sw/source/core/layout/layact.cxx | 6 ++++++ 1 file changed, 6 insertions(+)
New commits: commit fc7b3932a6a6f05c6142b0c6398c82681a93dd9e Author: Michael Stahl <[email protected]> AuthorDate: Thu Apr 4 19:26:31 2024 +0200 Commit: Caolán McNamara <[email protected]> CommitDate: Sat Apr 6 22:57:29 2024 +0200 sw: layout: remove superfluous pages again in InternalAction() The bugdoc has a very large header containing hidden text changes height when toggling Formatting Marks. When toggling on, it crashes, because UnHide() iterates the text frames in all headers, but after the first one empty pages at the end of the document are removed, so UAF. Remove the pages without content earlier; SwLayAction::InternalAction() already does it after the "normal" page loop, but the 2nd page loop following that may also move content off pages, so do it again. Change-Id: Iaae6a16842b3494f25cba8fc036d15049b71961f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165801 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> (cherry picked from commit 759d822dac5edc6104ce61b70c578425d9f2470d) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165728 Reviewed-by: Caolán McNamara <[email protected]> diff --git a/sw/source/core/layout/layact.cxx b/sw/source/core/layout/layact.cxx index a705ef251176..f4a578fe99eb 100644 --- a/sw/source/core/layout/layact.cxx +++ b/sw/source/core/layout/layact.cxx @@ -809,6 +809,12 @@ void SwLayAction::InternalAction(OutputDevice* pRenderContext) unlockPositionOfObjects( pPg ); pPg = static_cast<SwPageFrame*>(pPg->GetNext()); } + if (m_pRoot->IsSuperfluous()) // could be newly set now! + { + bool bOld = IsAgain(); + m_pRoot->RemoveSuperfluous(); + SetAgain(bOld); + } // reset flag for special interrupt content formatting. mbFormatContentOnInterrupt = false; }
