summaryrefslogtreecommitdiff
path: root/cppcanvas
diff options
context:
space:
mode:
authorJustin Luth <justin_luth@sil.org>2022-02-02 11:00:07 +0200
committerCaolán McNamara <caolanm@redhat.com>2022-02-04 21:40:10 +0100
commit583185235389b55d6cfffac3067c0e1ccb2852b1 (patch)
tree73c57a801e1447467ea8090bdafc92a381ff4cfc /cppcanvas
parent5b0b004107f47ebfedd68d5916aa2176dad0d27b (diff)
related tdf#145868 sd: Clone SvxSearchItem to avoid use after free
I tested "if (mpSearchItem)" which passed, but then it crashed when trying to access (*mpSearchItem) == (*pSearchItem) because the mpSearchItem's DTOR had already been called prior to the if(mpSearchItem). Since mpSearchItem is never compared to another memory pointer, it is safe to assign it to a Clone. Steps to reproduce: 1.) open Impress and search for something 2.) change the search string to something else 3.) search again. Note that there isn't currently any code that hits this. I discovered it trying to craft a fix for bug 145868. Change-Id: Idc5f5a3e812ed3e49631347c35c3f4b2d8bb4127 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129347 Tested-by: Jenkins Tested-by: Caolán McNamara <caolanm@redhat.com> Reviewed-by: Justin Luth <jluth@mail.com> Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'cppcanvas')
0 files changed, 0 insertions, 0 deletions