diff options
author | Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> | 2021-06-09 14:58:28 +0900 |
---|---|---|
committer | Miklos Vajna <vmiklos@collabora.com> | 2021-06-15 15:40:35 +0200 |
commit | e6486216790fad355d0deeaebacffb9dc694cfd5 (patch) | |
tree | 3695560197489b21ff1174b363ebd1cc9e65760b /sd | |
parent | 4ea943c00f69f418fd9b9ab72d2d153714a34ebc (diff) |
sd: ubsan - fix heap-use-after-free in SdOutliner
OutlinerView can change (old one deleted and new one create)
so we can't store it in a local vairable and need to always
fetch it.
Change-Id: I0b4616cd3813565bc58b7a84320cbf52dd654a3a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/116879
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
(cherry picked from commit 36db408b9027da01464927e5853950435596ae05)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/117151
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
Diffstat (limited to 'sd')
-rw-r--r-- | sd/inc/Outliner.hxx | 3 | ||||
-rw-r--r-- | sd/source/ui/view/Outliner.cxx | 63 |
2 files changed, 36 insertions, 30 deletions
diff --git a/sd/inc/Outliner.hxx b/sd/inc/Outliner.hxx index adee254359e1..c689c4a4e30b 100644 --- a/sd/inc/Outliner.hxx +++ b/sd/inc/Outliner.hxx @@ -199,6 +199,9 @@ private: class Implementation; ::std::unique_ptr<Implementation> mpImpl; + /// Returns the current outline view + OutlinerView* getOutlinerView(); + /// Specifies whether to search and replace, to spell check or to do a /// text conversion. enum mode diff --git a/sd/source/ui/view/Outliner.cxx b/sd/source/ui/view/Outliner.cxx index 70df0bd17bfe..be3f76b0a543 100644 --- a/sd/source/ui/view/Outliner.cxx +++ b/sd/source/ui/view/Outliner.cxx @@ -221,6 +221,11 @@ SdOutliner::~SdOutliner() { } +OutlinerView* SdOutliner::getOutlinerView() +{ + return mpImpl->GetOutlinerView(); +} + /** Prepare find&replace or spellchecking. This distinguishes between three cases: <ol> @@ -310,7 +315,7 @@ void SdOutliner::EndSpelling() // Remove and, if previously created by us, delete the outline // view. - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); if (pOutlinerView != nullptr) { RemoveView(pOutlinerView); @@ -363,7 +368,7 @@ bool SdOutliner::SpellNextDocument() Initialize (true); mpWindow = pViewShell->GetActiveWindow(); - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); if (pOutlinerView != nullptr) pOutlinerView->SetWindow(mpWindow); ProvideNextTextObject (); @@ -521,7 +526,7 @@ void SdOutliner::Initialize (bool bDirectionIsForward) // current selection and place cursor at its start or end. if( nullptr != dynamic_cast< const sd::OutlineViewShell *>( pViewShell.get() )) { - ESelection aSelection = mpImpl->GetOutlinerView()->GetSelection (); + ESelection aSelection = getOutlinerView()->GetSelection (); if (mbDirectionIsForward) { aSelection.nEndPara = aSelection.nStartPara; @@ -532,7 +537,7 @@ void SdOutliner::Initialize (bool bDirectionIsForward) aSelection.nStartPara = aSelection.nEndPara; aSelection.nStartPos = aSelection.nEndPos; } - mpImpl->GetOutlinerView()->SetSelection (aSelection); + getOutlinerView()->SetSelection (aSelection); } // When not beginning the search at the beginning of the search area @@ -587,7 +592,7 @@ bool SdOutliner::SearchAndReplaceAll() if( nullptr != dynamic_cast< const sd::OutlineViewShell *>( pViewShell.get() )) { // Put the cursor to the beginning/end of the outliner. - mpImpl->GetOutlinerView()->SetSelection (GetSearchStartPosition ()); + getOutlinerView()->SetSelection (GetSearchStartPosition ()); // The outliner does all the work for us when we are in this mode. SearchAndReplaceOnce(); @@ -808,20 +813,18 @@ bool SdOutliner::SearchAndReplaceOnce(std::vector<sd::SearchSelection>* pSelecti { DetectChange (); - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); std::shared_ptr<sd::ViewShell> pViewShell (mpWeakViewShell.lock()); - if (!pOutlinerView || !GetEditEngine().HasView(&pOutlinerView->GetEditView())) + if (!getOutlinerView() || !GetEditEngine().HasView(&getOutlinerView()->GetEditView())) { mpImpl->ProvideOutlinerView(*this, pViewShell, mpWindow); - pOutlinerView = mpImpl->GetOutlinerView(); } if (pViewShell) { mpView = pViewShell->GetView(); mpWindow = pViewShell->GetActiveWindow(); - pOutlinerView->SetWindow(mpWindow); + getOutlinerView()->SetWindow(mpWindow); auto& rVectorGraphicSearchContext = mpImpl->getVectorGraphicSearchContext(); if (nullptr != dynamic_cast<const sd::DrawViewShell*>(pViewShell.get())) { @@ -873,14 +876,14 @@ bool SdOutliner::SearchAndReplaceOnce(std::vector<sd::SearchSelection>* pSelecti // the next match. if (meMode == SEARCH && mpSearchItem->GetCommand() == SvxSearchCmd::REPLACE) { - if (pOutlinerView->GetSelection().HasRange()) - pOutlinerView->StartSearchAndReplace(*mpSearchItem); + if (getOutlinerView()->GetSelection().HasRange()) + getOutlinerView()->StartSearchAndReplace(*mpSearchItem); } // Search for the next match. if (mpSearchItem->GetCommand() != SvxSearchCmd::REPLACE_ALL) { - nMatchCount = pOutlinerView->StartSearchAndReplace(*mpSearchItem); + nMatchCount = getOutlinerView()->StartSearchAndReplace(*mpSearchItem); } } @@ -900,16 +903,16 @@ bool SdOutliner::SearchAndReplaceOnce(std::vector<sd::SearchSelection>* pSelecti // Now that the mbEndOfSearch flag guards this block the // following assertion and return should not be // necessary anymore. - DBG_ASSERT(GetEditEngine().HasView(&pOutlinerView->GetEditView() ), + DBG_ASSERT(GetEditEngine().HasView(&getOutlinerView()->GetEditView() ), "SearchAndReplace without valid view!" ); - if ( ! GetEditEngine().HasView( &pOutlinerView->GetEditView() ) ) + if ( ! GetEditEngine().HasView( &getOutlinerView()->GetEditView() ) ) { mpDrawDocument->GetDocSh()->SetWaitCursor( false ); return true; } if (meMode == SEARCH) - pOutlinerView->StartSearchAndReplace(*mpSearchItem); + getOutlinerView()->StartSearchAndReplace(*mpSearchItem); } } } @@ -920,12 +923,12 @@ bool SdOutliner::SearchAndReplaceOnce(std::vector<sd::SearchSelection>* pSelecti // wrap around search is done. while (true) { - int nResult = pOutlinerView->StartSearchAndReplace(*mpSearchItem); + int nResult = getOutlinerView()->StartSearchAndReplace(*mpSearchItem); if (nResult == 0) { if (HandleFailedSearch ()) { - pOutlinerView->SetSelection (GetSearchStartPosition ()); + getOutlinerView()->SetSelection (GetSearchStartPosition ()); continue; } } @@ -940,7 +943,7 @@ bool SdOutliner::SearchAndReplaceOnce(std::vector<sd::SearchSelection>* pSelecti if (pViewShell && comphelper::LibreOfficeKit::isActive() && mbStringFound) { - sendLOKSearchResultCallback(pViewShell, pOutlinerView, pSelections); + sendLOKSearchResultCallback(pViewShell, getOutlinerView(), pSelections); } return mbEndOfSearch; @@ -970,7 +973,7 @@ void SdOutliner::DetectChange() mpView->UnmarkAllObj (pPageView); mpView->SdrEndTextEdit(); SetUpdateMode(false); - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); if (pOutlinerView != nullptr) pOutlinerView->SetOutputArea( ::tools::Rectangle( Point(), Size(1, 1) ) ); if (meMode == SPELL) @@ -1126,8 +1129,8 @@ void SdOutliner::RestoreStartPosition() { PutTextIntoOutliner(); EnterEditMode(false); - if (OutlinerView* pOutlinerView = mpImpl->GetOutlinerView()) - pOutlinerView->SetSelection(maStartSelection); + if (getOutlinerView()) + getOutlinerView()->SetSelection(maStartSelection); } } } @@ -1192,7 +1195,7 @@ void SdOutliner::ProvideNextTextObject() DBG_UNHANDLED_EXCEPTION("sd.view"); } SetUpdateMode(false); - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); if (pOutlinerView != nullptr) pOutlinerView->SetOutputArea( ::tools::Rectangle( Point(), Size(1, 1) ) ); if (meMode == SPELL) @@ -1362,7 +1365,7 @@ void SdOutliner::EndOfSearch() if( nullptr != dynamic_cast< const sd::OutlineViewShell *>( pViewShell.get() )) { // Set cursor to first character of the document. - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); if (pOutlinerView != nullptr) pOutlinerView->SetSelection (GetSearchStartPosition ()); } @@ -1514,7 +1517,7 @@ void SdOutliner::PrepareSearchAndReplace() mpDrawDocument->GetDocSh()->SetWaitCursor( false ); // Start search at the right end of the current object's text // depending on the search direction. - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); if (pOutlinerView != nullptr) pOutlinerView->SetSelection (GetSearchStartPosition ()); } @@ -1610,7 +1613,7 @@ void SdOutliner::SetPage (EditMode eEditMode, sal_uInt16 nPageIndex) void SdOutliner::EnterEditMode (bool bGrabFocus) { - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); if (!(pOutlinerView && mpSearchSpellTextObj)) return; @@ -1678,7 +1681,7 @@ ESelection SdOutliner::GetSearchStartPosition() const bool SdOutliner::HasNoPreviousMatch() { - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); DBG_ASSERT (pOutlinerView!=nullptr, "outline view in SdOutliner::HasNoPreviousMatch is NULL"); @@ -1691,7 +1694,7 @@ bool SdOutliner::HandleFailedSearch() { bool bContinueSearch = false; - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); if (pOutlinerView != nullptr && mpSearchItem != nullptr) { // Detect whether there is/may be a prior match. If there is then @@ -1741,7 +1744,7 @@ void SdOutliner::SetViewShell (const std::shared_ptr<sd::ViewShell>& rpViewShell mpWindow = rpViewShell->GetActiveWindow(); mpImpl->ProvideOutlinerView(*this, rpViewShell, mpWindow); - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); if (pOutlinerView != nullptr) pOutlinerView->SetWindow(mpWindow); } @@ -1787,7 +1790,7 @@ void SdOutliner::StartConversion( LanguageType nSourceLanguage, LanguageType nT BeginConversion(); - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); if (pOutlinerView != nullptr) { pOutlinerView->StartTextConversion( @@ -1870,7 +1873,7 @@ bool SdOutliner::ConvertNextDocument() Initialize ( true ); - OutlinerView* pOutlinerView = mpImpl->GetOutlinerView(); + OutlinerView* pOutlinerView = getOutlinerView(); if (pOutlinerView != nullptr) { mpWindow = pViewShell->GetActiveWindow(); |