filter/source/msfilter/escherex.cxx | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
New commits:
commit c75705b2306d3fd41e71eb4613773b62bdaa9ca5
Author: Stephan Bergmann <sberg...@redhat.com>
Date: Wed Mar 21 18:01:50 2018 +0100
Fix lifetime of referenced-by-reference EnhancedCustomShape2d
...that is created as argument to
EnhancedCustomShape::FunctionParser::parseFunction (and referenced from data
reachable from aExpressNode), but still referenced during following
aExpressNode->fillNode call. Reintroduce the aCustoShape2d variable that
had
been removed with 86c4672f4600daf19238ef25377406f445d9453a "OperationSmiley:
Secured quite some places using CustomShape", causing the regression that in
UBSan builds e.g. CppunitTest_sc_subsequent_export_test would fail with
> /svx/source/customshapes/EnhancedCustomShapeFunctionParser.cxx:261:57:
runtime error: member call on address 0x2b1295491180 which does not point to an
object of type 'EnhancedCustomShape2d'
> 0x2b1295491180: note: object is of type 'SfxItemSet'
> 1a 04 00 01 10 99 42 cb 12 2b 00 00 10 2d 8f 00 40 60 00 00 00 00 00
00 00 00 00 00 00 00 00 00
> ^~~~~~~~~~~~~~~~~~~~~~~
> vptr for 'SfxItemSet'
> #0 0x2b131efeb12d in (anonymous
namespace)::EnumValueExpression::fillNode(std::__debug::vector<EnhancedCustomShapeEquation,
std::allocator<EnhancedCustomShapeEquation> >&,
EnhancedCustomShape::ExpressionNode*, unsigned int)
/svx/source/customshapes/EnhancedCustomShapeFunctionParser.cxx:261:57
> #1 0x2b131f01f061 in (anonymous
namespace)::BinaryFunctionExpression::fillNode(std::__debug::vector<EnhancedCustomShapeEquation,
std::allocator<EnhancedCustomShapeEquation> >&,
EnhancedCustomShape::ExpressionNode*, unsigned int)
/svx/source/customshapes/EnhancedCustomShapeFunctionParser.cxx:632:40
> #2 0x2b12e0915a5c in
ConvertEnhancedCustomShapeEquation(SdrObjCustomShape const&,
std::__debug::vector<EnhancedCustomShapeEquation,
std::allocator<EnhancedCustomShapeEquation> >&, std::__debug::vector<int,
std::allocator<int> >&) /filter/source/msfilter/escherex.cxx:2426:62
[...]
when accessing the already-dead EnhancedCustomShape2d object.
Change-Id: I8f3e598f81e8e01e2505483437025ddd4cee2ec9
diff --git a/filter/source/msfilter/escherex.cxx
b/filter/source/msfilter/escherex.cxx
index 57b18c443f15..0eb9efe66e86 100644
--- a/filter/source/msfilter/escherex.cxx
+++ b/filter/source/msfilter/escherex.cxx
@@ -2416,12 +2416,13 @@ void ConvertEnhancedCustomShapeEquation(
sal_Int32 i;
for ( i = 0; i < nEquationSourceCount; i++ )
{
+ EnhancedCustomShape2d aCustoShape2d(
+ const_cast< SdrObjCustomShape& >(rSdrObjCustomShape));
try
{
std::shared_ptr< EnhancedCustomShape::ExpressionNode >
aExpressNode(
EnhancedCustomShape::FunctionParser::parseFunction(
- sEquationSource[ i ],
- const_cast< SdrObjCustomShape& >(rSdrObjCustomShape)));
+ sEquationSource[ i ], aCustoShape2d));
drawing::EnhancedCustomShapeParameter aPara(
aExpressNode->fillNode( rEquations, nullptr, 0 ) );
if ( aPara.Type !=
drawing::EnhancedCustomShapeParameterType::EQUATION )
{
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
