forked from amazingfate/loongoffice
5dc9d944f1
nCheckPos is always set to something, but for nCheckPos != 0 nType might
be left uninitialized, so test nCheckPos == 0 before nType
seen in ooo76602-1.slk and ooo10703-1.html with distro-configs/LibreOfficeOssFuzz.conf
==623515==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x59600b4 in SvNumberFormatter::PutandConvertEntry(rtl::OUString&, int&, SvNumFormatType&, unsigned int&, o3tl::strong_int<unsigned short, LanguageTypeTag>, o3tl::strong_int<unsigned short, LanguageTypeTag>, bool, bool) svl/source/numbers/zforlist.cxx:658:72
#1 0x8c7f72 in ScImportExport::Sylk2Doc(SvStream&) sc/source/ui/docshell/impex.cxx:2130:48
#2 0x8bcb26 in ScImportExport::ImportStream(SvStream&, rtl::OUString const&, SotClipboardFormatId) sc/source/ui/docshell/impex.cxx:392:13
#3 0x650f4b in TestImportSLK sc/source/ui/docshell/docsh.cxx:3360:19
#4 0x6055a7 in LLVMFuzzerTestOneInput vcl/workben/slkfuzzer.cxx:87:11
#5 0x555b53 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/out/slkfuzzer+0x555b53)
#6 0x541622 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
#7 0x54722e in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/out/slkfuzzer+0x54722e)
#8 0x56fa82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#9 0x7fbd8b65ebf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#10 0x51cc49 in _start (/out/slkfuzzer+0x51cc49)
Uninitialized value was created by an allocation of 'nType' in the stack frame of function '_ZN14ScImportExport8Sylk2DocER8SvStream'
#0 0x8c27c0 in ScImportExport::Sylk2Doc(SvStream&) sc/source/ui/docshell/impex.cxx:1837
Change-Id: I0422ca34827319d1e35d453606a7afe6a9de3840
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120762
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>