diff options
| author | Mike Kaganski <mike.kaganski@collabora.com> | 2021-08-18 15:04:49 +0200 |
|---|---|---|
| committer | Mike Kaganski <mike.kaganski@collabora.com> | 2021-08-18 19:19:17 +0200 |
| commit | 719e2f34837ac54ab7d789e782d5924a72c931d3 (patch) | |
| tree | e49d41b74ffd0f4e69baf1ad360a37773fb65b54 /svx | |
| parent | f6a04457b8aa227deb9402e6406ea843fabfcbb0 (diff) | |
Potential nullptr dereference
SdrOle2Obj::CanUnloadRunningObj dereferences its first argument
unconditionally after checking if it's XEmbedPersist2, so for null
argument, it will always crash.
OTOH, OLEObjCache::UnloadCheckHdl checks if xUnloadObj is null,
*after* calling SdrOle2Obj::CanUnloadRunningObj with it.
I don't know if it's OK to try to unload objects that don't return
a valid XEmbeddedObject, so I decided to live dangerously and keep
unloading those.
Change-Id: Ib4901cbaf2dcd3ba4ae6fed983c09c10f1efe852
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120633
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Diffstat (limited to 'svx')
| -rw-r--r-- | svx/source/svdraw/svdetc.cxx | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/svx/source/svdraw/svdetc.cxx b/svx/source/svdraw/svdetc.cxx index 471c0e65ffd9..04219e7a8477 100644 --- a/svx/source/svdraw/svdetc.cxx +++ b/svx/source/svdraw/svdetc.cxx @@ -128,7 +128,7 @@ IMPL_LINK_NOARG(OLEObjCache, UnloadCheckHdl, Timer*, void) // it is important to get object without reinitialization to avoid reentrance uno::Reference< embed::XEmbeddedObject > xUnloadObj = pUnloadObj->GetObjRef_NoInit(); - bool bUnload = SdrOle2Obj::CanUnloadRunningObj( xUnloadObj, pUnloadObj->GetAspect() ); + bool bUnload = !xUnloadObj || SdrOle2Obj::CanUnloadRunningObj( xUnloadObj, pUnloadObj->GetAspect() ); // check whether the object can be unloaded before looking for the parent objects if ( xUnloadObj.is() && bUnload ) |