vcl/coretext/ctlayout.cxx | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
New commits:
commit a321be22907c47e2e378c494f0de9f3f68af5167
Author: Tor Lillqvist <t...@iki.fi>
Date: Tue Aug 6 11:55:14 2013 +0300
fdo#67660: Fix memory mismanagement crash
The CTLayout constructor called CFRetain() on the associated
CTTextStyle's attribute directory (a CFMutableDictionaryRef) and the
destructor then called CFRelease() on it, even if there was no
guarantee it was still the same CTTextStyle. And in the scenario that
caused this crash, AquaSalGraphics::SetFont() had in fact deleted the
original CTTextStyle and created a new one.
It seems to me that these CFRetain() and CFRelease() calls are not
necessary.
Change-Id: I18e03965dd05d450955353f8c48f111c19a069e3
diff --git a/vcl/coretext/ctlayout.cxx b/vcl/coretext/ctlayout.cxx
index 935dc94..41e3460 100644
--- a/vcl/coretext/ctlayout.cxx
+++ b/vcl/coretext/ctlayout.cxx
@@ -81,7 +81,6 @@ CTLayout::CTLayout( const CTTextStyle* pTextStyle )
, mfCachedWidth( -1 )
, mfBaseAdv( 0 )
{
- CFRetain( mpTextStyle->GetStyleDict() );
}
// -----------------------------------------------------------------------
@@ -92,7 +91,6 @@ CTLayout::~CTLayout()
CFRelease( mpCTLine );
if( mpAttrString )
CFRelease( mpAttrString );
- CFRelease( mpTextStyle->GetStyleDict() );
}
// -----------------------------------------------------------------------
@@ -115,6 +113,7 @@ bool CTLayout::LayoutText( ImplLayoutArgs& rArgs )
// create the CoreText line layout
CFStringRef aCFText = CFStringCreateWithCharactersNoCopy( NULL,
rArgs.mpStr + mnMinCharPos, mnCharCount, kCFAllocatorNull );
+ // CFAttributedStringCreate copies the attribues parameter
mpAttrString = CFAttributedStringCreate( NULL, aCFText,
mpTextStyle->GetStyleDict() );
mpCTLine = CTLineCreateWithAttributedString( mpAttrString );
CFRelease( aCFText);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
