Skip to content

C
core
Kaydet (Commit) c837bfda authored tarafından Stephan Bergmann's avatar Stephan Bergmann
Dosyalara gözat
Seçenekler

Always restrict FAR_AWAY to 32 bit 

...as at least running CppunitTest_sw_ww8export under UBSan (in a 64 bit env.)
revealed a case where a SdrHdl instance's aPos is (FAR_AWAY, FAR_AWAY), and that
value is then used in computations that pass those FAR_AWAY values first through
a double-based basegfx::B2DRange and then (in
OverlayManagerBuffered::invalidateRange,
svx/source/sdr/overlay/overlaymanagerbuffered.cxx) into a sal_Int32-based
basegfx::B2IPoint, causing undefined behavior due to overflow:

> svx/source/sdr/overlay/overlaymanagerbuffered.cxx:463:36: runtime error: value 6.14891e+17 is outside the range of representable values of type 'int'
>  sdr::overlay::OverlayManagerBuffered::invalidateRange(basegfx::B2DRange const&) svx/source/sdr/overlay/overlaymanagerbuffered.cxx:463:36
>  sdr::overlay::OverlayManager::impApplyAddActions(sdr::overlay::OverlayObject&) svx/source/sdr/overlay/overlaymanager.cxx:206:13
>  sdr::overlay::OverlayManager::add(sdr::overlay::OverlayObject&) svx/source/sdr/overlay/overlaymanager.cxx:277:13
>  SdrHdl::CreateB2dIAObject() svx/source/svdraw/svdhdl.cxx:631:29
>  SdrHdl::Touch() svx/source/svdraw/svdhdl.cxx:398:5
>  SdrHdl::SetHdlList(SdrHdlList*) svx/source/svdraw/svdhdl.cxx:379:9
>  SdrHdlList::AddHdl(SdrHdl*, bool) svx/source/svdraw/svdhdl.cxx:2196:9
>  SdrMarkView::SetMarkHandles() svx/source/svdraw/svdmrkv.cxx:780:47
>  SdrDragView::SetMarkHandles() svx/source/svdraw/svddrgv.cxx:892:5
>  SdrMarkView::AdjustMarkHdl() svx/source/svdraw/svdmrkv.cxx:1971:5
>  SdrMarkView::MarkObj(SdrObject*, SdrPageView*, bool, bool) svx/source/svdraw/svdmrkv.cxx:1600:13
>  SwFEShell::SelectFlyFrm(SwFlyFrm&, bool) sw/source/core/frmedt/fefly1.cxx:249:9
>  SwFEShell::NewFlyFrm(SfxItemSet const&, bool, SwFrameFormat*) sw/source/core/frmedt/fefly1.cxx:752:13
>  SwFlyFrmAttrMgr::InsertFlyFrm() sw/source/uibase/frmdlg/frmmgr.cxx:166:22
>  SwFlyFrmAttrMgr::InsertFlyFrm(RndStdIds, Point const&, Size const&, bool) sw/source/uibase/frmdlg/frmmgr.cxx:199:5
>  SwModule::InsertEnv(SfxRequest&) sw/source/uibase/app/appenv.cxx:433:13
>  SwModule::ExecOther(SfxRequest&) sw/source/uibase/app/apphdl.cxx:625:13
>  Test::postLoad(char const*) sw/qa/extras/ww8export/ww8export.cxx:79:13
>  SwModelTestBase::executeImportExportImportTest(char const*) sw/qa/extras/inc/swmodeltestbase.hxx:216:9
>  testTdf94386::Import_Export_Import() sw/qa/extras/ww8export/ww8export.cxx:571:1

Change-Id: I4a8dfda252c31600b76d77b6e2b3bb8758326d47
üst d30f5bc3
Hide whitespace changes
Inline Side-by-side
Showing with 1 addition and 1 deletion
sw/source/core/inc/frmtool.hxx
Dosyayı görüntüle @ c837bfda
......@@ -47,7 +47,7 @@ class SwPageDesc;
class SwFrameFormats;
class SwRegionRects;
#define FAR_AWAY LONG_MAX - 20000 // initial position of a Fly
#define FAR_AWAY SAL_MAX_INT32 - 20000 // initial position of a Fly
#define BROWSE_HEIGHT 56700L * 10L // 10 Meters
#define GRFNUM_NO 0
#define GRFNUM_YES 1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment