sw/source/core/access/accpara.cxx | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
New commits:
commit 619d022fb0e01a2073b6c2635e2e8dc1c29162bc
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Thu Jun 1 12:32:57 2023 +0100
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Thu Jun 1 18:23:03 2023 +0200
take a copy of SwAccessibleParagraph::GetString()
take a copy of this a11y and not a reference
it is not guaranteed that listeners to the a11y events called by
FireAccessibleEvent will themselves not call anything which could end up
calling ClearPortionData which would leave rText pointing to old
released memory
seen in the wild with:
==15145==ERROR: AddressSanitizer: heap-use-after-free
program/../program/libswlo.so
rtl::OUString::equals(rtl::OUString const&) const
builddir/libreoffice/include/rtl/ustring.hxx:952
program/../program/libswlo.so
rtl::operator==(rtl::OUString const&, rtl::OUString const&)
builddir/libreoffice/include/rtl/ustring.hxx:1713
program/../program/libswlo.so
SwAccessibleContext::InvalidatePosOrSize(SwRect const&)
builddir/libreoffice/sw/source/core/access/acccontext.cxx:1196
and
previously allocated by thread T0 here:
program/../program/libswlo.so
SwAccessibleParagraph::UpdatePortionData()
builddir/libreoffice/sw/source/core/access/accpara.cxx:442
with free of:
program/../program/libswlo.so
std::default_delete<SwAccessiblePortionData>::operator()(SwAccessiblePortionData*)
const
gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:78
program/../program/libswlo.so
SwAccessibleParagraph::ClearPortionData()
builddir/libreoffice/sw/source/core/access/accpara.cxx:451
program/../program/libswlo.so
SwAccessibleParagraph::getCaretPosition()
builddir/libreoffice/sw/source/core/access/accpara.cxx:1016
program/libmergedlo.so
LOKDocumentFocusListener::updateParagraphInfo(com::sun::star::uno::Reference<com::sun::star::accessibility::XAccessibleText>
const&, bool, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >)
builddir/libreoffice/sfx2/source/view/viewsh.cxx:685
Change-Id: I72c9894ca842b8f040b27481f0fd8d56542eb530
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152486
Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
diff --git a/sw/source/core/access/accpara.cxx
b/sw/source/core/access/accpara.cxx
index 05bbacfbbd2a..bf88bda18bc4 100644
--- a/sw/source/core/access/accpara.cxx
+++ b/sw/source/core/access/accpara.cxx
@@ -249,16 +249,16 @@ void SwAccessibleParagraph::InvalidateContent_( bool
bVisibleDataFired )
ClearPortionData();
- const OUString& rText = GetString();
+ const OUString sText = GetString();
- if( rText != sOldText )
+ if( sText != sOldText )
{
// The text is changed
AccessibleEventObject aEvent;
aEvent.EventId = AccessibleEventId::TEXT_CHANGED;
- // determine exact changes between sOldText and rText
-
(void)comphelper::OCommonAccessibleText::implInitTextChangedEvent(sOldText,
rText,
+ // determine exact changes between sOldText and sText
+
(void)comphelper::OCommonAccessibleText::implInitTextChangedEvent(sOldText,
sText,
aEvent.OldValue,
aEvent.NewValue);
@@ -301,7 +301,7 @@ void SwAccessibleParagraph::InvalidateContent_( bool
bVisibleDataFired )
FireAccessibleEvent( aEvent );
}
- if( rText == sOldText )
+ if( sText == sOldText )
return;
OUString sNewDesc( GetDescription() );
