svx/source/svdraw/svdetc.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 719e2f34837ac54ab7d789e782d5924a72c931d3
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Wed Aug 18 15:04:49 2021 +0200
Commit: Mike Kaganski <mike.kagan...@collabora.com>
CommitDate: Wed Aug 18 19:19:17 2021 +0200
Potential nullptr dereference
SdrOle2Obj::CanUnloadRunningObj dereferences its first argument
unconditionally after checking if it's XEmbedPersist2, so for null
argument, it will always crash.
OTOH, OLEObjCache::UnloadCheckHdl checks if xUnloadObj is null,
*after* calling SdrOle2Obj::CanUnloadRunningObj with it.
I don't know if it's OK to try to unload objects that don't return
a valid XEmbeddedObject, so I decided to live dangerously and keep
unloading those.
Change-Id: Ib4901cbaf2dcd3ba4ae6fed983c09c10f1efe852
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120633
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
diff --git a/svx/source/svdraw/svdetc.cxx b/svx/source/svdraw/svdetc.cxx
index 471c0e65ffd9..04219e7a8477 100644
--- a/svx/source/svdraw/svdetc.cxx
+++ b/svx/source/svdraw/svdetc.cxx
@@ -128,7 +128,7 @@ IMPL_LINK_NOARG(OLEObjCache, UnloadCheckHdl, Timer*, void)
// it is important to get object without reinitialization to avoid
reentrance
uno::Reference< embed::XEmbeddedObject > xUnloadObj =
pUnloadObj->GetObjRef_NoInit();
- bool bUnload = SdrOle2Obj::CanUnloadRunningObj( xUnloadObj,
pUnloadObj->GetAspect() );
+ bool bUnload = !xUnloadObj || SdrOle2Obj::CanUnloadRunningObj(
xUnloadObj, pUnloadObj->GetAspect() );
// check whether the object can be unloaded before looking for the
parent objects
if ( xUnloadObj.is() && bUnload )
