sw/source/core/unocore/unofield.cxx | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
New commits:
commit ad387d5b984c6666906505d25685065f710ed55d
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Jun 27 21:29:11 2022 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Sun Dec 18 23:08:05 2022 +0000
crashtesting: failure on load of forum-en-7529.odt
==324198== Invalid read of size 8
==324198== at 0x2D840D75: std::__uniq_ptr_impl<SwField,
std::default_delete<SwField> >::_M_ptr() const (unique_ptr.h:191)
==324198== by 0x2D840D54: std::unique_ptr<SwField,
std::default_delete<SwField> >::get() const (unique_ptr.h:462)
==324198== by 0x2D932B9B: SwFormatField::GetField() (fmtfld.hxx:122)
==324198== by 0x2E740E7B: SwXTextField::Impl::GetField() const
(unofield.cxx:2634)
==324198== by 0x2E7487EB: SwXTextField::setPropertyValue(rtl::OUString
const&, com::sun::star::uno::Any const&) (unofield.cxx:2150)
==324198== by 0x1100C123:
XMLPropertyBackpatcher<short>::ResolveId(rtl::OUString const&, short)
(XMLPropertyBackpatcher.cxx:73)
==324198== by 0x1100BB0F:
XMLTextImportHelper::InsertFootnoteID(rtl::OUString const&, short)
(XMLPropertyBackpatcher.cxx:180)
==324198== by 0x10FF7E71:
XMLFootnoteImportContext::startFastElement(int,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList>
const&) (XMLFootnoteImportContext.cxx:99)
==324198== by 0x10C40361: SvXMLImport::startFastElement(int,
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList>
const&) (xmlimp.cxx:812)
==324198== by 0x28FBFE71: (anonymous
namespace)::Entity::startElement((anonymous namespace)::Event const*)
(fastparser.cxx:470)
==324198== by 0x28FBED4E:
sax_fastparser::FastSaxParserImpl::callbackStartElement(unsigned char const*,
unsigned char const*, unsigned char const*, int, unsigned char const**, int,
unsigned char const**) (fastparser.cxx:1304)
==324198== by 0x28FBCCAF: (anonymous
namespace)::call_callbackStartElement(void*, unsigned char const*, unsigned
char const*, unsigned char const*, int, unsigned char const**, int, int,
unsigned char const**) (fastparser.cxx:333)
==324198== Address 0x259e2b68 is 328 bytes inside a block of size 344
free'd
==324198== at 0x4848669: operator delete(void*) (vg_replace_malloc.c:923)
==324198== by 0x2E4EC2B1: SwFormatField::~SwFormatField()
(atrfld.cxx:132)
==324198== by 0x8635DA2: SfxItemPool::Remove(SfxPoolItem const&)
(itempool.cxx:802)
==324198== by 0x2E5BB014: SwTextAttr::Destroy(SwTextAttr*, SfxItemPool&)
(txatbase.cxx:63)
==324198== by 0x2E594EE2: SwTextNode::DestroyAttr(SwTextAttr*)
(thints.cxx:1302)
==324198== by 0x2E55C4EC: SwTextNode::~SwTextNode() (ndtxt.cxx:238)
==324198== by 0x2E55CB38: SwTextNode::~SwTextNode() (ndtxt.cxx:227)
==324198== by 0x2DEE048F: SwNodes::RemoveNode(o3tl::strong_int<int,
Tag_SwNodeOffset>, o3tl::strong_int<int, Tag_SwNodeOffset>, bool)
(nodes.cxx:2325)
==324198== by 0x2DEE50C2: SwNodes::DelNodes(SwNodeIndex const&,
o3tl::strong_int<int, Tag_SwNodeOffset>) (nodes.cxx:1384)
==324198== by 0x2DC87B02:
sw::DocumentContentOperationsManager::DeleteSection(SwNode*)
(DocumentContentOperationsManager.cxx:2118)
==324198== by 0x2DD2BB66:
sw::DocumentLayoutManager::DelLayoutFormat(SwFrameFormat*)
(DocumentLayoutManager.cxx:285)
==324198== by 0x2DB0900E: DelFlyInRange(SwNodeIndex const&, SwNodeIndex
const&, SwIndex const*, SwIndex const*) (docedt.cxx:254)
maybe this is a problem since the various changes associated with:
commit 2c9298e4f667a5dd7606d79890fcedfff0f66e26
Date: Fri Apr 5 23:14:47 2019 +0200
SwXTextField::Impl FieldTypeClient: SwClient no more
commit e18359445fabad9ba1a704600e9ee327112cc6ae
Date: Sun Apr 14 13:33:35 2019 +0200
[API CHANGE] SwXTextField: no more SwModify/SwClient
Change-Id: I52aa0a70604ea5ce96d2b55a9a2ad363a889f58e
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136515
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/source/core/unocore/unofield.cxx
b/sw/source/core/unocore/unofield.cxx
index 0e20949b3ced..84ae8fe2d8f5 100644
--- a/sw/source/core/unocore/unofield.cxx
+++ b/sw/source/core/unocore/unofield.cxx
@@ -1967,6 +1967,7 @@ void SAL_CALL SwXTextField::attach(
if (!pTextAttr)
throw uno::RuntimeException("no SwTextAttr inserted?"); // could
theoretically happen, if paragraph is full
+ m_pImpl->ClearFieldType();
const SwFormatField& rField = pTextAttr->GetFormatField();
m_pImpl->SetFormatField(const_cast<SwFormatField*>(&rField), pDoc);
@@ -1990,7 +1991,6 @@ void SAL_CALL SwXTextField::attach(
m_pImpl->GetFormatField()->SetXTextField(this);
m_pImpl->m_wThis = this;
m_pImpl->m_bIsDescriptor = false;
- m_pImpl->ClearFieldType();
m_pImpl->m_pProps.reset();
if (m_pImpl->m_bCallUpdate)
update();
commit 487e1d73393ae9e6fe7961c8a95dd77a3598b510
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Dec 18 21:12:24 2022 +0000
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Sun Dec 18 23:07:52 2022 +0000
crashtesting: related to failure on load of forum-en-7529.odt
save SwDoc* before calling DeleteAndJoin, so SetFormatField doesn't
use m_pImpl->m_pDoc potentially cleared by it
Change-Id: Ia130f224fcccd35e1dfafbbaf5c461c9bd032f9d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144407
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/sw/source/core/unocore/unofield.cxx
b/sw/source/core/unocore/unofield.cxx
index 36bf1cae1c8d..0e20949b3ced 100644
--- a/sw/source/core/unocore/unofield.cxx
+++ b/sw/source/core/unocore/unofield.cxx
@@ -1999,7 +1999,8 @@ void SAL_CALL SwXTextField::attach(
&& m_pImpl->m_pDoc != nullptr
&& m_pImpl->m_nServiceId == SwServiceType::FieldTypeAnnotation )
{
- SwUnoInternalPaM aIntPam( *m_pImpl->m_pDoc );
+ SwDoc* pDoc = m_pImpl->m_pDoc;
+ SwUnoInternalPaM aIntPam( *pDoc );
if ( !::sw::XTextRangeToSwPaM( aIntPam, xTextRange ) )
throw lang::IllegalArgumentException();
@@ -2007,13 +2008,13 @@ void SAL_CALL SwXTextField::attach(
// value.
if (!aIntPam.HasMark() || *aIntPam.Start() != *aIntPam.End())
{
- UnoActionContext aCont( m_pImpl->m_pDoc );
+ UnoActionContext aCont( pDoc );
// insert copy of annotation at new text range
std::unique_ptr<SwPostItField> pPostItField(static_cast<
SwPostItField* >(m_pImpl->GetFormatField()->GetField()->CopyField().release()));
SwFormatField aFormatField( *pPostItField );
pPostItField.reset();
SwPaM aEnd( *aIntPam.End(), *aIntPam.End() );
- m_pImpl->m_pDoc->getIDocumentContentOperations().InsertPoolItem(
aEnd, aFormatField );
+ pDoc->getIDocumentContentOperations().InsertPoolItem( aEnd,
aFormatField );
// delete former annotation
{
const SwTextField* pTextField =
m_pImpl->GetFormatField()->GetTextField();
@@ -2021,14 +2022,14 @@ void SAL_CALL SwXTextField::attach(
SwPaM aPam( rTextNode, pTextField->GetStart() );
aPam.SetMark();
aPam.Move();
-
m_pImpl->m_pDoc->getIDocumentContentOperations().DeleteAndJoin(aPam);
+ pDoc->getIDocumentContentOperations().DeleteAndJoin(aPam);
}
// keep inserted annotation
{
SwTextField *const pTextAttr =
aEnd.GetPointNode().GetTextNode()->GetFieldTextAttrAt(aEnd.End()->GetContentIndex()-1,
::sw::GetTextAttrMode::Default);
if ( pTextAttr != nullptr )
{
-
m_pImpl->SetFormatField(const_cast<SwFormatField*>(&pTextAttr->GetFormatField()),
m_pImpl->m_pDoc);
+
m_pImpl->SetFormatField(const_cast<SwFormatField*>(&pTextAttr->GetFormatField()),
pDoc);
if ( *aIntPam.GetPoint() != *aIntPam.GetMark() )
{
