxy *proxy;
// Get Interface for introspection
- g_file_get_contents (BACKEND_INTERFACE, &contents, nullptr, nullptr);
- introspection_data = g_dbus_node_info_new_for_xml (contents, nullptr);
- proxy = g_dbus_proxy_new_sync (connection,
- G_DBUS_PROXY_FLAGS_NONE,
- introspection_data->interfaces[0],
- backend.first.c_str(),
- backend.second,
- "org.openprinting.PrintBackend",
- nullptr,
- nullptr);
+ if (g_file_get_contents(BACKEND_INTERFACE, &contents, nullptr,
nullptr))
+ {
+ introspection_data = g_dbus_node_info_new_for_xml (contents,
nullptr);
+ GDBusProxy *proxy = g_dbus_proxy_new_sync (connection,
+ G_DBUS_PROXY_FLAGS_NONE,
+ introspection_data->interfaces[0],
+ backend.first.c_str(),
+ backend.second,
+ "org.openprinting.PrintBackend",
+ nullptr,
+ nullptr);
+ g_assert (proxy != nullptr);
+ g_dbus_proxy_call(proxy, "ActivateBackend",
+ nullptr,
+ G_DBUS_CALL_FLAGS_NONE,
+ -1, nullptr, nullptr, nullptr);
+
+ g_free(contents);
+ g_object_unref(proxy);
+ g_dbus_node_info_unref(introspection_data);
+ }
g_free(backend.second);
- g_assert (proxy != nullptr);
- g_dbus_proxy_call(proxy, "ActivateBackend",
- nullptr,
- G_DBUS_CALL_FLAGS_NONE,
- -1, nullptr, nullptr, nullptr);
-
- g_free(contents);
- g_object_unref(proxy);
- g_dbus_node_info_unref(introspection_data);
}
}
commit 867e6770ac205d184f2c68502e1ea1fd1d20a611
Author: Stephan Bergmann <[email protected]>
AuthorDate: Tue Mar 9 15:52:21 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:33 2021 +0100
Avoid signed-integer-overflow parsing table:cell-range-address="PivotChart"
...as happens during UITest_chart
UITEST_TEST_NAME=tdf107097.tdf107097.test_tdf107097 ever since
86b192965ee8d625092b723337f6a65bdf34dcb7 "tdf#107097: sc: Add UItest" added
that
test (see <https://ci.libreoffice.org/job/lo_ubsan/1919/>),
> /chart2/source/tools/XMLRangeHelper.cxx:136:52: runtime error: signed
integer overflow: 15 * 308915776 cannot be represented in type 'int'
> #0 0x2ad74a554918 in (anonymous
namespace)::lcl_getSingleCellAddressFromXMLString(rtl::OUString const&, int,
int, chart::XMLRangeHelper::Cell&)
/chart2/source/tools/XMLRangeHelper.cxx:136:52
> #1 0x2ad74a553482 in (anonymous
namespace)::lcl_getCellAddressFromXMLString(rtl::OUString const&, int, int,
chart::XMLRangeHelper::Cell&, rtl::OUString&)
/chart2/source/tools/XMLRangeHelper.cxx:217:13
> #2 0x2ad74a5505da in (anonymous
namespace)::lcl_getCellRangeAddressFromXMLString(rtl::OUString const&, int,
int, chart::XMLRangeHelper::CellRange&)
/chart2/source/tools/XMLRangeHelper.cxx:253:19
> #3 0x2ad74a54fde1 in
chart::XMLRangeHelper::getCellRangeFromXMLString(rtl::OUString const&)
/chart2/source/tools/XMLRangeHelper.cxx:328:15
> #4 0x2ad74a2aed4d in
chart::InternalDataProvider::convertRangeFromXML(rtl::OUString const&)
/chart2/source/tools/InternalDataProvider.cxx:1227:39
> #5 0x2ad74a2b0164 in non-virtual thunk to
chart::InternalDataProvider::convertRangeFromXML(rtl::OUString const&)
/chart2/source/tools/InternalDataProvider.cxx
> #6 0x2ad6c4784257 in (anonymous
namespace)::lcl_ConvertRange(rtl::OUString const&,
com::sun::star::uno::Reference<com::sun::star::chart2::XChartDocument> const&)
/xmloff/source/chart/SchXMLPlotAreaContext.cxx:76:32
> #7 0x2ad6c4779a67 in SchXMLPlotAreaContext::startFastElement(int,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList>
const&) /xmloff/source/chart/SchXMLPlotAreaContext.cxx:233:34
> #8 0x2ad6c4c6328a in SvXMLImport::startFastElement(int,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList>
const&) /xmloff/source/core/xmlimp.cxx:797:15
> #9 0x2ad704988b78 in (anonymous
namespace)::Entity::startElement((anonymous namespace)::Event const*)
/sax/source/fastparser/fastparser.cxx:468:27
> #10 0x2ad70496f681 in
sax_fastparser::FastSaxParserImpl::consume((anonymous namespace)::EventList&)
/sax/source/fastparser/fastparser.cxx:1026:25
> #11 0x2ad70496c65f in
sax_fastparser::FastSaxParserImpl::parseStream(com::sun::star::xml::sax::InputSource
const&) /sax/source/fastparser/fastparser.cxx:870:22
> #12 0x2ad7049905d1 in
sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource
const&) /sax/source/fastparser/fastparser.cxx:1482:13
> #13 0x2ad6c4c52b80 in
SvXMLImport::parseStream(com::sun::star::xml::sax::InputSource const&)
/xmloff/source/core/xmlimp.cxx:504:15
> #14 0x2ad749aafe1e in
chart::XMLFilter::impl_ImportStream(rtl::OUString const&, rtl::OUString const&,
com::sun::star::uno::Reference<com::sun::star::embed::XStorage> const&,
com::sun::star::uno::Reference<com::sun::star::lang::XMultiComponentFactory>
const&,
com::sun::star::uno::Reference<com::sun::star::document::XGraphicStorageHandler>
const&, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>
const&) /chart2/source/model/filter/XMLFilter.cxx:473:34
> #15 0x2ad749aa9f01 in
chart::XMLFilter::impl_Import(com::sun::star::uno::Reference<com::sun::star::lang::XComponent>
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) /chart2/source/model/filter/XMLFilter.cxx:375:35
> #16 0x2ad749aa0988 in
chart::XMLFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) /chart2/source/model/filter/XMLFilter.cxx:221:13
> #17 0x2ad749c2c76e in
chart::ChartModel::impl_load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&, com::sun::star::uno::Reference<com::sun::star::embed::XStorage>
const&) /chart2/source/model/main/ChartModel_Persistence.cxx:567:18
> #18 0x2ad749c30eea in
chart::ChartModel::loadFromStorage(com::sun::star::uno::Reference<com::sun::star::embed::XStorage>
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) /chart2/source/model/main/ChartModel_Persistence.cxx:759:5
> #19 0x2ad74244b977 in
OCommonEmbeddedObject::LoadDocumentFromStorage_Impl()
/embeddedobj/source/commonembedding/persistence.cxx:535:19
> #20 0x2ad7423d7bde in OCommonEmbeddedObject::SwitchStateTo_Impl(int)
/embeddedobj/source/commonembedding/embedobj.cxx:185:49
> #21 0x2ad7423e32ff in OCommonEmbeddedObject::changeState(int)
/embeddedobj/source/commonembedding/embedobj.cxx:453:13
> #22 0x2ad7424b7057 in
OCommonEmbeddedObject::getPreferredVisualRepresentation(long)
/embeddedobj/source/commonembedding/visobj.cxx:168:9
> #23 0x2ad67e08fdb6 in
comphelper::EmbeddedObjectContainer::GetGraphicReplacementStream(long,
com::sun::star::uno::Reference<com::sun::star::embed::XEmbeddedObject> const&,
rtl::OUString*) /comphelper/source/container/embeddedobjectcontainer.cxx:1425:54
> #24 0x2ad6a447182c in
svt::EmbeddedObjectRef::GetGraphicReplacementStream(long,
com::sun::star::uno::Reference<com::sun::star::embed::XEmbeddedObject> const&,
rtl::OUString*) /svtools/source/misc/embedhlp.cxx:809:12
> #25 0x2ad6a446c7d4 in svt::EmbeddedObjectRef::GetGraphicStream(bool)
const /svtools/source/misc/embedhlp.cxx:616:23
> #26 0x2ad6a4469e58 in svt::EmbeddedObjectRef::GetReplacement(bool)
/svtools/source/misc/embedhlp.cxx:424:46
> #27 0x2ad6a446d4ea in svt::EmbeddedObjectRef::GetGraphic() const
/svtools/source/misc/embedhlp.cxx:453:54
> #28 0x2ad69d4a9470 in SdrOle2Obj::GetGraphic() const
/svx/source/svdraw/svdoole2.cxx:1635:33
> #29 0x2ad71b222d01 in
ScDrawTransferObj::ScDrawTransferObj(std::unique_ptr<SdrModel,
std::default_delete<SdrModel> >, ScDocShell*, TransferableObjectDescriptor
const&) /sc/source/ui/app/drwtrans.cxx:191:107
> #30 0x2ad71d7da932 in ScDrawView::DoCopy()
/sc/source/ui/view/drawvie4.cxx:364:56
> #31 0x2ad71c1fb75a in ScDrawShell::ExecDrawFunc(SfxRequest&)
/sc/source/ui/drawfunc/drawsh5.cxx:328:20
> #32 0x2ad71c1b181f in SfxStubScDrawShellExecDrawFunc(SfxShell*,
SfxRequest&) /workdir/SdiTarget/sc/sdi/scslots.hxx:2823:1
> #33 0x2ad68de39d05 in SfxShell::CallExec(void (*)(SfxShell*,
SfxRequest&), SfxRequest&) /include/sfx2/shell.hxx:197:35
> #34 0x2ad68ddd1214 in SfxDispatcher::Call_Impl(SfxShell&, SfxSlot
const&, SfxRequest&, bool) /sfx2/source/control/dispatch.cxx:253:16
> #35 0x2ad68dde721f in SfxDispatcher::Execute_(SfxShell&, SfxSlot
const&, SfxRequest&, SfxCallMode) /sfx2/source/control/dispatch.cxx:753:9
> #36 0x2ad68dd5edff in SfxBindings::Execute_Impl(SfxRequest&, SfxSlot
const*, SfxShell*) /sfx2/source/control/bindings.cxx:1060:22
> #37 0x2ad68e24a322 in
SfxDispatchController_Impl::dispatch(com::sun::star::util::URL const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&,
com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
const&) /sfx2/source/control/unoctitm.cxx:758:53
> #38 0x2ad68e245261 in
SfxOfficeDispatch::dispatch(com::sun::star::util::URL const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
/sfx2/source/control/unoctitm.cxx:229:16
> #39 0x2ad67e465052 in comphelper::dispatchCommand(rtl::OUString
const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&,
com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
const&) /comphelper/source/misc/dispatchcommand.cxx:61:12
> #40 0x2ad67e4657c5 in comphelper::dispatchCommand(rtl::OUString
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&,
com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
const&) /comphelper/source/misc/dispatchcommand.cxx:76:12
> #41 0x2ad6b39a49a6 in UITest::executeCommand(rtl::OUString const&)
/vcl/source/uitest/uitest.cxx:24:12
> #42 0x2ad6b39b7240 in (anonymous
namespace)::UITestUnoObj::executeCommand(rtl::OUString const&)
/vcl/source/uitest/uno/uitest_uno.cxx:69:12
> #43 0x2ad6ee6508db in gcc3::callVirtualMethod(void*, unsigned int,
void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int,
unsigned long*, double*)
/bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx:77:5
> #44 0x2ad6ee64abf2 in
cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*,
bridges::cpp_uno::shared::VtableSlot, _typelib_TypeDescriptionReference*, int,
_typelib_MethodParameter*, void*, void**, _uno_Any**)
/bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:233:13
> #45 0x2ad6ee64773d in unoInterfaceProxyDispatch
/bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:413:13
> #46 0x2ad6f3a7d2ca in
binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny*,
std::__debug::vector<binaryurp::BinaryAny, std::allocator<binaryurp::BinaryAny>
>*) const /binaryurp/source/incomingrequest.cxx:235:13
Creating a pivot chart apparently generates XML output containing
<chart:plot-area table:cell-range-address="PivotChart" ...>
which does not conform to ODF, see the mail thread starting at
<https://lists.freedesktop.org/archives/libreoffice/2021-February/086884.html>
"Integer overflow in Calc lcl_getSingleCellAddressFromXMLString nColumn
computation" for details.
And, ignoring the signed-integer-overflow UB for now,
InternalDataProvider::convertRangeFromXML would always have returned an
empty
OUString for an input of aXMLRange="PivotChart":
chart::XMLRangeHelper::getCellRangeFromXMLString with
rXMLString="PivotChart"
calls lcl_getCellAddressFromXMLString with rXMLString="PivotChart",
nStartPos=0,
nEndPos=9, its leading while-loop mis-computes nDelimiterPos=nEndPos, so
calls
lcl_getCellAddressFromXMLString with rXMLString="PivotChart", nStartPos=0,
nEndPos=9, its leading while-loop mis-computes nDelimiterPos=nEndPos, so it
doesn't set rOutTableName, so lcl_getCellAddressFromXMLString returns
bResult=false, so chart::XMLRangeHelper::getCellRangeFromXMLString returns
an
empty CellRange().
So, similar to 9e5314f19c9dcff35b5cee5c5a1b7f744e495b2e "tdf#107097 invoke
internal DP and correctly handle 'range' names" added special handling of
aXMLRange values starting with "PT@" to
InternalDataProvider::convertRangeFromXML, also add explicit special
handling
for "PivotChart" (instead of relying on the later code returning an empty
string, but after invoking UB).
Change-Id: I1671f0ab3b3ab00dce8e348aa3b7141ebebaaad5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/112207
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <[email protected]>
(cherry picked from commit 6d43ba110084605462901bcee786c7ae4c1f3bdf)
diff --git a/chart2/source/tools/InternalDataProvider.cxx
b/chart2/source/tools/InternalDataProvider.cxx
index a28314c70b6f..8f389136c306 100644
--- a/chart2/source/tools/InternalDataProvider.cxx
+++ b/chart2/source/tools/InternalDataProvider.cxx
@@ -1215,6 +1215,13 @@ OUString SAL_CALL
InternalDataProvider::convertRangeToXML( const OUString& aRang
OUString SAL_CALL InternalDataProvider::convertRangeFromXML( const OUString&
aXMLRange )
{
+ // Handle non-standards-conforming table:cell-range-address="PivotChart",
see
+ // <https://bugs.documentfoundation.org/show_bug.cgi?id=112783> "PIVOT
CHARTS: Save produces
+ // invalid file because of invalid cell address":
+ if (aXMLRange == "PivotChart") {
+ return "";
+ }
+
const OUString aPivotTableID("PT@");
if (aXMLRange.startsWith(aPivotTableID))
return aXMLRange.copy(aPivotTableID.getLength());
commit b19fcc40d569aff4177641ef29327da79395f65a
Author: Caolán McNamara <[email protected]>
AuthorDate: Thu Jan 28 14:54:13 2021 +0000
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:33 2021 +0100
ofz#30005 crash in LwpFribPtr::XFConvert
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110086
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 4e84a42add9c8ac27feb5e49a96e00ffcc8f0bc8)
Change-Id: I4f03c1cd8bc12f3fa09c815837b289ff088c91d3
diff --git a/lotuswordpro/source/filter/lwpfribptr.cxx
b/lotuswordpro/source/filter/lwpfribptr.cxx
index 902727aef38c..f46cd409a900 100644
--- a/lotuswordpro/source/filter/lwpfribptr.cxx
+++ b/lotuswordpro/source/filter/lwpfribptr.cxx
@@ -85,7 +85,8 @@
#include <lwpdropcapmgr.hxx>
LwpFribPtr::LwpFribPtr()
- : m_pFribs(nullptr),m_pXFPara(nullptr),m_pPara(nullptr)
+ : m_pFribs(nullptr)
+ , m_pPara(nullptr)
{
}
@@ -174,7 +175,7 @@ void LwpFribPtr::XFConvert()
case FRIB_TAG_TEXT:
{
LwpFribText* textFrib= static_cast<LwpFribText*>(pFrib);
- textFrib->XFConvert(m_pXFPara,m_pPara->GetStory());
+ textFrib->XFConvert(m_pXFPara.get(),m_pPara->GetStory());
}
break;
case FRIB_TAG_TAB:
@@ -246,7 +247,7 @@ void LwpFribPtr::XFConvert()
case FRIB_TAG_UNICODE3: //fall through
{
LwpFribUnicode* unicodeFrib= static_cast<LwpFribUnicode*>(pFrib);
- unicodeFrib->XFConvert(m_pXFPara,m_pPara->GetStory());
+ unicodeFrib->XFConvert(m_pXFPara.get(), m_pPara->GetStory());
}
break;
case FRIB_TAG_HARDSPACE:
@@ -255,15 +256,15 @@ void LwpFribPtr::XFConvert()
LwpStory *pStory = m_pPara->GetStory();
LwpHyperlinkMgr* pHyperlink = pStory ? pStory->GetHyperlinkMgr() :
nullptr;
if (pHyperlink && pHyperlink->GetHyperlinkFlag())
- pFrib->ConvertHyperLink(m_pXFPara,pHyperlink,sHardSpace);
+ pFrib->ConvertHyperLink(m_pXFPara.get(),
pHyperlink,sHardSpace);
else
- pFrib->ConvertChars(m_pXFPara,sHardSpace);
+ pFrib->ConvertChars(m_pXFPara.get(), sHardSpace);
}
break;
case FRIB_TAG_SOFTHYPHEN:
{
OUString sSoftHyphen(u'\x00ad');
- pFrib->ConvertChars(m_pXFPara,sSoftHyphen);
+ pFrib->ConvertChars(m_pXFPara.get(), sSoftHyphen);
}
break;
case FRIB_TAG_FRAME:
@@ -275,64 +276,64 @@ void LwpFribPtr::XFConvert()
LwpFoundry* pFoundry = m_pPara->GetFoundry();
LwpDropcapMgr* pMgr = pFoundry ? pFoundry->GetDropcapMgr() :
nullptr;
if (pMgr)
- pMgr->SetXFPara(m_pXFPara);
+ pMgr->SetXFPara(m_pXFPara.get());
}
- frameFrib->XFConvert(m_pXFPara);
+ frameFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_CHBLOCK:
{
LwpFribCHBlock* chbFrib = static_cast<LwpFribCHBlock*>(pFrib);
- chbFrib->XFConvert(m_pXFPara,m_pPara->GetStory());
+ chbFrib->XFConvert(m_pXFPara.get(),m_pPara->GetStory());
}
break;
case FRIB_TAG_TABLE:
{
LwpFribTable* tableFrib = static_cast<LwpFribTable*>(pFrib);
//tableFrib->XFConvert(m_pPara->GetXFContainer());
- tableFrib->XFConvert(m_pXFPara);
+ tableFrib->XFConvert(m_pXFPara.get());
}
break;
case FRIB_TAG_BOOKMARK:
{
LwpFribBookMark* bookmarkFrib =
static_cast<LwpFribBookMark*>(pFrib);
- bookmarkFrib->XFConvert(m_pXFPara);
+ bookmarkFrib->XFConvert(m_pXFPara.get());
}
break;
case FRIB_TAG_FOOTNOTE:
{
LwpFribFootnote* pFootnoteFrib =
static_cast<LwpFribFootnote*>(pFrib);
- pFootnoteFrib->XFConvert(m_pXFPara);
+ pFootnoteFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_FIELD:
{
LwpFribField* fieldFrib = static_cast<LwpFribField*>(pFrib);
- fieldFrib->XFConvert(m_pXFPara);
+ fieldFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_NOTE:
{
LwpFribNote* pNoteFrib = static_cast<LwpFribNote*>(pFrib);
- pNoteFrib->XFConvert(m_pXFPara);
+ pNoteFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_PAGENUMBER:
{
LwpFribPageNumber* pagenumFrib =
static_cast<LwpFribPageNumber*>(pFrib);
- pagenumFrib->XFConvert(m_pXFPara);
+ pagenumFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_DOCVAR:
{
LwpFribDocVar* docFrib = static_cast<LwpFribDocVar*>(pFrib);
- docFrib->XFConvert(m_pXFPara);
+ docFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_RUBYMARKER:
{
LwpFribRubyMarker* rubyFrib =
static_cast<LwpFribRubyMarker*>(pFrib);
- rubyFrib->XFConvert(m_pXFPara);
+ rubyFrib->XFConvert(m_pXFPara.get());
break;
}
case FRIB_TAG_RUBYFRAME:
diff --git a/lotuswordpro/source/filter/lwpfribptr.hxx
b/lotuswordpro/source/filter/lwpfribptr.hxx
index 58cb3fae2079..738d9cf4d887 100644
--- a/lotuswordpro/source/filter/lwpfribptr.hxx
+++ b/lotuswordpro/source/filter/lwpfribptr.hxx
@@ -75,13 +75,13 @@ public:
void ReadPara(LwpObjectStream* pObjStrm);
private:
LwpFrib* m_pFribs;
- XFParagraph* m_pXFPara;//Current XFPara used for frib parsing
+ rtl::Reference<XFParagraph> m_pXFPara; //Current XFPara used for frib
parsing
LwpPara* m_pPara;//for get foundry
static void ProcessDropcap(LwpStory* pStory,LwpFrib* pFrib,sal_uInt32
nLen);
public:
void XFConvert();
void SetXFPara(XFParagraph* Para){m_pXFPara = Para;}
- XFParagraph* GetXFPara(){return m_pXFPara;}
+ XFParagraph* GetXFPara() { return m_pXFPara.get(); }
void SetPara(LwpPara* para){m_pPara=para;}
void RegisterStyle();
LwpFrib* GetFribs(){return m_pFribs;}
commit ce75836a85da6ea479a95d6916bddf799bbba265
Author: Caolán McNamara <[email protected]>
AuthorDate: Mon Jan 4 17:19:47 2021 +0000
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:33 2021 +0100
ofz#29234 Integer-overflow
sc/source/core/tool/interpr1.cxx:9578:39: runtime error: signed integer
overflow: 1 + 2147483647 cannot be represented in type 'int'
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108677
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 52de00024e84c063ab292890256cda59fe259ef5)
Change-Id: I2975ae1daab826f10f0e52e7d7421ac8dcc9fffc
diff --git a/sc/source/core/tool/interpr1.cxx b/sc/source/core/tool/interpr1.cxx
index a2d0dfa0f865..2f7502073b46 100644
--- a/sc/source/core/tool/interpr1.cxx
+++ b/sc/source/core/tool/interpr1.cxx
@@ -9181,6 +9181,8 @@ void ScInterpreter::ScMid()
OUString aStr = GetString().getString();
if ( nStart < 1 || nSubLen < 0 )
PushIllegalArgument();
+ else if (nStart > SAL_MAX_UINT16 || nSubLen > SAL_MAX_UINT16)
+ PushError(FormulaError::StringOverflow);
else
{
sal_Int32 nLen = aStr.getLength();
commit 01d5bf354a57ae53f6404c9c858cbb447a3ca0d4
Author: Caolán McNamara <[email protected]>
AuthorDate: Wed Dec 30 21:19:15 2020 +0000
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:33 2021 +0100
ofz#29113 short read
Change-Id: I107d8abeac419ba4e70a5880054c9195c60464ad
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/108527
Tested-by: Caolán McNamara <[email protected]>
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit ab3829bf74667044d9b0f5b96903bbafda5171f6)
diff --git a/vcl/source/gdi/jobset.cxx b/vcl/source/gdi/jobset.cxx
index 95c8669a7f97..6ef1d51b3ff0 100644
--- a/vcl/source/gdi/jobset.cxx
+++ b/vcl/source/gdi/jobset.cxx
@@ -261,6 +261,13 @@ SvStream& ReadJobSetup( SvStream& rIStream, JobSetup&
rJobSetup )
if ( nSystem == JOBSET_FILE364_SYSTEM ||
nSystem == JOBSET_FILE605_SYSTEM )
{
+ if (nRead < sizeof(ImplOldJobSetupData) +
sizeof(Impl364JobSetupData))
+ {
+ SAL_WARN("vcl", "Parsing error: " <<
sizeof(ImplOldJobSetupData) + sizeof(Impl364JobSetupData) <<
+ " required, but " << nRead << " available");
+ return rIStream;
+ }
+
Impl364JobSetupData* pOldJobData =
reinterpret_cast<Impl364JobSetupData*>(pTempBuf.get() + sizeof(
ImplOldJobSetupData ));
sal_uInt16 nOldJobDataSize = SVBT16ToShort(
pOldJobData->nSize );
rJobData.SetSystem( SVBT16ToShort( pOldJobData->nSystem ) );
commit b50bb484e864c2a3b0fd37ee47ebce010227f1d9
Author: Stephan Bergmann <[email protected]>
AuthorDate: Sun Dec 16 20:25:59 2018 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:33 2021 +0100
Add back still-relevant part of external/graphite/ubsan.patch
...which had been removed completely with
6b84708914f9c026776b28a300ac6d278272881f "graphite: update to 1.3.12". See
<https://ci.libreoffice.org/job/lo_ubsan/1137/>:
> /workdir/UnpackedTarball/graphite/src/gr_face.cpp:98:16: runtime error:
downcast of address 0x60f00008c3b0 which does not point to an object of type
'gr_face'
> 0x60f00008c3b0: note: object is of type 'graphite2::Face'
> 2a 00 00 61 d0 17 e7 ff 99 2b 00 00 36 00 be be be be be be 88 d8 0e
00 d0 61 00 00 80 38 05 00
> ^~~~~~~~~~~~~~~~~~~~~~~
> vptr for 'graphite2::Face'
> #0 0x2b99fdaae105 in gr_make_face_with_ops
/workdir/UnpackedTarball/graphite/src/gr_face.cpp:98:16
> #1 0x2b99fdaaeabe in gr_make_face
/workdir/UnpackedTarball/graphite/src/gr_face.cpp:107:12
> #2 0x2b99fdfd6dc7 in _hb_graphite2_shaper_face_data_create
/workdir/UnpackedTarball/harfbuzz/src/hb-graphite2.cc:114:18
> #3 0x2b99fdfd62f0 in hb_graphite2_shaper_face_data_ensure
/workdir/UnpackedTarball/harfbuzz/src/hb-graphite2.cc:37:1
> #4 0x2b99fddb6a10 in hb_shape_plan_create_cached2
/workdir/UnpackedTarball/harfbuzz/src/./hb-shaper-list.hh:35:1
> #5 0x2b99fddb1478 in hb_shape_full
/workdir/UnpackedTarball/harfbuzz/src/hb-shape.cc:133:33
> #6 0x2b99fc5867df in GenericSalLayout::LayoutText(ImplLayoutArgs&,
SalLayoutGlyphs const*) /vcl/source/gdi/CommonSalLayout.cxx:440:23
> #7 0x2b99fb2345e4 in OutputDevice::ImplLayout(rtl::OUString const&,
int, int, Point const&, long, long const*, SalLayoutFlags, vcl::TextLayoutCache
const*, SalLayoutGlyphs const*) const /vcl/source/outdev/text.cxx:1310:36
> #8 0x2b99fb236220 in OutputDevice::GetTextArray(rtl::OUString const&,
long*, int, int, vcl::TextLayoutCache const*, SalLayoutGlyphs const*) const
/vcl/source/outdev/text.cxx:960:45
> #9 0x2b99fb235c56 in OutputDevice::GetTextWidth(rtl::OUString const&,
int, int, vcl::TextLayoutCache const*, SalLayoutGlyphs const*) const
/vcl/source/outdev/text.cxx:881:19
> #10 0x2b99fd105281 in
ImplFontMetricData::ImplInitTextLineSize(OutputDevice const*)
/vcl/source/font/fontmetric.cxx:325:30
> #11 0x2b99fb1c128c in OutputDevice::ImplNewFont() const
/vcl/source/outdev/font.cxx:1062:38
> #12 0x2b99fb1bd46c in
OutputDevice::GetFontFeatures(std::__debug::vector<vcl::font::Feature,
std::allocator<vcl::font::Feature> >&) const /vcl/source/outdev/font.cxx:171:10
> #13 0x2b9a1a3c8607 in FontFeatureTest::testGetFontFeatures()
/vcl/qa/cppunit/FontFeatureTest.cxx:58:5
> #14 0x2b9a1a401f2c in void std::__invoke_impl<void, void
(FontFeatureTest::*&)(), FontFeatureTest*&>(std::__invoke_memfun_deref, void
(FontFeatureTest::*&)(), FontFeatureTest*&)
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:73:14
> #15 0x2b9a1a401b0f in std::__invoke_result<void
(FontFeatureTest::*&)(), FontFeatureTest*&>::type std::__invoke<void
(FontFeatureTest::*&)(), FontFeatureTest*&>(void (FontFeatureTest::*&)(),
FontFeatureTest*&)
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:95:14
> #16 0x2b9a1a40195c in void std::_Bind<void (FontFeatureTest::*
(FontFeatureTest*))()>::__call<void, 0ul>(std::tuple<>&&,
std::_Index_tuple<0ul>)
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/functional:467:11
> #17 0x2b9a1a401533 in void std::_Bind<void (FontFeatureTest::*
(FontFeatureTest*))()>::operator()<void>()
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/functional:549:17
> #18 0x2b9a1a400340 in std::_Function_handler<void (), std::_Bind<void
(FontFeatureTest::* (FontFeatureTest*))()> >::_M_invoke(std::_Any_data const&)
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/std_function.h:316:2
> #19 0x2b9a1a40259c in std::function<void ()>::operator()() const
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/std_function.h:706:14
> #20 0x2b9a1a3ff580 in CppUnit::TestCaller<FontFeatureTest>::runTest()
/workdir/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:175:7
> #21 0x2b99d930dab8 in CppUnit::TestCaseMethodFunctor::operator()()
const /workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32:5
> #22 0x2b99f39cf332 in (anonymous
namespace)::Protector::protect(CppUnit::Functor const&,
CppUnit::ProtectorContext const&) /test/source/vclbootstrapprotector.cxx:49:14
> #23 0x2b99d92de5fa in
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
/workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #24 0x2b99e850d672 in (anonymous
namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext
const&)
/unotest/source/cpp/unobootstrapprotector/unobootstrapprotector.cxx:89:12
> #25 0x2b99d92de5fa in
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
/workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #26 0x2b99e5130312 in (anonymous
namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext
const&)
/unotest/source/cpp/unoexceptionprotector/unoexceptionprotector.cxx:63:16
> #27 0x2b99d92de5fa in
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
/workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #28 0x2b99d9273d82 in
CppUnit::DefaultProtector::protect(CppUnit::Functor const&,
CppUnit::ProtectorContext const&)
/workdir/UnpackedTarball/cppunit/src/cppunit/DefaultProtector.cpp:15:12
> #29 0x2b99d92de5fa in
CppUnit::ProtectorChain::ProtectFunctor::operator()() const
/workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #30 0x2b99d92d7f02 in
CppUnit::ProtectorChain::protect(CppUnit::Functor const&,
CppUnit::ProtectorContext const&)
/workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:86:18
> #31 0x2b99d93705e5 in CppUnit::TestResult::protect(CppUnit::Functor
const&, CppUnit::Test*, std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > const&)
/workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:182:28
> #32 0x2b99d930c135 in CppUnit::TestCase::run(CppUnit::TestResult*)
/workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:91:13
> #33 0x2b99d930ff12 in
CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*)
/workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
> #34 0x2b99d930f0ed in
CppUnit::TestComposite::run(CppUnit::TestResult*)
/workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
> #35 0x2b99d930ff12 in
CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*)
/workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
> #36 0x2b99d930f0ed in
CppUnit::TestComposite::run(CppUnit::TestResult*)
/workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
> #37 0x2b99d939eb32 in
CppUnit::TestRunner::WrappingSuite::run(CppUnit::TestResult*)
/workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:47:27
> #38 0x2b99d936f075 in CppUnit::TestResult::runTest(CppUnit::Test*)
/workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:149:9
> #39 0x2b99d939fa80 in CppUnit::TestRunner::run(CppUnit::TestResult&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >
const&) /workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:96:14
> #40 0x543813 in (anonymous namespace)::ProtectedFixtureFunctor::run()
const /sal/cppunittester/cppunittester.cxx:316:20
> #41 0x54027d in sal_main() /sal/cppunittester/cppunittester.cxx:466:20
> #42 0x53f26e in main /sal/cppunittester/cppunittester.cxx:373:1
> #43 0x2b99daec8444 in __libc_start_main (/lib64/libc.so.6+0x22444)
> #44 0x42f454 in _start
(/workdir/LinkTarget/Executable/cppunittester+0x42f454)
>
> SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
/workdir/UnpackedTarball/graphite/src/gr_face.cpp:98:16 in
>
> Error: a unit test failed, please do one of:
>
> make CppunitTest_vcl_fontfeature CPPUNITTRACE="gdb --args"
> # for interactive debugging on Linux
> make CppunitTest_vcl_fontfeature VALGRIND=memcheck
> # for memory checking
> make CppunitTest_vcl_fontfeature DEBUGCPPUNIT=TRUE
> # for exception catching
>
> You can limit the execution to just one particular test by:
>
> make CPPUNIT_TEST_NAME="testXYZ" ...above mentioned params...
>
>
/home/tdf/lode/jenkins/workspace/lo_ubsan/solenv/gbuild/CppunitTest.mk:113:
recipe for target
'/home/tdf/lode/jenkins/workspace/lo_ubsan/workdir/CppunitTest/vcl_fontfeature.test'
failed
Change-Id: Iccb72ec8a4c507478858ceb5af32b75f5ae53a45
Reviewed-on: https://gerrit.libreoffice.org/65226
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <[email protected]>
(cherry picked from commit a7603be5ccb1ec9a66fc4e163a53e4b8e8e85538)
diff --git a/external/graphite/UnpackedTarball_graphite.mk
b/external/graphite/UnpackedTarball_graphite.mk
index 0abd4b657d91..464fcc256069 100644
--- a/external/graphite/UnpackedTarball_graphite.mk
+++ b/external/graphite/UnpackedTarball_graphite.mk
@@ -11,4 +11,10 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,graphite))
$(eval $(call gb_UnpackedTarball_set_tarball,graphite,$(GRAPHITE_TARBALL)))
+$(eval $(call gb_UnpackedTarball_set_patchlevel,graphite,0))
+
+$(eval $(call gb_UnpackedTarball_add_patches,graphite, \
+ external/graphite/ubsan.patch \
+))
+
# vim: set noet sw=4 ts=4:
diff --git a/external/graphite/ubsan.patch b/external/graphite/ubsan.patch
new file mode 100644
index 000000000000..fd7a08f82ed6
--- /dev/null
+++ b/external/graphite/ubsan.patch
@@ -0,0 +1,11 @@
+--- src/gr_face.cpp
++++ src/gr_face.cpp
+@@ -95,7 +95,7 @@
+
+ Face *res = new Face(appFaceHandle, *ops);
+ if (res && load_face(*res, faceOptions))
+- return static_cast<gr_face *>(res);
++ return reinterpret_cast<gr_face *>(res);
+
+ delete res;
+ return 0;
commit 26083db7b69d345a6a575fc81ca1c55cf0248f5d
Author: Michael Stahl <[email protected]>
AuthorDate: Thu Nov 11 11:01:43 2021 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:33 2021 +0100
poppler: upgrade to release 21.11.0
The changelogs tend to mention "crash in malformed files" a lot.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/125034
Tested-by: Jenkins
Reviewed-by: Michael Stahl <[email protected]>
(cherry picked from commit 03bc0f97205593547ddf1fc8d4fb396479bcab6d)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124973
Reviewed-by: Caolán McNamara <[email protected]>
(cherry picked from commit 22beb8f80985ea73e2c98d14480e53da81673c67)
Change-Id: Iadc1d9cc23abd09a8fff58ba0cb7a7803236a542
diff --git a/download.lst b/download.lst
index b7145a9822c5..22cd0fb9ed4c 100644
--- a/download.lst
+++ b/download.lst
@@ -206,8 +206,8 @@ export PIXMAN_SHA256SUM :=
21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3
export PIXMAN_TARBALL := e80ebae4da01e77f68744319f01d52a3-pixman-0.34.0.tar.gz
export LIBPNG_SHA256SUM :=
505e70834d35383537b6491e7ae8641f1a4bed1876dbfe361201fc80868d88ca
export LIBPNG_TARBALL := libpng-1.6.37.tar.xz
-export POPPLER_SHA256SUM :=
016dde34e5f868ea98a32ca99b643325a9682281500942b7113f4ec88d20e2f3
-export POPPLER_TARBALL := poppler-21.01.0.tar.xz
+export POPPLER_SHA256SUM :=
31b76b5cac0a48612fdd154c02d9eca01fd38fb8eaa77c1196840ecdeb53a584
+export POPPLER_TARBALL := poppler-21.11.0.tar.xz
export POSTGRESQL_SHA256SUM :=
12345c83b89aa29808568977f5200d6da00f88a035517f925293355432ffe61f
export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
export PYTHON_SHA256SUM :=
c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049
diff --git a/external/poppler/StaticLibrary_poppler.mk
b/external/poppler/StaticLibrary_poppler.mk
index 994b175fee6e..aab71eac9a6a 100644
--- a/external/poppler/StaticLibrary_poppler.mk
+++ b/external/poppler/StaticLibrary_poppler.mk
@@ -88,6 +88,7 @@ $(eval $(call
gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/fofi/FoFiType1C \
UnpackedTarball/poppler/fofi/FoFiIdentifier \
UnpackedTarball/poppler/poppler/Annot \
+ UnpackedTarball/poppler/poppler/AnnotStampImageHelper \
UnpackedTarball/poppler/poppler/Array \
UnpackedTarball/poppler/poppler/BBoxOutputDev \
UnpackedTarball/poppler/poppler/CachedFile \
@@ -152,6 +153,7 @@ $(eval $(call
gb_StaticLibrary_add_generated_exception_objects,poppler,\
UnpackedTarball/poppler/poppler/Movie \
UnpackedTarball/poppler/poppler/Rendition \
UnpackedTarball/poppler/poppler/DCTStream \
+ UnpackedTarball/poppler/splash/SplashBitmap \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/poppler/poppler-config.patch.1
b/external/poppler/poppler-config.patch.1
index b902402ea4e7..2a24d4510197 100644
--- a/external/poppler/poppler-config.patch.1
+++ b/external/poppler/poppler-config.patch.1
@@ -16,7 +16,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/config.h
-@@ -0,0 +1,221 @@
+@@ -0,0 +1,223 @@
+/* config.h. Generated from config.h.cmake by cmake. */
+
+/* Build against libcurl. */
@@ -176,7 +176,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_NAME "poppler"
+
+/* Define to the full name and version of this package. */
-+#define PACKAGE_STRING "poppler 21.01.0"
++#define PACKAGE_STRING "poppler 21.11.0"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "poppler"
@@ -185,7 +185,7 @@ index 0fbd336a..451213f8 100644
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
-+#define PACKAGE_VERSION "21.01.0"
++#define PACKAGE_VERSION "21.11.0"
+
+/* Poppler data dir */
+#define POPPLER_DATADIR "/usr/local/share/poppler"
@@ -203,7 +203,7 @@ index 0fbd336a..451213f8 100644
+/* #undef USE_FLOAT */
+
+/* Version number of package */
-+#define VERSION "21.01.0"
++#define VERSION "21.11.0"
+
+#if defined(__APPLE__)
+#elif defined (_WIN32)
@@ -228,6 +228,8 @@ index 0fbd336a..451213f8 100644
+#if defined(_MSC_VER) || defined(__BORLANDC__)
+#define popen _popen
+#define pclose _pclose
++#define strncasecmp _strnicmp
++// error C4005: "strcasecmp": macro redefinition #define strcasecmp
_stricmp
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
@@ -243,7 +245,7 @@ new file mode 100644
index 0fbd336a..451213f8 100644
--- /dev/null
+++ b/poppler/poppler-config.h
-@@ -0,0 +1,166 @@
+@@ -0,0 +1,161 @@
+//================================================= -*- mode: c++ -*- ====
+//
+// poppler-config.h
@@ -282,7 +284,7 @@ index 0fbd336a..451213f8 100644
+
+/* Defines the poppler version. */
+#ifndef POPPLER_VERSION
-+#define POPPLER_VERSION "21.01.0"
++#define POPPLER_VERSION "21.11.0"
+#endif
+
+/* Use single precision arithmetic in the Splash backend */
@@ -369,11 +371,6 @@ index 0fbd336a..451213f8 100644
+/* #undef USE_BOOST_HEADERS */
+#endif
+
-+/* Is splash backend available */
-+#ifndef HAVE_SPLASH
-+/* #undef HAVE_SPLASH */
-+#endif
-+
+//------------------------------------------------------------------------
+// version
+//------------------------------------------------------------------------
@@ -439,9 +436,9 @@ index 0fbd336a..451213f8 100644
+
+#include "poppler-global.h"
+
-+#define POPPLER_VERSION "21.01.0"
++#define POPPLER_VERSION "21.11.0"
+#define POPPLER_VERSION_MAJOR 21
-+#define POPPLER_VERSION_MINOR 1
++#define POPPLER_VERSION_MINOR 11
+#define POPPLER_VERSION_MICRO 0
+
+namespace poppler
@@ -455,3 +452,38 @@ index 0fbd336a..451213f8 100644
+}
+
+#endif
+diff --git a/poppler_private_export.h b/poppler_private_export.h
+new file mode 100644
+index 0fbd336a..451213f8 100644
+--- /dev/null
++++ b/poppler_private_export.h
+@@ -0,0 +1,11 @@
++
++#ifndef POPPLER_PRIVATE_EXPORT_H
++#define POPPLER_PRIVATE_EXPORT_H
++
++# define POPPLER_PRIVATE_EXPORT
++# define POPPLER_PRIVATE_NO_EXPORT
++# define POPPLER_PRIVATE_DEPRECATED
++# define POPPLER_PRIVATE_DEPRECATED_EXPORT
++# define POPPLER_PRIVATE_DEPRECATED_NO_EXPORT
++
++#endif /* POPPLER_PRIVATE_EXPORT_H */
+
+diff --git a/cpp/poppler_cpp_export.h b/cpp/poppler_cpp_export.h
+new file mode 100644
+index 0fbd336a..451213f8 100644
+--- /dev/null
++++ b/cpp/poppler_cpp_export.h
+@@ -0,0 +1,11 @@
++
++#ifndef POPPLER_CPP_EXPORT_H
++#define POPPLER_CPP_EXPORT_H
++
++# define POPPLER_CPP_EXPORT
++# define POPPLER_CPP_NO_EXPORT
++# define POPPLER_CPP_DEPRECATED
++# define POPPLER_CPP_DEPRECATED_EXPORT
++# define POPPLER_CPP_DEPRECATED_NO_EXPORT
++
++#endif /* POPPLER_CPP_EXPORT_H */
commit aaca086eed4ab04fa4be962691272a855a6e64ed
Author: David Tardon <[email protected]>
AuthorDate: Sat Dec 29 14:14:13 2018 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:33 2021 +0100
upload libwpd 0.10.3
Reviewed-on: https://gerrit.libreoffice.org/65714
Tested-by: Jenkins
Reviewed-by: David Tardon <[email protected]>
(cherry picked from commit 87742f16e2d3f1c58534508b724268b9ce675c8e)
Change-Id: I68e3791f50b95956bfe6aae743978994a5f232b4
diff --git a/download.lst b/download.lst
index a377b09e3d4c..b7145a9822c5 100644
--- a/download.lst
+++ b/download.lst
@@ -238,8 +238,8 @@ export UCPP_SHA256SUM :=
983941d31ee8d366085cadf28db75eb1f5cb03ba1e5853b98f12f7f
export UCPP_TARBALL := 0168229624cfac409e766913506961a8-ucpp-1.3.2.tar.gz
export VISIO_SHA256SUM :=
8faf8df870cb27b09a787a1959d6c646faa44d0d8ab151883df408b7166bea4c
export VISIO_TARBALL := libvisio-0.1.7.tar.xz
-export WPD_SHA256SUM :=
323f68beaf4f35e5a4d7daffb4703d0566698280109210fa4eaa90dea27d6610
-export WPD_VERSION_MICRO := 2
+export WPD_SHA256SUM :=
2465b0b662fdc5d4e3bebcdc9a79027713fb629ca2bff04a3c9251fdec42dd09
+export WPD_VERSION_MICRO := 3
export WPD_TARBALL := libwpd-0.10.$(WPD_VERSION_MICRO).tar.xz
export WPG_SHA256SUM :=
57faf1ab97d63d57383ac5d7875e992a3d190436732f4083310c0471e72f8c33
export WPG_VERSION_MICRO := 2
diff --git a/external/libwpd/Library_wpd.mk b/external/libwpd/Library_wpd.mk
index 62285858468f..2c84a5b5bb24 100644
--- a/external/libwpd/Library_wpd.mk
+++ b/external/libwpd/Library_wpd.mk
@@ -192,6 +192,7 @@ $(eval $(call
gb_Library_add_generated_exception_objects,wpd,\
UnpackedTarball/libwpd/src/lib/WPXContentListener \
UnpackedTarball/libwpd/src/lib/WPXEncryption \
UnpackedTarball/libwpd/src/lib/WPXHeader \
+ UnpackedTarball/libwpd/src/lib/WPXHeaderFooter \
UnpackedTarball/libwpd/src/lib/WPXListener \
UnpackedTarball/libwpd/src/lib/WPXMemoryStream \
UnpackedTarball/libwpd/src/lib/WPXPageSpan \
@@ -199,6 +200,7 @@ $(eval $(call
gb_Library_add_generated_exception_objects,wpd,\
UnpackedTarball/libwpd/src/lib/WPXStylesListener \
UnpackedTarball/libwpd/src/lib/WPXSubDocument \
UnpackedTarball/libwpd/src/lib/WPXTable \
+ UnpackedTarball/libwpd/src/lib/WPXTableList \
UnpackedTarball/libwpd/src/lib/libwpd_internal \
UnpackedTarball/libwpd/src/lib/libwpd_math \
))
diff --git a/external/libwpd/include.patch b/external/libwpd/include.patch
index ca68e8bdb22a..57f52b4b0aa5 100644
--- a/external/libwpd/include.patch
+++ b/external/libwpd/include.patch
@@ -1,10 +1,10 @@
--- src/lib/WPXTable.h
+++ src/lib/WPXTable.h
@@ -36,6 +36,7 @@
-
#ifndef _WPXTABLE_H
#define _WPXTABLE_H
+
+#include <stddef.h>
#include <vector>
- #include <stdio.h>
+ struct WPXTableCell
diff --git a/external/libwpd/libwpd-bundled-soname.patch.0
b/external/libwpd/libwpd-bundled-soname.patch.0
index 04661f2d464b..2a669748f21d 100644
--- a/external/libwpd/libwpd-bundled-soname.patch.0
+++ b/external/libwpd/libwpd-bundled-soname.patch.0
@@ -1,7 +1,6 @@
--- src/lib/Makefile.in.orig 2015-08-06 21:41:41.073622494 +0200
+++ src/lib/Makefile.in 2015-08-06 21:42:09.377622009 +0200
-@@ -429,7 +429,7 @@
- AM_CXXFLAGS = -I$(top_srcdir)/inc $(REVENGE_CFLAGS) $(DEBUG_CXXFLAGS)
-DLIBWPD_BUILD=1
+@@ -429,6 +429,6 @@
libwpd_@WPD_MAJOR_VERSION@_@WPD_MINOR_VERSION@_la_LIBADD = $(REVENGE_LIBS)
@LIBWPD_WIN32_RESOURCE@
libwpd_@WPD_MAJOR_VERSION@_@WPD_MINOR_VERSION@_la_DEPENDENCIES =
@LIBWPD_WIN32_RESOURCE@
-libwpd_@WPD_MAJOR_VERSION@_@WPD_MINOR_VERSION@_la_LDFLAGS = $(version_info)
-export-dynamic $(no_undefined)
diff --git a/solenv/flatpak-manifest.in b/solenv/flatpak-manifest.in
index bc911dbf91db..77765e353346 100644
--- a/solenv/flatpak-manifest.in
+++ b/solenv/flatpak-manifest.in
@@ -340,10 +340,10 @@
"dest-filename": "external/tarballs/libvisio-0.1.7.tar.xz"
},
{
- "url":
"https://dev-www.libreoffice.org/src/libwpd-0.10.2.tar.xz";,
- "sha256":
"323f68beaf4f35e5a4d7daffb4703d0566698280109210fa4eaa90dea27d6610",
+ "url":
"https://dev-www.libreoffice.org/src/libwpd-0.10.3.tar.xz";,
+ "sha256":
"2465b0b662fdc5d4e3bebcdc9a79027713fb629ca2bff04a3c9251fdec42dd09",
"type": "file",
- "dest-filename": "external/tarballs/libwpd-0.10.2.tar.xz"
+ "dest-filename": "external/tarballs/libwpd-0.10.3.tar.xz"
},
{
"url":
"https://dev-www.libreoffice.org/src/libwpg-0.3.2.tar.xz";,
commit 4c05f68ae3ade19e81507180a1e975f8e37ada70
Author: David Tardon <[email protected]>
AuthorDate: Sat Aug 17 17:06:07 2019 +0200
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:33 2021 +0100
upload libvisio 0.1.7
Reviewed-on: https://gerrit.libreoffice.org/77640
Tested-by: Jenkins
Reviewed-by: David Tardon <[email protected]>
(cherry picked from commit d83472ab6fde650772307f7f93a0a4b96e7ea6a8)
Change-Id: I4eb115c7c085b325370e9cd8f80e1b03f16f5033
diff --git a/download.lst b/download.lst
index 9303f0b830de..a377b09e3d4c 100644
--- a/download.lst
+++ b/download.lst
@@ -236,8 +236,8 @@ export TWAIN_DSM_SHA256SUM :=
82c818be771f242388457aa8c807e4b52aa84dc22b21c6c561
export TWAIN_DSM_TARBALL := twaindsm_2.4.1.orig.tar.gz
export UCPP_SHA256SUM :=
983941d31ee8d366085cadf28db75eb1f5cb03ba1e5853b98f12f7f51c63b776
export UCPP_TARBALL := 0168229624cfac409e766913506961a8-ucpp-1.3.2.tar.gz
-export VISIO_SHA256SUM :=
fe1002d3671d53c09bc65e47ec948ec7b67e6fb112ed1cd10966e211a8bb50f9
-export VISIO_TARBALL := libvisio-0.1.6.tar.xz
+export VISIO_SHA256SUM :=
8faf8df870cb27b09a787a1959d6c646faa44d0d8ab151883df408b7166bea4c
+export VISIO_TARBALL := libvisio-0.1.7.tar.xz
export WPD_SHA256SUM :=
323f68beaf4f35e5a4d7daffb4703d0566698280109210fa4eaa90dea27d6610
export WPD_VERSION_MICRO := 2
export WPD_TARBALL := libwpd-0.10.$(WPD_VERSION_MICRO).tar.xz
diff --git a/external/libvisio/0001-fix-debug-build.patch.1
b/external/libvisio/0001-fix-debug-build.patch.1
deleted file mode 100644
index 4146e6e8bfe7..000000000000
--- a/external/libvisio/0001-fix-debug-build.patch.1
+++ /dev/null
@@ -1,40 +0,0 @@
-From 15f3774513d0181ad90da382297c175cc3424462 Mon Sep 17 00:00:00 2001
-From: David Tardon <[email protected]>
-Date: Sun, 22 Oct 2017 21:24:43 +0200
-Subject: [PATCH] fix debug build
-
-Change-Id: I860b6034e5d833900652aec8c3647eeae185e538
----
- src/lib/VDXParser.cpp | 2 +-
- src/lib/VSDXParser.cpp | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/lib/VDXParser.cpp b/src/lib/VDXParser.cpp
-index f2f3154..0f07efd 100644
---- a/src/lib/VDXParser.cpp
-+++ b/src/lib/VDXParser.cpp
-@@ -916,7 +916,7 @@ xmlChar
*libvisio::VDXParser::readStringData(xmlTextReaderPtr reader)
- ret = xmlTextReaderRead(reader);
- if (1 == ret && stringValue)
- {
-- VSD_DEBUG_MSG(("VDXParser::readStringData stringValue %s\n", (const
char *)stringValue));
-+ VSD_DEBUG_MSG(("VDXParser::readStringData stringValue %s\n", (const
char *)stringValue.get()));
- return stringValue.release();
- }
- }
-diff --git a/src/lib/VSDXParser.cpp b/src/lib/VSDXParser.cpp
-index 488be3a..efd46b9 100644
---- a/src/lib/VSDXParser.cpp
-+++ b/src/lib/VSDXParser.cpp
-@@ -555,7 +555,7 @@ xmlChar
*libvisio::VSDXParser::readStringData(xmlTextReaderPtr reader)
- std::unique_ptr<xmlChar, void (*)(void *)>
stringValue(xmlTextReaderGetAttribute(reader, BAD_CAST("V")), xmlFree);
- if (stringValue)
- {
-- VSD_DEBUG_MSG(("VSDXParser::readStringData stringValue %s\n", (const char
*)stringValue));
-+ VSD_DEBUG_MSG(("VSDXParser::readStringData stringValue %s\n", (const char
*)stringValue.get()));
- return stringValue.release();
- }
- return nullptr;
---
-2.14.1
-
diff --git a/external/libvisio/UnpackedTarball_libvisio.mk
b/external/libvisio/UnpackedTarball_libvisio.mk
index 1ab8b392c4e8..eba43f3b7a6e 100644
--- a/external/libvisio/UnpackedTarball_libvisio.mk
+++ b/external/libvisio/UnpackedTarball_libvisio.mk
@@ -17,7 +17,6 @@ $(eval $(call
gb_UnpackedTarball_update_autoconf_configs,libvisio))
$(eval $(call gb_UnpackedTarball_add_patches,libvisio, \
external/libvisio/ubsan.patch \
- external/libvisio/0001-fix-debug-build.patch.1 \
))
ifeq ($(COM_IS_CLANG),TRUE)
diff --git a/external/libvisio/ubsan.patch b/external/libvisio/ubsan.patch
index 7bba63fda7a1..c9ffbd98f4b6 100644
--- a/external/libvisio/ubsan.patch
+++ b/external/libvisio/ubsan.patch
@@ -4,8 +4,8 @@
}
if (U_SUCCESS(status) && conv)
{
-- const char *src = (const char *)&characters[0];
-+ const char *src = (const char *)characters.data();
+- const auto *src = (const char *)&characters[0];
++ const auto *src = (const char *)characters.data();
const char *srcLimit = (const char *)src + characters.size();
while (src < srcLimit)
{
diff --git a/solenv/flatpak-manifest.in b/solenv/flatpak-manifest.in
index 847f28d3d2fd..bc911dbf91db 100644
--- a/solenv/flatpak-manifest.in
+++ b/solenv/flatpak-manifest.in
@@ -334,10 +334,10 @@
"dest-filename": "external/tarballs/ltm-1.0.zip"
},
{
- "url":
"https://dev-www.libreoffice.org/src/libvisio-0.1.6.tar.xz";,
- "sha256":
"fe1002d3671d53c09bc65e47ec948ec7b67e6fb112ed1cd10966e211a8bb50f9",
+ "url":
"https://dev-www.libreoffice.org/src/libvisio-0.1.7.tar.xz";,
+ "sha256":
"8faf8df870cb27b09a787a1959d6c646faa44d0d8ab151883df408b7166bea4c",
"type": "file",
- "dest-filename": "external/tarballs/libvisio-0.1.6.tar.xz"
+ "dest-filename": "external/tarballs/libvisio-0.1.7.tar.xz"
},
{
"url":
"https://dev-www.libreoffice.org/src/libwpd-0.10.2.tar.xz";,
commit 9df55b8705732af08ac0307b78c142367258df74
Author: David Tardon <[email protected]>
AuthorDate: Sat Dec 29 20:23:26 2018 +0100
Commit: Michael Stahl <[email protected]>
CommitDate: Wed Nov 17 19:19:32 2021 +0100
upload libqxp 0.0.2
Reviewed-on: https://gerrit.libreoffice.org/65725
Tested-by: Jenkins
Reviewed-by: David Tardon <[email protected]>
(cherry picked from commit 6aaed7c5165ea87c3a263fd9582c97892345120f)
Change-Id: Idda6c0ce0c087a3be2e7fe31999a7d5a6fde4835
diff --git a/download.lst b/download.lst
index de0c5e16ee16..9303f0b830de 100644
--- a/download.lst
+++ b/download.lst
@@ -212,8 +212,8 @@ export POSTGRESQL_SHA256SUM :=
12345c83b89aa29808568977f5200d6da00f88a035517f925
export POSTGRESQL_TARBALL := postgresql-13.1.tar.bz2
export PYTHON_SHA256SUM :=
c24a37c63a67f53bdd09c5f287b5cff8e8b98f857bf348c577d454d3f74db049
export PYTHON_TARBALL := Python-3.5.9.tar.xz
-export QXP_SHA256SUM :=
8c257f6184ff94aefa7c9fa1cfae82083d55a49247266905c71c53e013f95c73
-export QXP_TARBALL := libqxp-0.0.1.tar.xz
+export QXP_SHA256SUM :=
e137b6b110120a52c98edd02ebdc4095ee08d0d5295a94316a981750095a945c
+export QXP_TARBALL := libqxp-0.0.2.tar.xz
export RAPTOR_SHA256SUM :=
ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed
export RAPTOR_TARBALL := a39f6c07ddb20d7dd2ff1f95fa21e2cd-raptor2-2.0.15.tar.gz
... etc. - the rest is truncated
