cacd5a0cd2
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior include/svl/setitem.hxx:47:51 in ================================================================= ==357324==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c001c9c340 at pc 0x7fa4bb883389 bp 0x7ffc2482f5f0 sp 0x7ffc2482f5e8 READ of size 2 at 0x60c001c9c340 thread T0 #1 in SfxItemSet::Get(unsigned short, bool) const svl/source/items/itemset.cxx:801:26 #2 in SfxUInt32Item const& SfxItemSet::Get<SfxUInt32Item>(TypedWhichId<SfxUInt32Item>, bool) const include/svl/itemset.hxx:102:38 #3 in (anonymous namespace)::getNumberFormatKey(SfxItemSet const&) sc/source/core/data/patattr.cxx:1291:17 #4 in ScPatternAttr::GetNumberFormat(SvNumberFormatter*, SfxItemSet const*) const sc/source/core/data/patattr.cxx:1335:19 #5 in ScColumn::UpdateScriptType() sc/source/core/data/column3.cxx:871:36 #6 in ScColumn::GetRangeScriptType(...) sc/source/core/data/column2.cxx:2338:17 #7 in ScTable::GetRangeScriptType(sc::ColumnBlockPosition&, short, int, int) sc/source/core/data/table1.cxx:2487:23 #8 in ScDocument::GetRangeScriptType(sc::ColumnBlockPosition&, ScAddress const&, int) sc/source/core/data/documen6.cxx:189:32 #9 in (anonymous namespace)::ScriptTypeAggregator::execute(ScAddress const&, int, bool) sc/source/core/data/documen6.cxx:175:31 #10 in sc::ColumnSpanSet::executeAction(ScDocument&, sc::ColumnSpanSet::Action&) const sc/source/core/data/columnspanset.cxx:176:20 #11 in ScDocument::GetRangeScriptType(ScRangeList const&) sc/source/core/data/documen6.cxx:206:10 #12 in ScViewFunc::GetSelectionScriptType() sc/source/ui/view/viewfunc.cxx:898:24 #13 in ScFormatShell::GetAttrState(SfxItemSet&) sc/source/ui/view/formatsh.cxx:2001:34 ... #61 in main2() sal/cppunittester/cppunittester.cxx:483:16 0x60c001c9c340 is located 64 bytes inside of 120-byte region [0x60c001c9c300,0x60c001c9c378) freed by thread T0 here: #0 in operator delete(void*, unsigned long) /home/noel/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:164:3 #1 in ScPatternAttr::~ScPatternAttr() sc/inc/patattr.hxx:53:20 #2 in SfxItemPool::Remove(SfxPoolItem const&) svl/source/items/itempool.cxx:805:13 #3 in ScAttrArray::SetPatternAreaImpl(int, int, ScPatternAttr const*, bool, ScEditDataArray*, bool) sc/source/core/data/attarray.cxx:574:31 #4 in ScAttrArray::SetPattern(int, ScPatternAttr const*, bool) sc/inc/attarray.hxx:148:7 #5 in ScColumn::ApplyAttr(int, SfxPoolItem const&) sc/source/core/data/column.cxx:633:21 #6 in ScColumn::SetNumberFormat(int, unsigned int) sc/source/core/data/column2.cxx:3282:5 #7 in ScTable::SetNumberFormat(short, int, unsigned int) sc/source/core/data/table2.cxx:2278:35 #8 in ScDocument::SetNumberFormat(ScAddress const&, unsigned int) sc/source/core/data/document.cxx:3739:19 #9 in ScFormulaCell::InterpretTail(ScInterpreterContext&, ScFormulaCell::ScInterpretTailParameter) sc/source/core/data/formulacell.cxx:2157:31 #10 in ScFormulaCell::Interpret(int, int) sc/source/core/data/formulacell.cxx:1619:13 #11 in ScFormulaCell::MaybeInterpret() sc/inc/formulacell.hxx:468:17 #12 in ScFormulaCell::IsValue() sc/source/core/data/formulacell.cxx:2760:5 #13 in lcl_GetCellContent(ScRefCellValue&, bool, double&, rtl::OUString&, ScDocument const*) sc/source/core/data/conditio.cxx:744:40 #14 in ScConditionEntry::IsCellValid(ScRefCellValue&, ScAddress const&) const sc/source/core/data/conditio.cxx:1243:17 #15 in ScConditionalFormat::GetCellStyle(ScRefCellValue&, ScAddress const&) const sc/source/core/data/conditio.cxx:1812:24 #16 in ScDocument::GetCondResult(ScRefCellValue&, ScAddress const&, ScConditionalFormatList const&, o3tl::sorted_vector<unsigned int, std::less<unsigned int>, o3tl::find_unique, true> const&) const sc/source/core/data/documen4.cxx:828:41 #17 in ScColumn::UpdateScriptType(sc::CellTextAttr&, int, mdds::mtv::soa::detail::iterator_base<mdds::mtv::soa::multi_type_vector<sc::CellStoreTraits>::iterator_trait>&) sc/source/core/data/column3.cxx:865:30 #18 in ScColumn::GetRangeScriptType(int, mdds::mtv::soa::detail::iterator_base<mdds::mtv::soa::multi_type_vector<sc::CellStoreTraits>::iterator_trait> const&) sc/source/core/data/column2.cxx:2338:17 #19 in ScTable::GetRangeScriptType(sc::ColumnBlockPosition&, short, int, int) sc/source/core/data/table1.cxx:2487:23 previously allocated by thread T60 here: #0 in operator new(unsigned long) /home/noel/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:95:3 #1 in ScAttrArray::AddCondFormat(int, int, unsigned int) sc/source/core/data/attarray.cxx:296:32 #2 in ScColumn::AddCondFormat(int, int, unsigned int) sc/inc/column.hxx:974:17 #3 in ScTable::AddCondFormatData(ScRangeList const&, unsigned int) sc/source/core/data/table2.cxx:2967:43 #4 in ScDocument::AddCondFormatData(ScRangeList const&, short, unsigned int) sc/source/core/data/document.cxx:4893:19 #5 in oox::xls::CondFormat::finalizeImport() sc/source/filter/oox/condformatbuffer.cxx:1065:10 #6 in oox::xls::CondFormatBuffer::finalizeImport() sc/source/filter/oox/condformatbuffer.cxx:1189:27 #7 in oox::xls::WorksheetGlobals::finalizeWorksheetImport() sc/source/filter/oox/worksheethelper.cxx:942:22 #8 in oox::xls::WorksheetHelper::finalizeWorksheetImport() sc/source/filter/oox/worksheethelper.cxx:1622:17 #9 in oox::xls::WorksheetFragment::finalizeImport() sc/source/filter/oox/worksheetfragment.cxx:632:5 #10 0x7fa4511cbf2a in oox::core::FragmentHandler2::endDocument() oox/source/core/fragmenthandler2.cxx:53:5 Change-Id: I8d806fd410d1d3a9c06ab141b035153649cf7062 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147513 Tested-by: Jenkins Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk> |
||
---|---|---|
.. | ||
core | ||
filter | ||
ui |