diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2019-08-27 16:41:39 +0200 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2019-08-27 21:18:44 +0200 |
| commit | 83c004d9b85b920f9de21c429ef4495db45f12e0 (patch) | |
| tree | fd5d91a5f1f1372fdd18efbdbf56ed9cb82b14c5 | |
| parent | 084a263049ecc916bbf7300e45e613a687eb67f2 (diff) | |
Fix ASan heap-use-after-free
...when opening a document via "File - Open..." with "Tools - Options... -
LibreOffice - General - Open/Save Dialogs - Use LibreOffice dialogs" enabled:
> ==7004==ERROR: AddressSanitizer: heap-use-after-free on address 0x61700023a370 at pc 0x7f88c788db4a bp 0x7ffd8c7d0020 sp 0x7ffd8c7d0018
> READ of size 8 at 0x61700023a370 thread T0
> #0 in rtl::Reference<PlacesListBox>::get() const at include/rtl/ref.hxx:171:16
> #1 in VclPtr<PlacesListBox>::operator bool() const at include/vcl/vclptr.hxx:187:28
> #2 in CustomContainer::GetFocus() at fpicker/source/office/iodlg.cxx:433:39
> #3 in vcl::Window::CompatGetFocus() at vcl/source/window/window.cxx:3731:5
> #4 in vcl::Window::ImplGrabFocus(GetFocusFlags) at vcl/source/window/mouse.cxx:380:17
> #5 in vcl::Window::GrabFocus() at vcl/source/window/window.cxx:2991:5
> #6 in vcl::Window::dispose() at vcl/source/window/window.cxx:448:26
> #7 in Control::dispose() at vcl/source/control/ctrl.cxx:62:13
> #8 in SvtFileView::dispose() at svtools/source/contnr/fileview.cxx:879:14
[...]
> 0x61700023a370 is located 496 bytes inside of 648-byte region [0x61700023a180,0x61700023a408)
> freed by thread T0 here:
> #0 in operator delete(void*, unsigned long) at llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:172:3
> #1 in std::default_delete<SvtExpFileDlg_Impl>::operator()(SvtExpFileDlg_Impl*) const at gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/10.0.0/../../../../include/c++/10.0.0/bits/unique_ptr.h:81:2
> #2 in std::__uniq_ptr_impl<SvtExpFileDlg_Impl, std::default_delete<SvtExpFileDlg_Impl> >::reset(SvtExpFileDlg_Impl*) at gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/10.0.0/../../../../include/c++/10.0.0/bits/unique_ptr.h:178:4
> #3 in std::unique_ptr<SvtExpFileDlg_Impl, std::default_delete<SvtExpFileDlg_Impl> >::reset(SvtExpFileDlg_Impl*) at gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/10.0.0/../../../../include/c++/10.0.0/bits/unique_ptr.h:444:7
> #4 in SvtFileDialog::dispose() at fpicker/source/office/iodlg.cxx:523:11
[...]
Change-Id: I022eac69123d87f75bda5067a672496030e1a8ec
Reviewed-on: https://gerrit.libreoffice.org/78199
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
| -rw-r--r-- | fpicker/source/office/iodlg.cxx | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fpicker/source/office/iodlg.cxx b/fpicker/source/office/iodlg.cxx index f307abadbcdb..b8f587ca2a6a 100644 --- a/fpicker/source/office/iodlg.cxx +++ b/fpicker/source/office/iodlg.cxx @@ -520,8 +520,8 @@ void SvtFileDialog::dispose() batch->commit(); } - pImpl.reset(); _pFileView.disposeAndClear(); + pImpl.reset(); _pSplitter.disposeAndClear(); _pContainer.disposeAndClear(); _pPrevBmp.disposeAndClear(); |