Issue 25268 - memory overwrite in _InitCore()
Summary: memory overwrite in _InitCore()
Status: CLOSED FIXED
Alias: None
Product: Writer
Classification: Application
Component: code (show other issues)
Version: 680m24
Hardware: All All
: P1 (highest) Trivial (vote)
Target Milestone: ---
Assignee: jens-heiner.rechtien
QA Contact: issues@sw
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-02-09 17:46 UTC by jens-heiner.rechtien
Modified: 2013-08-07 14:41 UTC (History)
1 user (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description jens-heiner.rechtien 2004-02-09 17:46:40 UTC 
sw/source/core/bastyp/init.cxx, around line 936

    // OD 2004-01-21 #i18732# - setup new version map due to extension of
    // the frame attributes (RES_FRMATR_*) for binary filters.
    SwAttrPool::pVersionMap5 = new USHORT[ 130 ];
    for( i = 1; i <= 109; i++ )
        SwAttrPool::pVersionMap4[ i-1 ] = i;
    for ( i = 110; i <= 130; ++i )
        SwAttrPool::pVersionMap4[ i-1 ] = i + 6;

This code fragment overwrites the wrong array. Office unstable, location found
with the help of valgrind,
==13773== Invalid write of size 2
==13773==    at 0x4F8F3BC3: _InitCore()
(/usr/local/hr/SRC680/sw/source/core/bastyp/init.cxx:963)
==13773==    by 0x4F7D44B3: SwDLL::Init() (in
/tmp/staroffice8/program/libsw680li.so)
==13773==    by 0x4FFC9DD3:
SwTextDocument_createInstance(com::sun::star::uno::Reference<com::sun::star::lang::XMultiServiceFactory>
const&) (/usr/local/hr/SRC680/sw/source/ui/uno/unodoc.cxx:108)
==13773==    by 0x40D6BC9A: (within
/tmp/staroffice8/program/libcppuhelpergcc3.so.3.1.0)
==13773==    Address 0x4E1FD522 is 0 bytes after a block of size 242 alloc'd
==13773==    at 0x40027B4C: malloc (vg_replace_malloc.c:153)
==13773==    by 0x4109C867: rtl_allocateMemory (alloc.c:1306)
==13773==    by 0x808B716: (within /tmp/staroffice8/program/soffice.bin)
==13773==    by 0x808B91A: operator new[](unsigned) (in
/tmp/staroffice8/program/soffice.bin)

Fixing this results in a working Office.
Comment 1 jens-heiner.rechtien 2004-02-09 17:50:23 UTC 
PS: Already fixed on the main branch.
Comment 2 lohmaier 2004-02-09 20:10:00 UTC 
setting valgrind keyword
Comment 3 Oliver-Rainer Wittmann 2004-02-10 07:29:47 UTC 
OD->HR:
Thx, for fixing my stupid copy-and-paste-error.
Setting status to fixed.
Comment 4 Oliver-Rainer Wittmann 2004-02-10 07:34:28 UTC 
OD: reassigned to HR
Comment 5 jens-heiner.rechtien 2004-02-10 17:55:26 UTC 
Fixed.
Comment 6 jens-heiner.rechtien 2004-02-10 17:56:11 UTC 
Closing.