diff options
| author | Mike Kaganski <mike.kaganski@collabora.com> | 2022-09-10 22:56:17 +0300 |
|---|---|---|
| committer | Mike Kaganski <mike.kaganski@collabora.com> | 2022-09-10 23:38:24 +0200 |
| commit | b31992ea518cec906a65ef971a637d0529302a2c (patch) | |
| tree | 096729c2c08b31c8dbd1a6b7a17edb5d3486bec9 | |
| parent | b32c44f83ded245b0fc350aef350e1c55545e354 (diff) | |
tdf#119039: workaround an OleLoad bug releasing passed storage unexpectedly
See https://developercommunity.visualstudio.com/t/10144795
Change-Id: I75ee88c1dd50e0772c358967ac09b7788156d9f0
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139756
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
| -rw-r--r-- | embeddedobj/source/msole/olecomponent.cxx | 15 | ||||
| -rw-r--r-- | sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx | bin | 0 -> 13876 bytes | |||
| -rw-r--r-- | sw/qa/extras/ooxmlimport/ooxmlimport2.cxx | 7 |
3 files changed, 21 insertions, 1 deletions
diff --git a/embeddedobj/source/msole/olecomponent.cxx b/embeddedobj/source/msole/olecomponent.cxx index 1aec0c704926..f3111302355f 100644 --- a/embeddedobj/source/msole/olecomponent.cxx +++ b/embeddedobj/source/msole/olecomponent.cxx @@ -589,11 +589,24 @@ namespace HRESULT OleLoadSeh(LPSTORAGE pIStorage, LPVOID* ppObj) { HRESULT hr = E_FAIL; + // tdf#119039: there is a nasty bug in OleLoad, that may call an unpaired + // IUnknown::Release on pIStorage on STG_E_FILENOTFOUND: see + // https://developercommunity.visualstudio.com/t/10144795 + // Workaround it here to avoid crash in smart COM pointer destructor that + // would try to release already released object. Since we don't know if + // the bug appears each time STG_E_FILENOTFOUND is returned, this might + // potentially leak the storge object. + if (pIStorage) + pIStorage->AddRef(); + __try { hr = OleLoad(pIStorage, IID_IUnknown, nullptr, ppObj); } __except( EXCEPTION_EXECUTE_HANDLER ) { - return E_FAIL; + hr = E_FAIL; } + if (pIStorage && hr != STG_E_FILENOTFOUND) + pIStorage->Release(); + return hr; } } diff --git a/sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx b/sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx Binary files differnew file mode 100644 index 000000000000..c0cda280d447 --- /dev/null +++ b/sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx diff --git a/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx b/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx index fd148cd8db49..62ae3250af73 100644 --- a/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx +++ b/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx @@ -934,6 +934,13 @@ CPPUNIT_TEST_FIXTURE(Test, testTdf126426) CPPUNIT_ASSERT_EQUAL(sal_Int32(-1), getProperty<sal_Int32>(xRun, "CharColor")); } } + +CPPUNIT_TEST_FIXTURE(Test, testTdf119039) +{ + load(mpTestDocumentPath, "tdf119039_bad_embedded_compound.docx"); + // Should not crash/hang because of problematic embedded compound +} + // tests should only be added to ooxmlIMPORT *if* they fail round-tripping in ooxmlEXPORT CPPUNIT_PLUGIN_IMPLEMENT(); |