summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephan Bergmann <sbergman@redhat.com>2014-05-21 18:22:27 +0200
committerStephan Bergmann <sbergman@redhat.com>2014-05-21 18:29:57 +0200
commit8f97326bdd3f42fc82aa5e1989fd03b0af1daf64 (patch)
tree7c1000a821d3d895a8c3c0abb8620f2e882d5205
parentc5a603ce2469ef6a23023ff276ccd24ca316f6c2 (diff)
So ZCodec::ReadAsynchron was wrong in using a persistent mpIStm after all
The fun thing is that with the (only) call-site to ReadAsynchron in PNGReaderImpl::ImplReadIDAT (vcl/source/gdi/pngread.cxx) passing in rIStm references to stack-allocated SvMemoryStream instances, mpIStm could point to an old, destroyed instance from a previous call, but which would have been located at exactly the same stack address as the currently passed in rIStm, so the wrong mpIStm->Read call would effectively behaved exactly the same as a correct rIStm.Read call. This went unnoticed "since the beginning" until AddressSanitizer's UseAfterReturn check came along... Change-Id: I7c75ed2d36a4c24c111d88eff647816bd2c5dbca
-rw-r--r--include/tools/zcodec.hxx1
-rw-r--r--tools/source/zcodec/zcodec.cxx6
2 files changed, 2 insertions, 5 deletions
diff --git a/include/tools/zcodec.hxx b/include/tools/zcodec.hxx
index c7424ab592cb..63a5ec2002e2 100644
--- a/include/tools/zcodec.hxx
+++ b/include/tools/zcodec.hxx
@@ -39,7 +39,6 @@ class TOOLS_DLLPUBLIC ZCodec
State meState;
bool mbStatus;
bool mbFinish;
- SvStream* mpIStm;
sal_uInt8* mpInBuf;
sal_uIntPtr mnInBufSize;
sal_uIntPtr mnInToRead;
diff --git a/tools/source/zcodec/zcodec.cxx b/tools/source/zcodec/zcodec.cxx
index 47c97dc2fdf4..2e9ad1ff896a 100644
--- a/tools/source/zcodec/zcodec.cxx
+++ b/tools/source/zcodec/zcodec.cxx
@@ -41,7 +41,6 @@ ZCodec::ZCodec( sal_uIntPtr nInBufSize, sal_uIntPtr nOutBufSize )
: meState(STATE_INIT)
, mbStatus(false)
, mbFinish(false)
- , mpIStm(NULL)
, mpInBuf(NULL)
, mnInBufSize(nInBufSize)
, mnInToRead(0)
@@ -66,7 +65,7 @@ void ZCodec::BeginCompression( int nCompressLevel, bool updateCrc, bool gzLib )
assert(meState == STATE_INIT);
mbStatus = true;
mbFinish = false;
- mpIStm = mpOStm = NULL;
+ mpOStm = NULL;
mnInToRead = 0xffffffff;
mpInBuf = mpOutBuf = NULL;
PZSTREAM->total_out = PZSTREAM->total_in = 0;
@@ -249,7 +248,6 @@ long ZCodec::ReadAsynchron( SvStream& rIStm, sal_uInt8* pData, sal_uIntPtr nSize
if (meState == STATE_INIT)
{
InitDecompress(rIStm);
- mpIStm = &rIStm;
}
PZSTREAM->avail_out = nSize;
PZSTREAM->next_out = pData;
@@ -267,7 +265,7 @@ long ZCodec::ReadAsynchron( SvStream& rIStm, sal_uInt8* pData, sal_uIntPtr nSize
break;
}
- PZSTREAM->avail_in = mpIStm->Read (
+ PZSTREAM->avail_in = rIStm.Read (
PZSTREAM->next_in = mpInBuf, nInToRead);
mnInToRead -= nInToRead;