editeng/source/editeng/impedit3.cxx | 2 ++ sw/source/core/docnode/node2lay.cxx | 1 + 2 files changed, 3 insertions(+)
New commits: commit 3d9f7d16298760b537c4cb1c5c0e1f4875e0bc36 Author: Caolán McNamara <[email protected]> AuthorDate: Thu Sep 15 17:37:34 2022 +0100 Commit: Caolán McNamara <[email protected]> CommitDate: Thu Sep 15 21:42:41 2022 +0200 cid#1500398 silence Use after free I am just going to blithely assume this doesn't actually happen Change-Id: Iad325f2f4e5243f27b6122e95522a979637a1692 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/140025 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> diff --git a/sw/source/core/docnode/node2lay.cxx b/sw/source/core/docnode/node2lay.cxx index cad4ee0c6e2c..607ebada8ef4 100644 --- a/sw/source/core/docnode/node2lay.cxx +++ b/sw/source/core/docnode/node2lay.cxx @@ -367,6 +367,7 @@ SwLayoutFrame* SwNode2LayImpl::UpperFrame( SwFrame* &rpFrame, const SwNode &rNod pUpper = new SwSectionFrame(const_cast<SwSectionNode*>(static_cast<const SwSectionNode*>(pNode))->GetSection(), rpFrame); pUpper->Paste( rpFrame->GetUpper(), mbMaster ? rpFrame : rpFrame->GetNext() ); + // coverity[freed_arg : FALSE] - pUpper->Lower() is not freed here static_cast<SwSectionFrame*>(pUpper)->Init(); rpFrame = nullptr; // 'Go down' the section frame as long as the layout frame commit 399f0aa2beb01637b343a7ce1da935b44f4bd059 Author: Caolán McNamara <[email protected]> AuthorDate: Thu Sep 15 17:13:00 2022 +0100 Commit: Caolán McNamara <[email protected]> CommitDate: Thu Sep 15 21:42:27 2022 +0200 cid#1509213 silence Dereference after null check Change-Id: Ib260440105930f173d5ffd011c76f90c898e34e1 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/140023 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> diff --git a/editeng/source/editeng/impedit3.cxx b/editeng/source/editeng/impedit3.cxx index b33b8c5f1554..cf30aada8448 100644 --- a/editeng/source/editeng/impedit3.cxx +++ b/editeng/source/editeng/impedit3.cxx @@ -848,6 +848,8 @@ bool ImpEditEngine::CreateLines( sal_Int32 nPara, sal_uInt32 nStartPosY ) while ( ( nIndex < pNode->Len() ) || bForceOneRun ) { + assert(pLine); + bForceOneRun = false; bool bEOL = false;
