I first noticed this at commit 26f2da07b1c6074e519d28557a3d1d5518ff6cb4.

There are a few places on the LibreOffice codebase where the maximum unsigned 32-bit value (0xffffffff) is cast to a pointer, to be used as some sort of flag value.

While this makes sense for 32-bit (it points to the last byte of the address space, where nothing of use can be found), on 64-bit it points to within usable address space, which might have been allocated by the platform.

What probably prevents this from causing any bug is that 0xffffffff is unaligned, and any sane allocator is going to return an aligned address, so that flag value cannot by accident match a valid object. But even then, it's sloppy.

The flag value should probably be changed to SIZE_MAX or similar, to make it the equivalent of reinterpret_cast<...>(-1) even on 64-bit.

Here are the places I have found:

$ git grep -i -P 'reinterpret_cast.*0xffffffff' master
master:basic/source/runtime/ddectrl.cxx:#define DDE_FREECHANNEL (reinterpret_cast<DdeConnection*>(0xffffffff))
master:include/svtools/grfmgr.hxx:#define GRFMGR_AUTOSWAPSTREAM_NONE      (reinterpret_cast<SvStream*>(0xffffffffUL))
master:include/vcl/dialog.hxx:#define DIALOG_NO_PARENT (reinterpret_cast<vcl::Window*>(0xffffffff))
master:sw/source/core/frmedt/fedesc.cxx:    const SwPageDesc* pFnd, *pRetDesc = reinterpret_cast<SwPageDesc*>(0xffffffff);
master:sw/source/core/frmedt/fedesc.cxx:        if( reinterpret_cast<SwPageDesc*>(0xffffffff) == pRetDesc )

The last one should also use a #define instead of magic numbers.