core.git: sw/qa sw/source

[Caolán McNamara (via logerrit)]

 sw/qa/core/data/html/pass/ofz391962477-1.html |binary
 sw/source/core/txtnode/ndtxt.cxx              |   15 ++++++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

New commits:
commit 115fc4a2d4ce19e3cd85f71fe5a50f9859a944f0
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Fri Apr 18 21:35:33 2025 +0100
Commit:     Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Sat Apr 19 00:50:43 2025 +0200

    ofz#391962477 TextNode added to SwNodes::m_aOutlineNodes during its dtor
    
    Unusually in #5, the dtor of SwTextNode, after it has verified that it
    is not in an OutLine List, then during ResetAttr the node ends up back
    in the Outline List
    
     #0  SwNodes::UpdateOutlineNode (this=0x5d5230, rNd=...) at 
source/core/docnode/ndnum.cxx:133
     #1  0x00007fffdd45267b in SwTextNode::TriggerNodeUpdate (this=0x771e80, 
rHint=...) at source/core/txtnode/ndtxt.cxx:5700
     #2  0x00007fffdd452ce4 in SwTextNode::SwClientNotify (this=0x771e80, 
rModify=..., rHint=...) at source/core/txtnode/ndtxt.cxx:5778
     #3  0x00007fffdc659a79 in sw::ClientNotifyAttrChg (rModify=..., aSet=..., 
aOld=..., aNew=...) at source/core/attr/calbck.cxx:305
     #4  0x00007fffdccfa5da in SwContentNode::ResetAttr (this=0x771e80, 
nWhich1=99, nWhich2=99) at source/core/docnode/node.cxx:1706
     #5  0x00007fffdd437583 in SwTextNode::ResetAttr (this=0x771e80, 
nWhich1=99, nWhich2=0) at source/core/txtnode/ndtxt.cxx:5477
     #6  0x00007fffdd4371e5 in SwTextNode::~SwTextNode (this=0x771e80) at 
source/core/txtnode/ndtxt.cxx:284
     #7  0x00007fffdd4376b9 in SwTextNode::~SwTextNode (this=0x771e80) at 
source/core/txtnode/ndtxt.cxx:253
     #8  0x00007fffdcd06b82 in SwNodes::RemoveNode (this=0x5d5230, nDelPos=..., 
nSz=..., bDel=true) at source/core/docnode/nodes.cxx:2426
     #9  0x00007fffdcd0b785 in SwNodes::DelNodes (this=0x5d5230, 
rStart=SwNodeIndex (node 85), nCnt=...)
         at source/core/docnode/nodes.cxx:1450
     #10 0x00007fffdca9e5f9 in 
sw::DocumentContentOperationsManager::DeleteSection (this=0x5eaf20, 
pNode=0x7518d0)
         at source/core/doc/DocumentContentOperationsManager.cxx:2146
     #11 0x00007fffdcb4bfe4 in sw::DocumentLayoutManager::DelLayoutFormat 
(this=0x5eb130, pFormat=0x44abe0)
         at source/core/doc/DocumentLayoutManager.cxx:288
     #12 0x00007fffdc8f6afb in DelFlyInRange (rMkNd=..., rPtNd=..., 
oMkContentIdx=std::optional [no contained value], oPtContentIdx=std::optional 
[no contained value])
         at source/core/doc/docedt.cxx:257
     #13 0x00007fffdc8f68d5 in DelFlyInRange (rMkNd=..., rPtNd=..., 
oMkContentIdx=std::optional [no contained value], oPtContentIdx=std::optional 
[no contained value])
         at source/core/doc/docedt.cxx:247
     #14 0x00007fffdca9e3db in 
sw::DocumentContentOperationsManager::DeleteSection (this=0x5eaf20, 
pNode=0x6e1b10)
         at source/core/doc/DocumentContentOperationsManager.cxx:2135
     #15 0x00007fffdda48c38 in SwHTMLParser::DeleteSection (this=0x6b7460, 
pSttNd=0x6e1b10) at source/filter/html/htmltab.cxx:4902
    
    note: Doesn't really matter if this test case loads or not.
    
    Change-Id: Idaf695698910aba2540594d36541a00a1cf61004
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/184361
    Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
    Tested-by: Jenkins

diff --git a/sw/qa/core/data/html/pass/ofz391962477-1.html 
b/sw/qa/core/data/html/pass/ofz391962477-1.html
new file mode 100644
index 000000000000..2cc009d4ef34
Binary files /dev/null and b/sw/qa/core/data/html/pass/ofz391962477-1.html 
differ
diff --git a/sw/source/core/txtnode/ndtxt.cxx b/sw/source/core/txtnode/ndtxt.cxx
index ede826768059..d3543849a894 100644
--- a/sw/source/core/txtnode/ndtxt.cxx
+++ b/sw/source/core/txtnode/ndtxt.cxx
@@ -273,12 +273,21 @@ SwTextNode::~SwTextNode()
 
     DelFrames(nullptr); // must be called here while it's still a SwTextNode
     DelFrames_TextNodePart();
+
+    // If this Node should have Outline Numbering but that state hasn't been
+    // crystalized by SwNodes::UpdateOutlineNode yet, and so it currently isn't
+    // added to SwNodes::m_aOutlineNodes, then set LastOutlineState so it won't
+    // be added if ResetAttr() triggers UpdateOutlineNode() during destruction,
+    // and avoid leaving a dangling pointer in m_aOutlineNodes.
+    if (IsOutline() && !m_bLastOutlineState)
+        m_bLastOutlineState = true;
+
 #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
     if (!GetDoc().IsInDtor())
-        ResetAttr(RES_PAGEDESC);
-#else
-    ResetAttr(RES_PAGEDESC);
 #endif
+    {
+        ResetAttr(RES_PAGEDESC);
+    }
     InvalidateInSwCache();
 }