sw/source/core/txtnode/thints.cxx | 1 +
1 file changed, 1 insertion(+)
New commits:
commit 5d68b3878fed165bf1bdc6aa47be1df4a8265b96
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Fri Jul 22 11:50:23 2022 +0200
Commit: Miklos Vajna <vmik...@collabora.com>
CommitDate: Fri Jul 22 14:15:21 2022 +0200
sw: fix heap-use-after-free in SwTextNode::InsertHint()
This is a problem since commit 1dce9ee7e12871ee63434499db805e806b9e9d3c
(sw content controls, plain text: apply formatting to the entire
contents, 2022-07-21), because I forgot to check if pAttr is still a
valid pointer after the input field code is executed.
Below code already uses this flag to make sure it's not accessing a
dangling pointer, apply the same fix here as well.
Change-Id: Ifcba0bc5e3a3c0abd81ff954fb10f6880163461b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/137349
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
Tested-by: Jenkins
diff --git a/sw/source/core/txtnode/thints.cxx
b/sw/source/core/txtnode/thints.cxx
index 3fade71120d2..e7fb33b8a1c8 100644
--- a/sw/source/core/txtnode/thints.cxx
+++ b/sw/source/core/txtnode/thints.cxx
@@ -1684,6 +1684,7 @@ bool SwTextNode::InsertHint( SwTextAttr * const pAttr,
const SetAttrMode nMode )
}
}
+ if (bInsertHint)
{
// Handle the invariant that a plain text content control has the same
character formatting
// for all of its content.
