vcl/source/window/paint.cxx | 6 ++++++ 1 file changed, 6 insertions(+)
New commits: commit 11d0c7c510bc749e8d79fe9b13634e1518781edb Author: Miklos Vajna <[email protected]> AuthorDate: Tue Nov 18 08:47:15 2025 +0100 Commit: Xisco Fauli <[email protected]> CommitDate: Wed Nov 19 17:07:38 2025 +0100 vcl: fix crash in Window::ImplInvalidate() Crashreport: #0 0x00007377176d3ff5 in vcl::Window::ImplInvalidate (this=0x33912050, pRegion=0x0, nFlags=InvalidateFlags::NONE) at vcl/source/window/paint.cxx:787 #1 0x00007377176d0cb5 in vcl::Window::Invalidate (this=0x33912050, nFlags=InvalidateFlags::NONE) at vcl/source/window/paint.cxx:1148 #2 0x00007377177e0d26 in Edit::ImplInvalidateOrRepaint (this=<optimized out>) at vcl/source/control/edit.cxx:450 #3 0x00007377177e47c0 in Edit::ImplAlignAndPaint (this=0x33912050) at vcl/source/control/edit.cxx:1166 #4 Edit::ImplInsertText (this=0x33912050, rStr=..., pNewSel=0x7ffe6111c510, bIsUserInput=<optimized out>) at vcl/source/control/edit.cxx:881 gdb on the coredump says mpWindowImpl in vcl::Window::ImplInvalidate() was nullptr. Change-Id: I06f99b5ede457c4487e97e8259890b29e54804d9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/194151 Reviewed-by: Miklos Vajna <[email protected]> Tested-by: Jenkins (cherry picked from commit bddf5365102382fc9dcd47ca28edc229c25334db) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/194212 Reviewed-by: Xisco Fauli <[email protected]> diff --git a/vcl/source/window/paint.cxx b/vcl/source/window/paint.cxx index d6bb97379f44..7b89eb110532 100644 --- a/vcl/source/window/paint.cxx +++ b/vcl/source/window/paint.cxx @@ -1145,6 +1145,12 @@ void Window::Invalidate( InvalidateFlags nFlags ) if ( !comphelper::LibreOfficeKit::isActive() && (!GetOutDev()->IsDeviceOutputNecessary() || !GetOutDev()->mnOutWidth || !GetOutDev()->mnOutHeight) ) return; + if (!mpWindowImpl) + { + // ImplInvalidate() would dereference mpWindowImpl unconditionally. + return; + } + ImplInvalidate( nullptr, nFlags ); LogicInvalidate(nullptr); }
