[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-6-1+backports' - 2 commits - sw/source

Fri, 28 Jun 2019 17:49:50 -0700 

 sw/source/core/layout/calcmove.cxx |   16 ++++++++++++++--
 sw/source/core/layout/paintfrm.cxx |    1 +
 2 files changed, 15 insertions(+), 2 deletions(-)

New commits:
commit f1ece42fbe7dddfdf403eb652f87a282284add47
Author:     Michael Stahl <michael.st...@cib.de>
AuthorDate: Wed Jun 26 19:09:51 2019 +0200
Commit:     Thorsten Behrens <thorsten.behr...@cib.de>
CommitDate: Sat Jun 29 02:49:12 2019 +0200

    tdf#125751 sw: fix crash on formatting in SwLayoutFrame::PaintSwFrame()
    
    It's less than ideal that the document is painted before being fully
    formatted, but let's try to apply a band-aid...
    
    0x6120001a97d0 is located 144 bytes inside of 280-byte region 
[0x6120001a9740,0x6120001a9858)
    freed by thread T0 here:
        #1 SwFootnoteFrame::~SwFootnoteFrame() 
/home/ms/lo/master/sw/source/core/inc/ftnfrm.hxx:64:7
        #2 SwFrame::DestroyFrame(SwFrame*) sw/source/core/layout/ssfrm.cxx:389:9
        #3 SwContentFrame::Cut() sw/source/core/layout/wsfrm.cxx:1263:25
        #4 SwFlowFrame::MoveBwd(bool&) sw/source/core/layout/flowfrm.cxx:2544:17
        #5 SwContentFrame::MakeAll(OutputDevice*) 
sw/source/core/layout/calcmove.cxx:1522:17
        #6 SwFrame::PrepareMake(OutputDevice*) 
sw/source/core/layout/calcmove.cxx:366:5
        #7 SwFrame::Calc(OutputDevice*) const 
sw/source/core/layout/trvlfrm.cxx:1791:37
        #8 SwLayoutFrame::PaintSwFrame(OutputDevice&, SwRect const&, 
SwPrintData const*) const sw/source/core/layout/paintfrm.cxx:3328:17
        #9 SwLayoutFrame::PaintSwFrame(OutputDevice&, SwRect const&, 
SwPrintData const*) const sw/source/core/layout/paintfrm.cxx:3406:21
        #10 SwLayoutFrame::PaintSwFrame(OutputDevice&, SwRect const&, 
SwPrintData const*) const sw/source/core/layout/paintfrm.cxx:3406:21
        #11 SwRootFrame::PaintSwFrame(OutputDevice&, SwRect const&, SwPrintData 
const*) const sw/source/core/layout/paintfrm.cxx:3116:24
        #12 SwViewShell::Paint(OutputDevice&, tools::Rectangle const&) 
sw/source/core/view/viewsh.cxx:1840:34
    
    (reportedly a regression from 18765b9fa739337d2d891513f6e2fb7c3ce23b50)
    
    Change-Id: Iff5e783985c180b704b273fa26b7c498820640ac
    Reviewed-on: https://gerrit.libreoffice.org/74749
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@cib.de>
    (cherry picked from commit 49f971e9d0a88c9f23262445a17c9b5cecdb9167)
    Reviewed-on: https://gerrit.libreoffice.org/74786
    Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
    (cherry picked from commit 4c993cd7c762b1fca9a674cd2bab7c0e95c78e74)
    Reviewed-on: https://gerrit.libreoffice.org/74843
    Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>

diff --git a/sw/source/core/layout/paintfrm.cxx 
b/sw/source/core/layout/paintfrm.cxx
index 2e00731cb299..53088b40b862 100644
--- a/sw/source/core/layout/paintfrm.cxx
+++ b/sw/source/core/layout/paintfrm.cxx
@@ -3331,6 +3331,7 @@ void SwLayoutFrame::PaintSwFrame(vcl::RenderContext& 
rRenderContext, SwRect cons
     if ( !pFrame )
         return;
 
+    SwFrameDeleteGuard g(const_cast<SwLayoutFrame*>(this)); // lock because 
Calc() and recursion
     SwShortCut aShortCut( *pFrame, rRect );
     bool bCnt = pFrame->IsContentFrame();
     if ( bCnt )
commit 43e57bd87325486442771ae8faa20a2772481a27
Author:     Michael Stahl <michael.st...@cib.de>
AuthorDate: Wed Jun 26 19:02:18 2019 +0200
Commit:     Thorsten Behrens <thorsten.behr...@cib.de>
CommitDate: Sat Jun 29 02:48:59 2019 +0200

    tdf#125751 sw: tweak assert in SwFrame::PrepareMake() a bit more
    
    This fixes 2 cases of the assert that was added in commit
    e14056e6e88d9b8d988b7b88b2776a8fc952031b
    
    * tdf#125751 bugdoc would assert because on a page there were a bunch of
      empty section frames preceding 2 SwTextFrames; the first SwTextFrame
      moved backwards skipping over the empty section frames, hence the
      second SwTextFrame is not the mpNext of the first one's follow
    
    * writerfilter_null_ptr_deref.sample had a SwTextNode with >80k
      characters; turns out there is a check in SwTextFrame::CalcFollow()
      to format only up to 10 follow frames, so the result is 2 follow
      frames on the same page
    
    Change-Id: Ia08afd5a0e227d0613421d74b469c409ee91cfca
    Reviewed-on: https://gerrit.libreoffice.org/74748
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@cib.de>
    (cherry picked from commit f8e4845fec50affc20272600a4baf87554b055fb)
    Reviewed-on: https://gerrit.libreoffice.org/74785
    Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
    (cherry picked from commit 8d0777d455e4a861d5b203d1e36d743d1432c1bd)
    Reviewed-on: https://gerrit.libreoffice.org/74842
    Tested-by: Thorsten Behrens <thorsten.behr...@cib.de>

diff --git a/sw/source/core/layout/calcmove.cxx 
b/sw/source/core/layout/calcmove.cxx
index c1513ba9b684..68a24c89f9de 100644
--- a/sw/source/core/layout/calcmove.cxx
+++ b/sw/source/core/layout/calcmove.cxx
@@ -325,7 +325,13 @@ void SwFrame::PrepareMake(vcl::RenderContext* 
pRenderContext)
                                 && 
SwFlowFrame::CastFlowFrame(GetUpper()->Lower())
                                 && 
SwFlowFrame::CastFlowFrame(pFrame)->IsAnFollow(
                                     
SwFlowFrame::CastFlowFrame(GetUpper()->Lower()))
-                                && GetUpper()->Lower()->GetNext() == this));
+                                && (GetUpper()->Lower()->GetNext() == this
+                                    // if it's more than 10 pages long...
+                                    || 
(SwFlowFrame::CastFlowFrame(GetUpper()->Lower())->GetFollow()
+                                            == 
SwFlowFrame::CastFlowFrame(GetUpper()->Lower()->GetNext())
+                                        && 
GetUpper()->Lower()->GetNext()->GetNext() == this)
+                                    // pre-existing empty section frames may 
end up between them...
+                                    || 
GetUpper()->Lower()->GetNext()->IsSctFrame())));
                         break; // tdf#119109 frame was moved backward, prevent
                                // FindNext() returning a frame inside this if
                     }          // this is a table!
@@ -454,7 +460,13 @@ void SwFrame::PrepareCursor()
                             && SwFlowFrame::CastFlowFrame(GetUpper()->Lower())
                             && SwFlowFrame::CastFlowFrame(pFrame)->IsAnFollow(
                                 
SwFlowFrame::CastFlowFrame(GetUpper()->Lower()))
-                            && GetUpper()->Lower()->GetNext() == this));
+                            && (GetUpper()->Lower()->GetNext() == this
+                                // if it's more than 10 pages long...
+                                || 
(SwFlowFrame::CastFlowFrame(GetUpper()->Lower())->GetFollow()
+                                        == 
SwFlowFrame::CastFlowFrame(GetUpper()->Lower()->GetNext())
+                                    && 
GetUpper()->Lower()->GetNext()->GetNext() == this)
+                                // pre-existing empty section frames may end 
up between them...
+                                || 
GetUpper()->Lower()->GetNext()->IsSctFrame())));
                     break; // tdf#119109 frame was moved backward, prevent
                            // FindNext() returning a frame inside this if
                 }          // this is a table!
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to