-fsanitize=null

...as happens in CppunitTest_sw_filters_test with sw/qa/core/data/ww8/pass/CVE-2015-2431-1.doc: > sw/source/filter/ww8/ww8par4.cxx:294:76: runtime error: reference binding to null pointer of type 'const SfxItemSet' > SwWW8ImplReader::ImportOle(Graphic const*, SfxItemSet const*, SfxItemSet const*, Rectangle const&) sw/source/filter/ww8/ww8par4.cxx:294:23 > SwWW8ImplReader::ReadChar(long, long) sw/source/filter/ww8/ww8par.cxx:3611:35 > SwWW8ImplReader::ReadChars(int&, int, long, long) sw/source/filter/ww8/ww8par.cxx:3436:27 > SwWW8ImplReader::ReadText(int, int, ManTypes) sw/source/filter/ww8/ww8par.cxx:3974:22 > SwWW8ImplReader::CoreLoad(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:5175:9 > SwWW8ImplReader::LoadThroughDecryption(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:5773:19 > SwWW8ImplReader::LoadDoc(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:6045:19 > WW8Reader::Read(SwDoc&, rtl::OUString const&, SwPaM&, rtl::OUString const&) sw/source/filter/ww8/ww8par.cxx:6167:20 > SwReader::Read(Reader const&) sw/source/filter/basflt/shellio.cxx:175:18 > SwDocShell::ConvertFrom(SfxMedium&) sw/source/uibase/app/docsh.cxx:258:22 > SfxObjectShell::DoLoad(SfxMedium*) sfx2/source/doc/objstor.cxx:790:23 > SwFiltersTest::filter(rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned int, bool) sw/qa/core/filters-test.cxx:112:20 Change-Id: I4482bc5d8e0c2646e7c8667a231a78311b557e89
author: Stephan Bergmann <sbergman@redhat.com> 2015-09-01 09:08:21 +0200
committer: Stephan Bergmann <sbergman@redhat.com> 2015-09-01 09:12:12 +0200
commit: 3b1ab016386cebe14435d79ec8693e3c7339a7df (patch)
tree: e454afe490bdfc110e654dc39b4e047b51c25ff6 /sw
parent: fd1571e807c7a0b06ce419c96527c2ac00c7ae2d (diff)
4 files changed, 6 insertions, 6 deletions
diff --git a/sw/source/filter/ww8/ww8graf.cxx b/sw/source/filter/ww8/ww8graf.cxx
index d37be70fc8ea..f6078e93a261 100644
--- a/sw/source/filter/ww8/ww8graf.cxx
+++ b/sw/source/filter/ww8/ww8graf.cxx
@@ -3026,7 +3026,7 @@ SwFlyFrameFormat* SwWW8ImplReader::ImportReplaceableDrawables( SdrObject* &rpObj
 
     OUString aObjectName(rpObject->GetName());
     if (OBJ_OLE2 == SdrObjKind(rpObject->GetObjIdentifier()))
-        pRetFrameFormat = InsertOle(*static_cast<SdrOle2Obj*>(rpObject), rFlySet, aGrSet);
+        pRetFrameFormat = InsertOle(*static_cast<SdrOle2Obj*>(rpObject), rFlySet, &aGrSet);
     else
     {
         const SdrGrafObj *pGrf = static_cast<const SdrGrafObj*>(rpObject);
diff --git a/sw/source/filter/ww8/ww8graf2.cxx b/sw/source/filter/ww8/ww8graf2.cxx
index 2c1182d115f5..91717f83cb68 100644
--- a/sw/source/filter/ww8/ww8graf2.cxx
+++ b/sw/source/filter/ww8/ww8graf2.cxx
@@ -642,7 +642,7 @@ SwFrameFormat* SwWW8ImplReader::ImportGraf(SdrTextObj* pTextObj,
                     if (sal_uInt16(OBJ_OLE2) == pObject->GetObjIdentifier())
                     {
                         // the size from BLIP, if there is any, should be already set
-                        pRet = InsertOle(*static_cast<SdrOle2Obj*>(pObject), aAttrSet, aGrSet);
+                        pRet = InsertOle(*static_cast<SdrOle2Obj*>(pObject), aAttrSet, &aGrSet);
                     }
                     else
                     {
diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx
index 84541fdf0863..a0d7202e049b 100644
--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -1522,7 +1522,7 @@ private:
     SwFrameFormat* ImportOle( const Graphic* = 0, const SfxItemSet* pFlySet = 0,
         const SfxItemSet* pGrfSet = 0, const Rectangle& aVisArea = Rectangle() );
     SwFlyFrameFormat* InsertOle(SdrOle2Obj &rObject, const SfxItemSet &rFlySet,
-        const SfxItemSet &rGrfSet);
+        const SfxItemSet *rGrfSet);
 
     bool ImportFormulaControl(WW8FormulaControl &rBox,WW8_CP nStart,
         SwWw8ControlType nWhich);
diff --git a/sw/source/filter/ww8/ww8par4.cxx b/sw/source/filter/ww8/ww8par4.cxx
index 5ef7a77f83d6..1aeaacb1c6df 100644
--- a/sw/source/filter/ww8/ww8par4.cxx
+++ b/sw/source/filter/ww8/ww8par4.cxx
@@ -198,7 +198,7 @@ static bool SwWw6ReadMacPICTStream(Graphic& rGraph, tools::SvRef<SotStorage>& rS
 }
 
 SwFlyFrameFormat* SwWW8ImplReader::InsertOle(SdrOle2Obj &rObject,
-    const SfxItemSet &rFlySet, const SfxItemSet &rGrfSet)
+    const SfxItemSet &rFlySet, const SfxItemSet *rGrfSet)
 {
     SfxObjectShell *pPersist = m_rDoc.GetPersist();
     OSL_ENSURE(pPersist, "No persist, cannot insert objects correctly");
@@ -238,7 +238,7 @@ SwFlyFrameFormat* SwWW8ImplReader::InsertOle(SdrOle2Obj &rObject,
     if (bSuccess)
     {
         const SfxItemSet *pFlySet = pMathFlySet ? pMathFlySet : &rFlySet;
-        pRet = m_rDoc.getIDocumentContentOperations().InsertOLE(*m_pPaM, sNewName, rObject.GetAspect(), pFlySet, &rGrfSet, 0);
+        pRet = m_rDoc.getIDocumentContentOperations().InsertOLE(*m_pPaM, sNewName, rObject.GetAspect(), pFlySet, rGrfSet, 0);
     }
     delete pMathFlySet;
     return pRet;
@@ -291,7 +291,7 @@ SwFrameFormat* SwWW8ImplReader::ImportOle(const Graphic* pGrf,
     {
         if (pRet->ISA(SdrOle2Obj))
         {
-            pFormat = InsertOle(*static_cast<SdrOle2Obj*>(pRet), *pFlySet, *pGrfSet);
+            pFormat = InsertOle(*static_cast<SdrOle2Obj*>(pRet), *pFlySet, pGrfSet);
             SdrObject::Free( pRet );        // das brauchen wir nicht mehr
         }
         else
author	Stephan Bergmann <sbergman@redhat.com>	2015-09-01 09:08:21 +0200
committer	Stephan Bergmann <sbergman@redhat.com>	2015-09-01 09:12:12 +0200
commit	3b1ab016386cebe14435d79ec8693e3c7339a7df (patch)
tree	e454afe490bdfc110e654dc39b4e047b51c25ff6 /sw
parent	fd1571e807c7a0b06ce419c96527c2ac00c7ae2d (diff)