office-gobmx/sc/source
Noel Grandin cacd5a0cd2 attempted fix for CppunitTest_sc_uicalc
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior include/svl/setitem.hxx:47:51 in
=================================================================
==357324==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c001c9c340 at pc 0x7fa4bb883389 bp 0x7ffc2482f5f0 sp 0x7ffc2482f5e8
READ of size 2 at 0x60c001c9c340 thread T0
    #1 in SfxItemSet::Get(unsigned short, bool) const svl/source/items/itemset.cxx:801:26
    #2 in SfxUInt32Item const& SfxItemSet::Get<SfxUInt32Item>(TypedWhichId<SfxUInt32Item>, bool) const include/svl/itemset.hxx:102:38
    #3 in (anonymous namespace)::getNumberFormatKey(SfxItemSet const&) sc/source/core/data/patattr.cxx:1291:17
    #4 in ScPatternAttr::GetNumberFormat(SvNumberFormatter*, SfxItemSet const*) const sc/source/core/data/patattr.cxx:1335:19
    #5 in ScColumn::UpdateScriptType() sc/source/core/data/column3.cxx:871:36
    #6 in ScColumn::GetRangeScriptType(...) sc/source/core/data/column2.cxx:2338:17
    #7 in ScTable::GetRangeScriptType(sc::ColumnBlockPosition&, short, int, int) sc/source/core/data/table1.cxx:2487:23
    #8 in ScDocument::GetRangeScriptType(sc::ColumnBlockPosition&, ScAddress const&, int) sc/source/core/data/documen6.cxx:189:32
    #9 in (anonymous namespace)::ScriptTypeAggregator::execute(ScAddress const&, int, bool) sc/source/core/data/documen6.cxx:175:31
    #10 in sc::ColumnSpanSet::executeAction(ScDocument&, sc::ColumnSpanSet::Action&) const sc/source/core/data/columnspanset.cxx:176:20
    #11 in ScDocument::GetRangeScriptType(ScRangeList const&) sc/source/core/data/documen6.cxx:206:10
    #12 in ScViewFunc::GetSelectionScriptType() sc/source/ui/view/viewfunc.cxx:898:24
    #13 in ScFormatShell::GetAttrState(SfxItemSet&) sc/source/ui/view/formatsh.cxx:2001:34
    ...
    #61 in main2() sal/cppunittester/cppunittester.cxx:483:16

0x60c001c9c340 is located 64 bytes inside of 120-byte region [0x60c001c9c300,0x60c001c9c378)
freed by thread T0 here:
    #0 in operator delete(void*, unsigned long) /home/noel/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:164:3
    #1 in ScPatternAttr::~ScPatternAttr() sc/inc/patattr.hxx:53:20
    #2 in SfxItemPool::Remove(SfxPoolItem const&) svl/source/items/itempool.cxx:805:13
    #3 in ScAttrArray::SetPatternAreaImpl(int, int, ScPatternAttr const*, bool, ScEditDataArray*, bool) sc/source/core/data/attarray.cxx:574:31
    #4 in ScAttrArray::SetPattern(int, ScPatternAttr const*, bool) sc/inc/attarray.hxx:148:7
    #5 in ScColumn::ApplyAttr(int, SfxPoolItem const&) sc/source/core/data/column.cxx:633:21
    #6 in ScColumn::SetNumberFormat(int, unsigned int) sc/source/core/data/column2.cxx:3282:5
    #7 in ScTable::SetNumberFormat(short, int, unsigned int) sc/source/core/data/table2.cxx:2278:35
    #8 in ScDocument::SetNumberFormat(ScAddress const&, unsigned int) sc/source/core/data/document.cxx:3739:19
    #9 in ScFormulaCell::InterpretTail(ScInterpreterContext&, ScFormulaCell::ScInterpretTailParameter) sc/source/core/data/formulacell.cxx:2157:31
    #10 in ScFormulaCell::Interpret(int, int) sc/source/core/data/formulacell.cxx:1619:13
    #11 in ScFormulaCell::MaybeInterpret() sc/inc/formulacell.hxx:468:17
    #12 in ScFormulaCell::IsValue() sc/source/core/data/formulacell.cxx:2760:5
    #13 in lcl_GetCellContent(ScRefCellValue&, bool, double&, rtl::OUString&, ScDocument const*) sc/source/core/data/conditio.cxx:744:40
    #14 in ScConditionEntry::IsCellValid(ScRefCellValue&, ScAddress const&) const sc/source/core/data/conditio.cxx:1243:17
    #15 in ScConditionalFormat::GetCellStyle(ScRefCellValue&, ScAddress const&) const sc/source/core/data/conditio.cxx:1812:24
    #16 in ScDocument::GetCondResult(ScRefCellValue&, ScAddress const&, ScConditionalFormatList const&, o3tl::sorted_vector<unsigned int, std::less<unsigned int>, o3tl::find_unique, true> const&) const sc/source/core/data/documen4.cxx:828:41
    #17 in ScColumn::UpdateScriptType(sc::CellTextAttr&, int, mdds::mtv::soa::detail::iterator_base<mdds::mtv::soa::multi_type_vector<sc::CellStoreTraits>::iterator_trait>&) sc/source/core/data/column3.cxx:865:30
    #18 in ScColumn::GetRangeScriptType(int, mdds::mtv::soa::detail::iterator_base<mdds::mtv::soa::multi_type_vector<sc::CellStoreTraits>::iterator_trait> const&) sc/source/core/data/column2.cxx:2338:17
    #19 in ScTable::GetRangeScriptType(sc::ColumnBlockPosition&, short, int, int)
        sc/source/core/data/table1.cxx:2487:23

previously allocated by thread T60 here:
    #0 in operator new(unsigned long) /home/noel/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:95:3
    #1 in ScAttrArray::AddCondFormat(int, int, unsigned int)
       sc/source/core/data/attarray.cxx:296:32
    #2 in ScColumn::AddCondFormat(int, int, unsigned int)
       sc/inc/column.hxx:974:17
    #3 in ScTable::AddCondFormatData(ScRangeList const&, unsigned int)
       sc/source/core/data/table2.cxx:2967:43
    #4 in ScDocument::AddCondFormatData(ScRangeList const&, short, unsigned int)
       sc/source/core/data/document.cxx:4893:19
    #5 in oox::xls::CondFormat::finalizeImport()
       sc/source/filter/oox/condformatbuffer.cxx:1065:10
    #6 in oox::xls::CondFormatBuffer::finalizeImport()
       sc/source/filter/oox/condformatbuffer.cxx:1189:27
    #7 in oox::xls::WorksheetGlobals::finalizeWorksheetImport()
       sc/source/filter/oox/worksheethelper.cxx:942:22
    #8 in oox::xls::WorksheetHelper::finalizeWorksheetImport()
       sc/source/filter/oox/worksheethelper.cxx:1622:17
    #9 in oox::xls::WorksheetFragment::finalizeImport()
       sc/source/filter/oox/worksheetfragment.cxx:632:5
    #10 0x7fa4511cbf2a in oox::core::FragmentHandler2::endDocument()
       oox/source/core/fragmenthandler2.cxx:53:5

Change-Id: I8d806fd410d1d3a9c06ab141b035153649cf7062
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147513
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
2023-02-23 15:52:29 +00:00
..
core attempted fix for CppunitTest_sc_uicalc 2023-02-23 15:52:29 +00:00
filter osl::Mutex->std::mutex in OleNameOverrideContainer 2023-02-23 13:01:58 +00:00
ui related tdf#148966: rework sdr compatibility flags 2023-02-23 12:19:23 +00:00