fdo#58004: Fix out-of-bound access to std::vector.

Two things were wrong with the old code: 1) it didn't check for out-of-bound access, and 2) used SC_DP_MAX_FIELDS as the upper bound of dimension members, when in fact SC_DP_MAX_FIELDS was the upper bound of dimensions themselves,. not their members. We shouldn't impose such upper bounds actually, at least not in the core implementation. We should do that in the UI code if we really have to. Change-Id: I307d4f34d2b0be84f0fd2b93a6270ffce2448bdf

fdo#58004: Fix out-of-bound access to std::vector.
Two things were wrong with the old code: 1) it didn't check for out-of-bound access, and 2) used SC_DP_MAX_FIELDS as the upper bound of dimension members, when in fact SC_DP_MAX_FIELDS was the upper bound of dimensions themselves,. not their members. We shouldn't impose such upper bounds actually, at least not in the core implementation. We should do that in the UI code if we really have to. Change-Id: I307d4f34d2b0be84f0fd2b93a6270ffce2448bdf
a39ceea6 · Kohei Yoshida · 0e213aae · a39ceea6 · a39ceea6
Kaydet (Commit) a39ceea6 authored 12 years ago tarafından Kohei Yoshida
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 18 deletions

dptabres.hxx sc/inc/dptabres.hxx +1 -1

dptabres.cxx sc/source/core/data/dptabres.cxx +7 -17

No files found.
--- a/sc/inc/dptabres.hxx
+++ b/sc/inc/dptabres.hxx
@@ -294,7 +294,7 @@ private:
    bool                    bDataAtRow:1;

    //! add "displayed values" settings
-    mutable std::vector< ResultMembers* > mpDimMembers;
+    mutable std::vector<ResultMembers*> maDimMembers;
 public:
                        ScDPResultData( ScDPSource* pSrc );     //! Ref
                        ~ScDPResultData();

--- a/sc/source/core/data/dptabres.cxx
+++ b/sc/source/core/data/dptabres.cxx
@@ -72,17 +72,7 @@ static sal_uInt16 nFuncStrIds[12] =     // passend zum enum ScSubTotalFunc
    STR_FUN_TEXT_VAR                // SUBTOTAL_FUNC_VARP
 };
 namespace {
-    template < typename T >
-    void lcl_ResizePointVector( T & vec, size_t nSize )
-    {

-        for ( size_t i = 0 ; i < vec.size(); i++ )
-        {
-            if ( vec[i] )
-                delete vec[i];
-        }
-        vec.resize( nSize, NULL );
-    }
    sal_Bool lcl_SearchMember( const std::vector <ScDPResultMember *>& list, SCROW nOrder, SCROW& rIndex)
    {
        rIndex = list.size();
@@ -740,8 +730,6 @@ ScDPResultData::ScDPResultData( ScDPSource* pSrc ) :        //! Ref
    bDataAtCol( false ),
    bDataAtRow( false )
 {
-
-    lcl_ResizePointVector( mpDimMembers , SC_DP_MAX_FIELDS );
 }

 ScDPResultData::~ScDPResultData()
@@ -750,7 +738,7 @@ ScDPResultData::~ScDPResultData()
    delete[] pMeasRefs;
    delete[] pMeasRefOrient;

-      lcl_ResizePointVector( mpDimMembers , 0 );
+    std::for_each(maDimMembers.begin(), maDimMembers.end(), ScDeleteObjectByPtr<ResultMembers>());
 }

 void ScDPResultData::SetMeasureData( long nCount, const ScSubTotalFunc* pFunctions,
@@ -924,8 +912,10 @@ const ScDPSource* ScDPResultData::GetSource() const

 ResultMembers* ScDPResultData::GetDimResultMembers(long nDim, ScDPDimension* pDim, ScDPLevel* pLevel) const
 {
-    if (mpDimMembers[nDim])
-        return mpDimMembers[nDim];
+    if (nDim < static_cast<long>(maDimMembers.size()) && maDimMembers[nDim])
+        return maDimMembers[nDim];
+
+    maDimMembers.resize(nDim+1, NULL);

    ResultMembers* pResultMembers = new ResultMembers();
    // global order is used to initialize aMembers, so it doesn't have to be looked at later
@@ -944,8 +934,8 @@ ResultMembers* ScDPResultData::GetDimResultMembers(long nDim, ScDPDimension* pDi
        }
    }

-    mpDimMembers[nDim] = pResultMembers;
-    return mpDimMembers[nDim];
+    maDimMembers[nDim] = pResultMembers;
+    return maDimMembers[nDim];
 }

 // -----------------------------------------------------------------------