Avoid overflow with large row heights

Desktop / LibreOffice - Stephan Bergmann [redhat.com] - 3 June 2019 17:00 EDT

With -fsanitize=float-cast-overflow, opening csv/fdo54919-3.csv as obtained by bin/get-bugzilla-attachments-by-mimetype (i.e., the attachment at ) fails first with

> sc/source/core/data/column2.cxx:942:75: runtime error: 73940.3 is outside the range of representable values of type 'unsigned short' > #0 in ScColumn::GetOptimalHeight(sc::RowHeightContext&, int, int, unsigned short, int) at sc/source/core/data/column2.cxx:942:75 (instdir/program/../program/libsclo.so +0xc93bfaf) > #1 in (anonymous namespace)::GetOptimalHeightsInColumn(sc::RowHeightContext&, ScColContainer&, int, int, ScProgress*, unsigned long) at sc/source/core/data/table1.cxx:114:20 (instdir/program/../program/libsclo.so +0xe02fd57) > #2 in ScTable::SetOptimalHeight(sc::RowHeightContext&, int, int, ScProgress*, unsigned long) at sc/source/core/data/table1.cxx:466:5 (instdir/program/../program/libsclo.so +0xe02ec69) > #3 in ScDocument::SetOptimalHeight(sc::RowHeightContext&, int, int, short) at sc/source/core/data/document.cxx:4267:18 (instdir/program/../program/libsclo.so +0xd18bc12) > #4 in ScDocShell::AdjustRowHeight(int, int, short) at sc/source/ui/docshell/docsh5.cxx:411:32 (instdir/program/../program/libsclo.so +0x111eb5c6) > #5 in ScImportExport::ExtText2Doc(SvStream&) at sc/source/ui/docshell/impex.cxx:1469:29 (instdir/program/../program/libsclo.so +0x11498773) > #6 in ScImportExport::ImportStream(SvStream&, rtl::OUString const&, SotClipboardFormatId) at sc/source/ui/docshell/impex.cxx:379:13 (instdir/program/../program/libsclo.so +0x11492715) > #7 in ScDocShell::ConvertFrom(SfxMedium&) at sc/source/ui/docshell/docsh.cxx:1299:35 (instdir/program/../program/libsclo.so +0x110b0cee) > #8 in SfxObjectShell::DoLoad(SfxMedium*) at sfx2/source/doc/objstor.cxx:768:23 (instdir/program/libsfxlo.so +0x49d934a) [...]

and then with

> sc/source/core/data/fillinfo.cxx:216:59: runtime error: 113431 is outside the range of representable values of type 'unsigned short' > #0 in (anonymous namespace)::initRowInfo(ScDocument const*, RowInfo*, unsigned long, double, int, short, int&, unsigned long&, int&) at sc/source/core/data/fillinfo.cxx:216:59 (instdir/program/../program/libsclo.so +0xdb8ebcf) > #1 in ScDocument::FillInfo(ScTableInfo&, short, int, short, int, short, double, double, bool, bool, ScMarkData const*) at sc/source/core/data/fillinfo.cxx:401:5 (instdir/program/../program/libsclo.so +0xdb7896e) > #2 in ScPrintFunc::DrawToDev(ScDocument*, OutputDevice*, double, tools::Rectangle const&, ScViewData*, bool) at sc/source/ui/view/printfun.cxx:544:11 (instdir/program/../program/libsclo.so +0x1309d461) > #3 in ScDocShell::Draw(OutputDevice*, JobSetup const&, unsigned short) at sc/source/ui/docshell/docsh4.cxx:2036:9 (instdir/program/../program/libsclo.so +0x111aabd7) > #4 in SfxObjectShell::DoDraw_Impl(OutputDevice*, Point const&, Fraction const&, Fraction const&, JobSetup const&, unsigned short) at sfx2/source/doc/objembed.cxx:229:5 (instdir/program/libsfxlo.so +0x491e953) > #5 in SfxObjectShell::DoDraw(OutputDevice*, Point const&, Size const&, JobSetup const&, unsigned short) at sfx2/source/doc/objembed.cxx:176:9 (instdir/program/libsfxlo.so +0x491cbb3) > #6 in SfxObjectShell::CreatePreviewMetaFile_Impl(bool) const at sfx2/source/doc/objcont.cxx:171:40 (instdir/program/libsfxlo.so +0x48ffc5a) > #7 in SfxObjectShell::GetPreviewMetaFile(bool) const at sfx2/source/doc/objcont.cxx:118:12 (instdir/program/libsfxlo.so +0x48fdc15) > #8 in SfxPickListImpl::AddDocumentToPickList(SfxObjectShell*) at sfx2/source/appl/sfxpicklist.cxx:135:62 (instdir/program/libsfxlo.so +0x361c3e5) [...]

These are similar to "Avoid overflow when scaling column width" and "Avoid overflow in ScColumn::GetOptimalColWidth", respectively, for column width calculations, and given csv/fdo54919-3.csv has a rather tall fifth row, these
values do not look completely implausible---which of course begs the question whether sal_uInt16 is an appropriate data type here.

But assuming sal_uInt16 is a useful choice, just clamp the calculated heights accordingly. (Using std::clamp, we can get rid of the following lines in initRowInfo that ensure nHeight >= 1.)

Change-Id: I99f97c1dedcd8c6d2daa63f2e10011a3ce837fe4 Reviewed-on: https://gerrit.libreoffice.org/73278

d4dd07320d93 Avoid overflow with large row heights
sc/source/core/data/column2.cxx | 9 ++++++---
sc/source/core/data/fillinfo.cxx | 6 +++---
2 files changed, 9 insertions(+), 6 deletions(-)

Upstream: cgit.freedesktop.org


  • Share