[Libreoffice-commits] core.git: Branch 'distro/collabora/co-23.05' - filter/source

Tue, 13 Jun 2023 01:43:36 -0700 

 filter/source/svg/svgexport.cxx |   13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

New commits:
commit 9c57958bc74250aa553276f5ce926698f70e177c
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Jun 12 20:51:41 2023 +0100
Commit:     Miklos Vajna <vmik...@collabora.com>
CommitDate: Tue Jun 13 10:43:11 2023 +0200

    turn off undo while creating SdrGrafObj in svg export filter
    
    otherwise in the SdrGrafObj ctor onGraphicChanged is called
    which can put us into the undo stack. presumably as we haven't finished
    constructing yet the ref count isn't right
    
    ==20597==ERROR: AddressSanitizer: heap-use-after-free
    instdir/program/libmergedlo.so
            SdrObject::SetTitle(rtl::OUString const&)
                    libreoffice/svx/source/svdraw/svdobj.cxx:811
    instdir/program/libmergedlo.so
            SdrGrafObj::onGraphicChanged()
                    libreoffice/svx/source/svdraw/svdograf.cxx:172
    instdir/program/libmergedlo.so
            SdrGrafObj
                    libreoffice/svx/source/svdraw/svdograf.cxx:272
    instdir/program/../program/libsvgfilterlo.so
            
SVGFilter::implExportWriterTextGraphic(com::sun::star::uno::Reference<com::sun::star::view::XSelectionSupplier>
 const&)
                    libreoffice/filter/source/svg/svgexport.cxx:863
    instdir/program/../program/libsvgfilterlo.so
            
SVGFilter::filterWriterOrCalc(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
 const&)
                    libreoffice/filter/source/svg/svgfilter.cxx:590
    instdir/program/../program/libsvgfilterlo.so
            
SVGFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
 const&)
                    libreoffice/filter/source/svg/svgfilter.cxx:135
    instdir/program/libmergedlo.so
            SfxObjectShell::ExportTo(SfxMedium&)
                    libreoffice/sfx2/source/doc/objstor.cxx:2494
    
    freed by thread T0 here:
    instdir/program/libmergedlo.so
            ~SdrUndoObj
                    libreoffice/svx/source/svdraw/svdundo.cxx:203
    
    previously allocated by thread T0 here:
    instdir/program/libuno_sal.so.3
            rtl_allocateMemory
                    libreoffice/sal/rtl/alloc_global.cxx:38
    instdir/program/../program/libsvgfilterlo.so
            cppu::OWeakObject::operator new(unsigned long)
                    libreoffice/include/cppuhelper/weak.hxx:89
    instdir/program/../program/libsvgfilterlo.so
            
SVGFilter::filterWriterOrCalc(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
 const&)
                    libreoffice/filter/source/svg/svgfilter.cxx:590
    instdir/program/../program/libsvgfilterlo.so
            
SVGFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
 const&)
                    libreoffice/filter/source/svg/svgfilter.cxx:135
    instdir/program/libmergedlo.so
            SfxObjectShell::ExportTo(SfxMedium&)
                    libreoffice/sfx2/source/doc/objstor.cxx:2494
    
    Change-Id: Ife225b4250fda53514110b176f35e5278d23f287
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152918
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Miklos Vajna <vmik...@collabora.com>

diff --git a/filter/source/svg/svgexport.cxx b/filter/source/svg/svgexport.cxx
index 8810c0e51a6a..6c6d7cbc9126 100644
--- a/filter/source/svg/svgexport.cxx
+++ b/filter/source/svg/svgexport.cxx
@@ -44,6 +44,7 @@
 #include <editeng/flditem.hxx>
 #include <comphelper/processfactory.hxx>
 #include <comphelper/propertyvalue.hxx>
+#include <comphelper/scopeguard.hxx>
 #include <comphelper/sequenceashashmap.hxx>
 #include <i18nlangtag/lang.h>
 #include <svl/numformat.hxx>
@@ -860,7 +861,17 @@ bool SVGFilter::implExportWriterTextGraphic( const 
Reference< view::XSelectionSu
     if(pSvxDrawPage == nullptr || pSvxDrawPage->GetSdrPage() == nullptr)
         return false;
 
-    rtl::Reference<SdrGrafObj> pGraphicObj = new 
SdrGrafObj(pSvxDrawPage->GetSdrPage()->getSdrModelFromSdrPage(), aGraphic, 
tools::Rectangle( aPos, aSize ));
+    SdrModel& rModel = pSvxDrawPage->GetSdrPage()->getSdrModelFromSdrPage();
+    const bool bUndoEnable = rModel.IsUndoEnabled();
+    if (bUndoEnable)
+        rModel.EnableUndo(false);
+    comphelper::ScopeGuard guard([bUndoEnable, &rModel]() {
+        // restore when leaving
+        if (bUndoEnable)
+            rModel.EnableUndo(false);
+    });
+
+    rtl::Reference<SdrGrafObj> pGraphicObj = new SdrGrafObj(rModel, aGraphic, 
tools::Rectangle( aPos, aSize ));
     uno::Reference< drawing::XShape > xShape = 
GetXShapeForSdrObject(pGraphicObj.get());
     uno::Reference< XPropertySet > xShapePropSet(xShape, uno::UNO_QUERY);
     xShapePropSet->setPropertyValue("Graphic", uno::Any(xGraphic));

Reply via email to