source

Caolán McNamara (via logerrit) Sun, 25 Aug 2024 06:03:54 -0700

 sw/inc/unoframe.hxx                 |    2 +-
 sw/source/core/unocore/unoframe.cxx |   18 +++++++++++-------
 2 files changed, 12 insertions(+), 8 deletions(-)


New commits:
commit 459bf1c5890d6ae7ac99646f2721dd8c7fa9b283
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Sun Aug 25 11:00:53 2024 +0100
Commit:     Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Sun Aug 25 15:03:28 2024 +0200

    crashtesting: null deref in swxtextframe_createtextcursorbyrange.sample
    
    Change-Id: Ie34db8edfb6bf45022ccb8a180eec091885eaea2
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/172368
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>

diff --git a/sw/inc/unoframe.hxx b/sw/inc/unoframe.hxx
index cac695f2125a..074c24d0e70b 100644
--- a/sw/inc/unoframe.hxx
+++ b/sw/inc/unoframe.hxx
@@ -236,7 +236,7 @@ public:
     virtual SW_DLLPUBLIC css::uno::Any SAL_CALL getPropertyValue( const 
OUString& PropertyName ) override;
     using SwXFrame::setPropertyValue;
 private:
-    rtl::Reference< SwXTextCursor > 
createXTextCursorByRangeImpl(SwUnoInternalPaM& rPam);
+    rtl::Reference< SwXTextCursor > 
createXTextCursorByRangeImpl(SwFrameFormat& rFormat, SwUnoInternalPaM& rPam);
 };
 
 typedef cppu::ImplInheritanceHelper
diff --git a/sw/source/core/unocore/unoframe.cxx 
b/sw/source/core/unocore/unoframe.cxx
index b77828a998c2..f1ccffaf0f02 100644
--- a/sw/source/core/unocore/unoframe.cxx
+++ b/sw/source/core/unocore/unoframe.cxx
@@ -3310,32 +3310,36 @@ rtl::Reference<SwXTextCursor>  
SwXTextFrame::createXTextCursor()
 
 rtl::Reference< SwXTextCursor > SwXTextFrame::createXTextCursorByRange(const 
uno::Reference< text::XTextRange > & aTextPosition)
 {
+    SwFrameFormat* pFormat = GetFrameFormat();
+    if (!pFormat)
+        throw uno::RuntimeException();
     SwUnoInternalPaM aPam(*GetDoc());
     if (!::sw::XTextRangeToSwPaM(aPam, aTextPosition))
         throw uno::RuntimeException();
-    return createXTextCursorByRangeImpl(aPam);
+    return createXTextCursorByRangeImpl(*pFormat, aPam);
 }
 
 rtl::Reference< SwXTextCursor > SwXTextFrame::createXTextCursorByRange(
     const rtl::Reference< SwXTextCursor > & aTextPosition)
 {
+    SwFrameFormat* pFormat = GetFrameFormat();
+    if (!pFormat)
+        throw uno::RuntimeException();
     SwUnoInternalPaM aPam(*GetDoc());
     if (!::sw::XTextRangeToSwPaM(aPam, aTextPosition))
         throw uno::RuntimeException();
-    return createXTextCursorByRangeImpl(aPam);
+    return createXTextCursorByRangeImpl(*pFormat, aPam);
 }
 
 rtl::Reference< SwXTextCursor > SwXTextFrame::createXTextCursorByRangeImpl(
+        SwFrameFormat& rFormat,
         SwUnoInternalPaM& rPam)
 {
-    SwFrameFormat* pFormat = GetFrameFormat();
-    if (!pFormat)
-        throw uno::RuntimeException();
     rtl::Reference< SwXTextCursor > xRef;
-    SwNode& rNode = pFormat->GetContent().GetContentIdx()->GetNode();
+    SwNode& rNode = rFormat.GetContent().GetContentIdx()->GetNode();
     if(rPam.GetPointNode().FindFlyStartNode() == rNode.FindFlyStartNode())
     {
-        xRef = new SwXTextCursor(*pFormat->GetDoc(), this, CursorType::Frame,
+        xRef = new SwXTextCursor(*rFormat.GetDoc(), this, CursorType::Frame,
                     *rPam.GetPoint(), rPam.GetMark());
     }
     return xRef;

core.git: sw/inc sw/source

Reply via email to