sw/source/filter/ww8/ww8graf.cxx | 2 +- sw/source/filter/ww8/ww8graf2.cxx | 2 +- sw/source/filter/ww8/ww8par.hxx | 2 +- sw/source/filter/ww8/ww8par4.cxx | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-)
New commits: commit 3b1ab016386cebe14435d79ec8693e3c7339a7df Author: Stephan Bergmann <[email protected]> Date: Tue Sep 1 09:08:21 2015 +0200 -fsanitize=null ...as happens in CppunitTest_sw_filters_test with sw/qa/core/data/ww8/pass/CVE-2015-2431-1.doc: > sw/source/filter/ww8/ww8par4.cxx:294:76: runtime error: reference binding to null pointer of type 'const SfxItemSet' > SwWW8ImplReader::ImportOle(Graphic const*, SfxItemSet const*, SfxItemSet const*, Rectangle const&) sw/source/filter/ww8/ww8par4.cxx:294:23 > SwWW8ImplReader::ReadChar(long, long) sw/source/filter/ww8/ww8par.cxx:3611:35 > SwWW8ImplReader::ReadChars(int&, int, long, long) sw/source/filter/ww8/ww8par.cxx:3436:27 > SwWW8ImplReader::ReadText(int, int, ManTypes) sw/source/filter/ww8/ww8par.cxx:3974:22 > SwWW8ImplReader::CoreLoad(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:5175:9 > SwWW8ImplReader::LoadThroughDecryption(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:5773:19 > SwWW8ImplReader::LoadDoc(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:6045:19 > WW8Reader::Read(SwDoc&, rtl::OUString const&, SwPaM&, rtl::OUString const&) sw/source/filter/ww8/ww8par.cxx:6167:20 > SwReader::Read(Reader const&) sw/source/filter/basflt/shellio.cxx:175:18 > SwDocShell::ConvertFrom(SfxMedium&) sw/source/uibase/app/docsh.cxx:258:22 > SfxObjectShell::DoLoad(SfxMedium*) sfx2/source/doc/objstor.cxx:790:23 > SwFiltersTest::filter(rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned int, bool) sw/qa/core/filters-test.cxx:112:20 Change-Id: I4482bc5d8e0c2646e7c8667a231a78311b557e89 diff --git a/sw/source/filter/ww8/ww8graf.cxx b/sw/source/filter/ww8/ww8graf.cxx index d37be70..f6078e9 100644 --- a/sw/source/filter/ww8/ww8graf.cxx +++ b/sw/source/filter/ww8/ww8graf.cxx @@ -3026,7 +3026,7 @@ SwFlyFrameFormat* SwWW8ImplReader::ImportReplaceableDrawables( SdrObject* &rpObj OUString aObjectName(rpObject->GetName()); if (OBJ_OLE2 == SdrObjKind(rpObject->GetObjIdentifier())) - pRetFrameFormat = InsertOle(*static_cast<SdrOle2Obj*>(rpObject), rFlySet, aGrSet); + pRetFrameFormat = InsertOle(*static_cast<SdrOle2Obj*>(rpObject), rFlySet, &aGrSet); else { const SdrGrafObj *pGrf = static_cast<const SdrGrafObj*>(rpObject); diff --git a/sw/source/filter/ww8/ww8graf2.cxx b/sw/source/filter/ww8/ww8graf2.cxx index 2c1182d..91717f8 100644 --- a/sw/source/filter/ww8/ww8graf2.cxx +++ b/sw/source/filter/ww8/ww8graf2.cxx @@ -642,7 +642,7 @@ SwFrameFormat* SwWW8ImplReader::ImportGraf(SdrTextObj* pTextObj, if (sal_uInt16(OBJ_OLE2) == pObject->GetObjIdentifier()) { // the size from BLIP, if there is any, should be already set - pRet = InsertOle(*static_cast<SdrOle2Obj*>(pObject), aAttrSet, aGrSet); + pRet = InsertOle(*static_cast<SdrOle2Obj*>(pObject), aAttrSet, &aGrSet); } else { diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx index 84541fd..a0d7202 100644 --- a/sw/source/filter/ww8/ww8par.hxx +++ b/sw/source/filter/ww8/ww8par.hxx @@ -1522,7 +1522,7 @@ private: SwFrameFormat* ImportOle( const Graphic* = 0, const SfxItemSet* pFlySet = 0, const SfxItemSet* pGrfSet = 0, const Rectangle& aVisArea = Rectangle() ); SwFlyFrameFormat* InsertOle(SdrOle2Obj &rObject, const SfxItemSet &rFlySet, - const SfxItemSet &rGrfSet); + const SfxItemSet *rGrfSet); bool ImportFormulaControl(WW8FormulaControl &rBox,WW8_CP nStart, SwWw8ControlType nWhich); diff --git a/sw/source/filter/ww8/ww8par4.cxx b/sw/source/filter/ww8/ww8par4.cxx index 5ef7a77..1aeaacb 100644 --- a/sw/source/filter/ww8/ww8par4.cxx +++ b/sw/source/filter/ww8/ww8par4.cxx @@ -198,7 +198,7 @@ static bool SwWw6ReadMacPICTStream(Graphic& rGraph, tools::SvRef<SotStorage>& rS } SwFlyFrameFormat* SwWW8ImplReader::InsertOle(SdrOle2Obj &rObject, - const SfxItemSet &rFlySet, const SfxItemSet &rGrfSet) + const SfxItemSet &rFlySet, const SfxItemSet *rGrfSet) { SfxObjectShell *pPersist = m_rDoc.GetPersist(); OSL_ENSURE(pPersist, "No persist, cannot insert objects correctly"); @@ -238,7 +238,7 @@ SwFlyFrameFormat* SwWW8ImplReader::InsertOle(SdrOle2Obj &rObject, if (bSuccess) { const SfxItemSet *pFlySet = pMathFlySet ? pMathFlySet : &rFlySet; - pRet = m_rDoc.getIDocumentContentOperations().InsertOLE(*m_pPaM, sNewName, rObject.GetAspect(), pFlySet, &rGrfSet, 0); + pRet = m_rDoc.getIDocumentContentOperations().InsertOLE(*m_pPaM, sNewName, rObject.GetAspect(), pFlySet, rGrfSet, 0); } delete pMathFlySet; return pRet; @@ -291,7 +291,7 @@ SwFrameFormat* SwWW8ImplReader::ImportOle(const Graphic* pGrf, { if (pRet->ISA(SdrOle2Obj)) { - pFormat = InsertOle(*static_cast<SdrOle2Obj*>(pRet), *pFlySet, *pGrfSet); + pFormat = InsertOle(*static_cast<SdrOle2Obj*>(pRet), *pFlySet, pGrfSet); SdrObject::Free( pRet ); // das brauchen wir nicht mehr } else _______________________________________________ Libreoffice-commits mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
