On Fri, Jun 01, 2012 at 05:15:57PM +0200, Lionel Elie Mamane wrote:
> Attached patch fixes a crash when a row fails to refresh
> correctly. (...)
The crash was as follows:
When doTryRefetch_throw fails (but does not throw an exception),
m_aKeyIter is incremented. In the case where after increment it
becomes m_aKeyMap.end(), then the recursive call (refreshRow()) goes
as follows:
if(isBeforeFirst() || isAfterLast() || !m_xStatement.is())
return;
But isAferLast() is "m_aKeyIter == m_aKeyMap.end() &&
m_bRowCountFinal", so in the case that !m_bRowCountFinal, execution
continues with:
if ( m_aKeyIter->second.second.second.is() )
Bang, this dereferences m_aKeyMap.end(), which calls SIGABRT, which is
a crash.
After the patch, before the recursive call, fetchRow() is called. This
will either set m_aKeyIter to a valid (dereferencable) value or set
m_bRowCountFinal, which will keep the recursive call from
dereferencing m_aKeyIter.
--
Lionel
_______________________________________________
LibreOffice mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice
