Hello, please review and backport to 3-5 and 3-5-5 the attached patch.
It is a stripped down version of a revert (http://cgit.freedesktop.org/libreoffice/core/commit/?id=831c2d9528) and rewrite (http://cgit.freedesktop.org/libreoffice/core/commit/?id=886e29cff7) in master, but I don't feel confident enough about the rewrite for a backport at this point, so the patch is just a band-aid. The current 3-5 code has a use-after-delete problem caused by the fact that it's not possible to take out a pointer out of a shared_ptr based container. -- Lubos Lunak [email protected]
From 00ac1a517542af6417f0483e8cdfcd0d14469dd2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Lu=C5=88=C3=A1k?= <[email protected]> Date: Tue, 19 Jun 2012 15:08:21 +0200 Subject: [PATCH] avoid a crash because of shared_ptr ownership Change-Id: Ib12a80d9806d995d161d4ee71fa2b7e69eb944ea --- oox/inc/oox/vml/vmlshapecontainer.hxx | 2 +- oox/source/shape/ShapeContextHandler.cxx | 2 +- oox/source/vml/vmlshapecontainer.cxx | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/oox/inc/oox/vml/vmlshapecontainer.hxx b/oox/inc/oox/vml/vmlshapecontainer.hxx index 9b11c6c..49c3980 100644 --- a/oox/inc/oox/vml/vmlshapecontainer.hxx +++ b/oox/inc/oox/vml/vmlshapecontainer.hxx @@ -93,7 +93,7 @@ public: const ShapeBase* findShape( const Functor& rFunctor ) const; /** Returns and removes the last shape in the collection (Word only). */ - const ShapeBase* takeLastShape(); + boost::shared_ptr< ShapeBase > takeLastShape(); /** Creates and inserts all UNO shapes into the passed container. */ void convertAndInsert( diff --git a/oox/source/shape/ShapeContextHandler.cxx b/oox/source/shape/ShapeContextHandler.cxx index 3234238..04edd85 100644 --- a/oox/source/shape/ShapeContextHandler.cxx +++ b/oox/source/shape/ShapeContextHandler.cxx @@ -244,7 +244,7 @@ ShapeContextHandler::getShape() throw (uno::RuntimeException) if ( getContextHandler() == getDrawingShapeContext() ) { mpDrawing->finalizeFragmentImport(); - if( const ::oox::vml::ShapeBase* pShape = mpDrawing->getShapes().takeLastShape() ) + if( boost::shared_ptr< ::oox::vml::ShapeBase > pShape = mpDrawing->getShapes().takeLastShape() ) xResult = pShape->convertAndInsert( xShapes ); } else if (mpShape.get() != NULL) diff --git a/oox/source/vml/vmlshapecontainer.cxx b/oox/source/vml/vmlshapecontainer.cxx index 9502e4c..1d16a97 100644 --- a/oox/source/vml/vmlshapecontainer.cxx +++ b/oox/source/vml/vmlshapecontainer.cxx @@ -118,12 +118,12 @@ const ShapeBase* ShapeContainer::getShapeById( const OUString& rShapeId, bool bD return 0; } -const ShapeBase* ShapeContainer::takeLastShape() +boost::shared_ptr< ShapeBase > ShapeContainer::takeLastShape() { assert( mrDrawing.getType() == VMLDRAWING_WORD ); if( maShapes.empty()) - return NULL; - const ShapeBase* ret = maShapes.back().get(); + return boost::shared_ptr< ShapeBase >(); + boost::shared_ptr< ShapeBase > ret = maShapes.back(); maShapes.pop_back(); return ret; } -- 1.7.7
_______________________________________________ LibreOffice mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice
