sw/qa/extras/odfimport/data/ooo77837-1.odt |binary
sw/qa/extras/odfimport/odfimport.cxx | 5 +++++
sw/source/core/layout/flowfrm.cxx | 14 ++++++++++++++
3 files changed, 19 insertions(+)
New commits:
commit c3087d969671e62182eb049850479e77190ccff4
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Mar 20 21:16:35 2015 +0000
avoid crash on layout of ooo77837-1.odt
by attempting to set the parent as un-joinable for the duration of the
Cut/Paste in order to ensure it survives the process
==14185== Invalid read of size 8
==14185== at 0x27AB1CF4: SwLayoutFrm::Lower() (layfrm.hxx:108)
==14185== by 0x27FE3FD4: SwFlowFrm::PasteTree(SwFrm*, SwLayoutFrm*,
SwFrm*, SwFrm*) (flowfrm.cxx:455)
==14185== by 0x27FE4597: SwFlowFrm::MoveSubTree(SwLayoutFrm*, SwFrm*)
(flowfrm.cxx:584)
==14185== by 0x2801CF8B: SwCntntFrm::MoveFtnCntFwd(bool, SwFtnBossFrm*)
(ftnfrm.cxx:2753)
==14185== by 0x27FE7C29: SwFlowFrm::MoveFwd(bool, bool, bool)
(flowfrm.cxx:1795)
==14185== Address 0x11a74da8 is 168 bytes inside a block of size 288 free'd
==14185== by 0x2808CAC8: SwSectionFrm::~SwSectionFrm() (sectfrm.cxx:153)
==14185== by 0x2808DCC5: SwSectionFrm::MergeNext(SwSectionFrm*)
(sectfrm.cxx:453)
==14185== by 0x2808EC4B: SwSectionFrm::MakeAll() (sectfrm.cxx:713)
==14185== by 0x27FCD000: SwFrm::PrepareMake() (calcmove.cxx:306)
==14185== by 0x27DCAAC1: SwFrm::Calc() const (frame.hxx:996)
==14185== by 0x27FE3EB9: SwFlowFrm::CutTree(SwFrm*) (flowfrm.cxx:418)
==14185== by 0x27FE4577: SwFlowFrm::MoveSubTree(SwLayoutFrm*, SwFrm*)
(flowfrm.cxx:583)
==14185== by 0x2801CF8B: SwCntntFrm::MoveFtnCntFwd(bool, SwFtnBossFrm*)
(ftnfrm.cxx:2753)
==14185== by 0x27FE7C29: SwFlowFrm::MoveFwd(bool, bool, bool)
(flowfrm.cxx:1795)
Change-Id: If96d845fdf22726df513b0dabd2764ad60c85987
diff --git a/sw/qa/extras/odfimport/data/ooo77837-1.odt
b/sw/qa/extras/odfimport/data/ooo77837-1.odt
new file mode 100644
index 0000000..7be4f2b
Binary files /dev/null and b/sw/qa/extras/odfimport/data/ooo77837-1.odt differ
diff --git a/sw/qa/extras/odfimport/odfimport.cxx
b/sw/qa/extras/odfimport/odfimport.cxx
index dd32fb6..7c6e2e2 100644
--- a/sw/qa/extras/odfimport/odfimport.cxx
+++ b/sw/qa/extras/odfimport/odfimport.cxx
@@ -319,6 +319,11 @@ DECLARE_ODFIMPORT_TEST(testCalcFtnCntnt, "ooo32780-1.odt")
//this was a CalcFtnCntnt crash
}
+DECLARE_ODFIMPORT_TEST(testMoveSubTree, "ooo77837-1.odt")
+{
+ //this was a MoveSubTree crash
+}
+
DECLARE_ODFIMPORT_TEST(testFdo75872_ooo33, "fdo75872_ooo33.odt")
{
// graphics default style: line color and fill color changed
diff --git a/sw/source/core/layout/flowfrm.cxx
b/sw/source/core/layout/flowfrm.cxx
index f4a67d4..365413a 100644
--- a/sw/source/core/layout/flowfrm.cxx
+++ b/sw/source/core/layout/flowfrm.cxx
@@ -574,9 +574,23 @@ void SwFlowFrm::MoveSubTree( SwLayoutFrm* pParent, SwFrm*
pSibling )
SwPageFrm *pOldPage = m_rThis.FindPageFrm();
+ //JoinLock pParent for the lifetime of the Cut/Paste call to avoid
+ //SwSectionFrm::MergeNext removing the pParent we're trying to reparent
+ //into
+ bool bOldJoinLocked(false);
+ SwFlowFrm *pParentFlow = SwFlowFrm::CastFlowFrm(pParent);
+ if (pParentFlow)
+ {
+ bOldJoinLocked = pParentFlow->IsJoinLocked();
+ pParentFlow->LockJoin();
+ }
+
SwLayoutFrm *pOldParent = CutTree( &m_rThis );
const bool bInvaLay = PasteTree( &m_rThis, pParent, pSibling, pOldParent );
+ if (pParentFlow && !bOldJoinLocked)
+ pParentFlow->UnlockJoin();
+
// If, by cutting & pasting, an empty SectionFrm came into existence, it
should
// disappear automatically.
SwSectionFrm *pSct;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
