[Libreoffice-commits] core.git: filter/source

Tue, 13 Jun 2023 01:57:27 -0700 

 filter/source/svg/svgexport.cxx |   13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

New commits:
commit bd4d9056cbc40af6b097727d3649ff1e5da09a53
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Mon Jun 12 20:51:41 2023 +0100
Commit:     Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Tue Jun 13 10:57:02 2023 +0200

    turn off undo while creating SdrGrafObj in svg export filter
    
    otherwise in the SdrGrafObj ctor onGraphicChanged is called
    which can put us into the undo stack. presumably as we haven't finished
    constructing yet the ref count isn't right
    
    ==20597==ERROR: AddressSanitizer: heap-use-after-free
    instdir/program/libmergedlo.so
            SdrObject::SetTitle(rtl::OUString const&)
                    libreoffice/svx/source/svdraw/svdobj.cxx:811
    instdir/program/libmergedlo.so
            SdrGrafObj::onGraphicChanged()
                    libreoffice/svx/source/svdraw/svdograf.cxx:172
    instdir/program/libmergedlo.so
            SdrGrafObj
                    libreoffice/svx/source/svdraw/svdograf.cxx:272
    instdir/program/../program/libsvgfilterlo.so
            
SVGFilter::implExportWriterTextGraphic(com::sun::star::uno::Reference<com::sun::star::view::XSelectionSupplier>
 const&)
                    libreoffice/filter/source/svg/svgexport.cxx:863
    instdir/program/../program/libsvgfilterlo.so
            
SVGFilter::filterWriterOrCalc(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
 const&)
                    libreoffice/filter/source/svg/svgfilter.cxx:590
    instdir/program/../program/libsvgfilterlo.so
            
SVGFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
 const&)
                    libreoffice/filter/source/svg/svgfilter.cxx:135
    instdir/program/libmergedlo.so
            SfxObjectShell::ExportTo(SfxMedium&)
                    libreoffice/sfx2/source/doc/objstor.cxx:2494
    
    freed by thread T0 here:
    instdir/program/libmergedlo.so
            ~SdrUndoObj
                    libreoffice/svx/source/svdraw/svdundo.cxx:203
    
    previously allocated by thread T0 here:
    instdir/program/libuno_sal.so.3
            rtl_allocateMemory
                    libreoffice/sal/rtl/alloc_global.cxx:38
    instdir/program/../program/libsvgfilterlo.so
            cppu::OWeakObject::operator new(unsigned long)
                    libreoffice/include/cppuhelper/weak.hxx:89
    instdir/program/../program/libsvgfilterlo.so
            
SVGFilter::filterWriterOrCalc(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
 const&)
                    libreoffice/filter/source/svg/svgfilter.cxx:590
    instdir/program/../program/libsvgfilterlo.so
            
SVGFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
 const&)
                    libreoffice/filter/source/svg/svgfilter.cxx:135
    instdir/program/libmergedlo.so
            SfxObjectShell::ExportTo(SfxMedium&)
                    libreoffice/sfx2/source/doc/objstor.cxx:2494
    
    Change-Id: Ife225b4250fda53514110b176f35e5278d23f287
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152935
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>

diff --git a/filter/source/svg/svgexport.cxx b/filter/source/svg/svgexport.cxx
index a8afae2c6461..5e63db81b70c 100644
--- a/filter/source/svg/svgexport.cxx
+++ b/filter/source/svg/svgexport.cxx
@@ -44,6 +44,7 @@
 #include <editeng/flditem.hxx>
 #include <comphelper/processfactory.hxx>
 #include <comphelper/propertyvalue.hxx>
+#include <comphelper/scopeguard.hxx>
 #include <comphelper/sequenceashashmap.hxx>
 #include <i18nlangtag/lang.h>
 #include <svl/numformat.hxx>
@@ -860,7 +861,17 @@ bool SVGFilter::implExportWriterTextGraphic( const 
Reference< view::XSelectionSu
     if(pSvxDrawPage == nullptr || pSvxDrawPage->GetSdrPage() == nullptr)
         return false;
 
-    rtl::Reference<SdrGrafObj> pGraphicObj = new 
SdrGrafObj(pSvxDrawPage->GetSdrPage()->getSdrModelFromSdrPage(), aGraphic, 
tools::Rectangle( aPos, aSize ));
+    SdrModel& rModel = pSvxDrawPage->GetSdrPage()->getSdrModelFromSdrPage();
+    const bool bUndoEnable = rModel.IsUndoEnabled();
+    if (bUndoEnable)
+        rModel.EnableUndo(false);
+    comphelper::ScopeGuard guard([bUndoEnable, &rModel]() {
+        // restore when leaving
+        if (bUndoEnable)
+            rModel.EnableUndo(false);
+    });
+
+    rtl::Reference<SdrGrafObj> pGraphicObj = new SdrGrafObj(rModel, aGraphic, 
tools::Rectangle( aPos, aSize ));
     uno::Reference< drawing::XShape > xShape = 
GetXShapeForSdrObject(pGraphicObj.get());
     uno::Reference< XPropertySet > xShapePropSet(xShape, uno::UNO_QUERY);
     xShapePropSet->setPropertyValue("Graphic", uno::Any(xGraphic));

Reply via email to