sc/source/ui/view/gridwin4.cxx | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
New commits:
commit f285200efc1318df8d599c8ab3a2534cdaf19ae8
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Wed May 7 14:47:42 2025 +0100
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Wed May 7 22:41:40 2025 +0200
apparent use-after-free of ScLOKProxyObjectContact::mpScDrawView
#0 std::vector<std::unique_ptr<SdrPageWindow,
std::default_delete<SdrPageWindow> >,
std::allocator<std::unique_ptr<SdrPageWindow,
std::default_delete<SdrPageWindow> > > >::size (this=<optimized out>) at
/opt/rh/devtoolset-12/root/usr/include/c++/12/bits/stl_vector.h:987
#1 SdrPageView::PageWindowCount (this=<optimized out>) at
include/svx/svdpagv.hxx:89
#2 (anonymous
namespace)::ScLOKProxyObjectContact::calculateGridOffsetForViewObjectContact
(this=<optimized out>, rTarget=..., rClient=...)
at sc/source/ui/view/gridwin4.cxx:1467
#3 0x00007fe8eae62e05 in sdr::contact::ViewObjectContact::getGridOffset
(this=this@entry=0x364bdc60)
at include/svx/sdr/contact/viewobjectcontact.hxx:95
#4 0x00007fe8eae642fe in
sdr::contact::ViewObjectContact::getPrimitive2DSequence
(this=this@entry=0x364bdc60, rDisplayInfo=...)
at svx/source/sdr/contact/viewobjectcontact.cxx:487
#5 0x00007fe8eae645b1 in sdr::contact::ViewObjectContact::getObjectRange
(this=this@entry=0x364bdc60)
at svx/source/sdr/contact/viewobjectcontact.cxx:209
#6 0x00007fe8eae64832 in
sdr::contact::ViewObjectContact::triggerLazyInvalidate (this=0x364bdc60)
at svx/source/sdr/contact/viewobjectcontact.cxx:273
#7 0x00007fe8eae65415 in sdr::contact::ObjectContactOfPageView::Invoke
(this=0x7fe8a8103ff0)
at svx/source/sdr/contact/objectcontactofpageview.cxx:105
#8 0x00007fe8ebb2b30b in Scheduler::CallbackTaskScheduling () at
vcl/source/app/scheduler.cxx:579
#9 0x00007fe8ebceb21b in SvpSalInstance::StartTimer (nMS=<optimized out>,
this=0x2e01000000000000)
Change-Id: Icb71083eb77e528d9025aa7a591892dcdfc2ba89
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/185020
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
diff --git a/sc/source/ui/view/gridwin4.cxx b/sc/source/ui/view/gridwin4.cxx
index 3d9d559e649a..9f36a061a849 100644
--- a/sc/source/ui/view/gridwin4.cxx
+++ b/sc/source/ui/view/gridwin4.cxx
@@ -33,6 +33,7 @@
#include <o3tl/unit_conversion.hxx>
#include <osl/diagnose.h>
#include <tools/UnitConversion.hxx>
+#include <tools/weakbase.hxx>
#include <LibreOfficeKit/LibreOfficeKitEnums.h>
#include <comphelper/lok.hxx>
@@ -1397,7 +1398,7 @@ namespace
class ScLOKProxyObjectContact final : public
sdr::contact::ObjectContactOfPageView
{
private:
- ScDrawView* mpScDrawView;
+ tools::WeakReference<ScDrawView> m_xScDrawView;
public:
explicit ScLOKProxyObjectContact(
@@ -1405,7 +1406,7 @@ namespace
SdrPageWindow& rPageWindow,
const char* pDebugName) :
ObjectContactOfPageView(rPageWindow, pDebugName),
- mpScDrawView(pDrawView)
+ m_xScDrawView(pDrawView)
{
}
@@ -1415,10 +1416,11 @@ namespace
basegfx::B2DVector& rTarget,
const sdr::contact::ViewObjectContact& rClient) const override
{
- if (!mpScDrawView)
+ ScDrawView* pScDrawView = m_xScDrawView.get();
+ if (!pScDrawView)
return;
- SdrPageView* pPageView(mpScDrawView->GetSdrPageView());
+ SdrPageView* pPageView(pScDrawView->GetSdrPageView());
if (!pPageView)
return;
