Issue 25268

Summary: memory overwrite in _InitCore()
Product: Writer Reporter: jens-heiner.rechtien
Component: codeAssignee: jens-heiner.rechtien
Status: CLOSED FIXED QA Contact: issues@sw <issues>
Severity: Trivial    
Priority: P1 (highest) CC: issues
Version: 680m24   
Target Milestone: ---   
Hardware: All   
OS: All   
Issue Type: DEFECT Latest Confirmation in: ---
Developer Difficulty: ---

Description jens-heiner.rechtien 2004-02-09 17:46:40 UTC 
sw/source/core/bastyp/init.cxx, around line 936

    // OD 2004-01-21 #i18732# - setup new version map due to extension of
    // the frame attributes (RES_FRMATR_*) for binary filters.
    SwAttrPool::pVersionMap5 = new USHORT[ 130 ];
    for( i = 1; i <= 109; i++ )
        SwAttrPool::pVersionMap4[ i-1 ] = i;
    for ( i = 110; i <= 130; ++i )
        SwAttrPool::pVersionMap4[ i-1 ] = i + 6;

This code fragment overwrites the wrong array. Office unstable, location found
with the help of valgrind,
==13773== Invalid write of size 2
==13773==    at 0x4F8F3BC3: _InitCore()
(/usr/local/hr/SRC680/sw/source/core/bastyp/init.cxx:963)
==13773==    by 0x4F7D44B3: SwDLL::Init() (in
/tmp/staroffice8/program/libsw680li.so)
==13773==    by 0x4FFC9DD3:
SwTextDocument_createInstance(com::sun::star::uno::Reference<com::sun::star::lang::XMultiServiceFactory>
const&) (/usr/local/hr/SRC680/sw/source/ui/uno/unodoc.cxx:108)
==13773==    by 0x40D6BC9A: (within
/tmp/staroffice8/program/libcppuhelpergcc3.so.3.1.0)
==13773==    Address 0x4E1FD522 is 0 bytes after a block of size 242 alloc'd
==13773==    at 0x40027B4C: malloc (vg_replace_malloc.c:153)
==13773==    by 0x4109C867: rtl_allocateMemory (alloc.c:1306)
==13773==    by 0x808B716: (within /tmp/staroffice8/program/soffice.bin)
==13773==    by 0x808B91A: operator new[](unsigned) (in
/tmp/staroffice8/program/soffice.bin)

Fixing this results in a working Office.
Comment 1 jens-heiner.rechtien 2004-02-09 17:50:23 UTC 
PS: Already fixed on the main branch.
Comment 2 lohmaier 2004-02-09 20:10:00 UTC 
setting valgrind keyword
Comment 3 Oliver-Rainer Wittmann 2004-02-10 07:29:47 UTC 
OD->HR:
Thx, for fixing my stupid copy-and-paste-error.
Setting status to fixed.
Comment 4 Oliver-Rainer Wittmann 2004-02-10 07:34:28 UTC 
OD: reassigned to HR
Comment 5 jens-heiner.rechtien 2004-02-10 17:55:26 UTC 
Fixed.
Comment 6 jens-heiner.rechtien 2004-02-10 17:56:11 UTC 
Closing.