Blind fix crash in ScDBData::UpdateReference(), tdf#126926 follow-up
Crash reports at
https://crashreport.libreoffice.org/stats/signature/ScDBData::UpdateReference(ScDocument%20const%20*,UpdateRefMode,short,long,short,short,long,short,short,long,short)
No reproducer yet, for a possible reproducer see
https://bugs.documentfoundation.org/show_bug.cgi?id=126926#c12
but creating such a scenario with 8 AutoFilters / sheets wasn't
sufficient.
However, ScDBCollection::NamedDBs (maNamedDBs) uses a std::set so after
erase(iterator++) iterator is still valid, but ScDBCollection::AnonDBs
maAnonDBs uses a std::vector for which after erase(iterator++) iterator
may be invalid if vector was shrunk and reallocated.
So use the iterator returning erase() instead to have a valid following
iterator, and for consistency do that for both.
A reproducer may need a bunch of sheets / anonymous AutoFilter for a
vector to shrink and be reallocated, and it may depend on the
plattform/compiler's implementation.
Change-Id: Ib57294d8af9f486b734f4294d8d310ce0fa20551
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/123224
Reviewed-by: Eike Rathke <erack@redhat.com>
Tested-by: Jenkins
diff --git a/sc/inc/dbdata.hxx b/sc/inc/dbdata.hxx
index 8ecd2fa..4f328ce 100644
--- a/sc/inc/dbdata.hxx
+++ b/sc/inc/dbdata.hxx
@@ -263,7 +263,7 @@ public:
*/
bool insert(std::unique_ptr<ScDBData> p);
void erase(const iterator& itr);
iterator erase(const iterator& itr);
bool empty() const;
size_t size() const;
bool operator== (const NamedDBs& r) const;
@@ -295,7 +295,7 @@ public:
void deleteOnTab(SCTAB nTab);
ScDBData* getByRange(const ScRange& rRange);
void insert(ScDBData* p);
void erase(const iterator& itr);
iterator erase(const iterator& itr);
bool empty() const;
bool has( const ScDBData* p ) const;
bool operator== (const AnonDBs& r) const;
diff --git a/sc/source/core/tool/dbdata.cxx b/sc/source/core/tool/dbdata.cxx
index f95d1e9..285654e 100644
--- a/sc/source/core/tool/dbdata.cxx
+++ b/sc/source/core/tool/dbdata.cxx
@@ -1175,9 +1175,9 @@ bool ScDBCollection::NamedDBs::insert(std::unique_ptr<ScDBData> pData)
return r.second;
}
void ScDBCollection::NamedDBs::erase(const iterator& itr)
ScDBCollection::NamedDBs::iterator ScDBCollection::NamedDBs::erase(const iterator& itr)
{
m_DBs.erase(itr);
return m_DBs.erase(itr);
}
bool ScDBCollection::NamedDBs::empty() const
@@ -1256,8 +1256,9 @@ void ScDBCollection::AnonDBs::insert(ScDBData* p)
m_DBs.push_back(std::unique_ptr<ScDBData>(p));
}
void ScDBCollection::AnonDBs::erase(const iterator& itr) {
m_DBs.erase(itr);
ScDBCollection::AnonDBs::iterator ScDBCollection::AnonDBs::erase(const iterator& itr)
{
return m_DBs.erase(itr);
}
bool ScDBCollection::AnonDBs::empty() const
@@ -1461,7 +1462,7 @@ void ScDBCollection::UpdateReference(UpdateRefMode eUpdateRefMode,
// Delete the database range, if some part of the reference became invalid.
if (it->get()->UpdateReference(&rDoc, eUpdateRefMode, nCol1, nRow1, nTab1, nCol2, nRow2,
nTab2, nDx, nDy, nDz))
maNamedDBs.erase(it++);
it = maNamedDBs.erase(it);
else
++it;
}
@@ -1470,7 +1471,7 @@ void ScDBCollection::UpdateReference(UpdateRefMode eUpdateRefMode,
// Delete the database range, if some part of the reference became invalid.
if (it->get()->UpdateReference(&rDoc, eUpdateRefMode, nCol1, nRow1, nTab1, nCol2, nRow2,
nTab2, nDx, nDy, nDz))
maAnonDBs.erase(it++);
it = maAnonDBs.erase(it);
else
++it;
}
