sw: fix heap-use-after-free in the UnoActionContext dtor

When lockControllers() is followed by close() + dispose(), but no match unlock first: ==8514==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190002d1b58 at pc 0x7f48b13f5b85 bp 0x7fff557d98c0 sp 0x7fff557d98b8 ... #3 0x7f48b138beca in SwDoc::getIDocumentLayoutAccess() /sw/source/core/doc/doc.cxx:412:12 #4 0x7f48b58db224 in UnoActionContext::~UnoActionContext() /sw/source/core/unocore/unoobj2.cxx:200:49 ... #15 0x7f48b841c484 in SwXTextDocument::~SwXTextDocument() /sw/source/uibase/uno/unotxdoc.cxx:439:1 freed by thread T0 here: #1 0x7f48b1388a26 in SwDoc::release() /sw/source/core/doc/doc.cxx:118:9 ... #17 0x7f48d15a40e5 in SfxBaseModel::dispose() /sfx2/source/doc/sfxbasemodel.cxx:755:13 #18 0x7f48b8429a48 in SwXTextDocument::dispose() /sw/source/uibase/uno/unotxdoc.cxx:586:19 Change-Id: I39bf65e43c12ce5ee49bdedeb1673b934ca21106 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103709 Reviewed-by: Miklos Vajna <vmiklos@collabora.com> Tested-by: Jenkins
author: Miklos Vajna <vmiklos@collabora.com> 2020-09-30 16:48:27 +0200
committer: Miklos Vajna <vmiklos@collabora.com> 2020-09-30 19:09:55 +0200
commit: e08afec61aef62dd4f949ca7e1ffcc70d437e525 (patch)
tree: 53c57726fef9feb7dd6a410686aef59be32d2243 /sw/qa
parent: a6470c6d5acd107833f90ea8761697aaaa8f772a (diff)
1 files changed, 36 insertions, 0 deletions
diff --git a/sw/qa/uibase/uno/uno.cxx b/sw/qa/uibase/uno/uno.cxx
new file mode 100644
index 000000000000..23c1829ab7de
--- /dev/null
+++ b/sw/qa/uibase/uno/uno.cxx
@@ -0,0 +1,36 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <swmodeltestbase.hxx>
+
+#include <com/sun/star/util/XCloseable.hpp>
+
+/// Covers sw/source/uibase/uno/ fixes.
+class SwUibaseUnoTest : public SwModelTestBase
+{
+};
+
+CPPUNIT_TEST_FIXTURE(SwUibaseUnoTest, testLockControllers)
+{
+    mxComponent = loadFromDesktop("private:factory/swriter", "com.sun.star.text.TextDocument");
+    {
+        uno::Reference<frame::XModel> xModel(mxComponent, uno::UNO_QUERY_THROW);
+        xModel->lockControllers();
+    }
+    {
+        uno::Reference<util::XCloseable> xCloseable(mxComponent, uno::UNO_QUERY_THROW);
+        xCloseable->close(false);
+    }
+    // Without the accompanying fix in place, this test would have crashed.
+    mxComponent.clear();
+}
+
+CPPUNIT_PLUGIN_IMPLEMENT();
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
author	Miklos Vajna <vmiklos@collabora.com>	2020-09-30 16:48:27 +0200
committer	Miklos Vajna <vmiklos@collabora.com>	2020-09-30 19:09:55 +0200
commit	e08afec61aef62dd4f949ca7e1ffcc70d437e525 (patch)
tree	53c57726fef9feb7dd6a410686aef59be32d2243 /sw/qa
parent	a6470c6d5acd107833f90ea8761697aaaa8f772a (diff)