sw: fix ASAN use-after-free in testTdf39721

The problem is that the cursor is positioned somehow on an SwEndNode. Then lcl_CursorOk(pNew) is false and it gets deleted immediately. Change-Id: I1789280a5116da4e5b7739e311b18c5c54074b1f Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109541 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com> (cherry picked from commit 43fbe2fbd6a65fa63fa819c6778c3378c2ff6e1f)
author: Michael Stahl <michael.stahl@allotropia.de> 2021-01-18 12:35:12 +0100
committer: Michael Stahl <michael.stahl@allotropia.de> 2024-03-06 20:39:47 +0100
commit: 67679b3c8a1c550dbcc1f9d80b6b3e77a256ff10 (patch)
tree: fea9ae1c6aa64e35bde0d7a3485cb63edc203a49
parent: beba56614ddc53d193647c7403be05ff88c50e8c (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/sw/source/core/crsr/crsrsh.cxx b/sw/source/core/crsr/crsrsh.cxx
index 3814b3175738..85e9eb837017 100644
--- a/sw/source/core/crsr/crsrsh.cxx
+++ b/sw/source/core/crsr/crsrsh.cxx
@@ -120,6 +120,10 @@ SwPaM * SwCursorShell::CreateCursor()
     // don't create new Cursor with active table Selection
     assert(!IsTableMode());
 
+    // ensure that m_pCurrentCursor is valid; if it's invalid it would be
+    // copied to pNew and then pNew would be deleted in UpdateCursor() below
+    ClearUpCursors();
+
     // New cursor as copy of current one. Add to the ring.
     // Links point to previously created one, ie forward.
     SwShellCursor* pNew = new SwShellCursor( *m_pCurrentCursor );
author	Michael Stahl <michael.stahl@allotropia.de>	2021-01-18 12:35:12 +0100
committer	Michael Stahl <michael.stahl@allotropia.de>	2024-03-06 20:39:47 +0100
commit	67679b3c8a1c550dbcc1f9d80b6b3e77a256ff10 (patch)
tree	fea9ae1c6aa64e35bde0d7a3485cb63edc203a49
parent	beba56614ddc53d193647c7403be05ff88c50e8c (diff)