diff options
author | Caolán McNamara <caolanm@redhat.com> | 2015-03-20 21:16:35 +0000 |
---|---|---|
committer | Caolán McNamara <caolanm@redhat.com> | 2015-03-21 22:00:50 +0000 |
commit | c3087d969671e62182eb049850479e77190ccff4 (patch) | |
tree | 4ba28229defa69971216f811284ef3a9dabfa2d5 /sw | |
parent | 930fc5958a40d92d15bfd27297bb4dacd2b07e49 (diff) |
avoid crash on layout of ooo77837-1.odt
by attempting to set the parent as un-joinable for the duration of the
Cut/Paste in order to ensure it survives the process
==14185== Invalid read of size 8
==14185== at 0x27AB1CF4: SwLayoutFrm::Lower() (layfrm.hxx:108)
==14185== by 0x27FE3FD4: SwFlowFrm::PasteTree(SwFrm*, SwLayoutFrm*, SwFrm*, SwFrm*) (flowfrm.cxx:455)
==14185== by 0x27FE4597: SwFlowFrm::MoveSubTree(SwLayoutFrm*, SwFrm*) (flowfrm.cxx:584)
==14185== by 0x2801CF8B: SwCntntFrm::MoveFtnCntFwd(bool, SwFtnBossFrm*) (ftnfrm.cxx:2753)
==14185== by 0x27FE7C29: SwFlowFrm::MoveFwd(bool, bool, bool) (flowfrm.cxx:1795)
==14185== Address 0x11a74da8 is 168 bytes inside a block of size 288 free'd
==14185== by 0x2808CAC8: SwSectionFrm::~SwSectionFrm() (sectfrm.cxx:153)
==14185== by 0x2808DCC5: SwSectionFrm::MergeNext(SwSectionFrm*) (sectfrm.cxx:453)
==14185== by 0x2808EC4B: SwSectionFrm::MakeAll() (sectfrm.cxx:713)
==14185== by 0x27FCD000: SwFrm::PrepareMake() (calcmove.cxx:306)
==14185== by 0x27DCAAC1: SwFrm::Calc() const (frame.hxx:996)
==14185== by 0x27FE3EB9: SwFlowFrm::CutTree(SwFrm*) (flowfrm.cxx:418)
==14185== by 0x27FE4577: SwFlowFrm::MoveSubTree(SwLayoutFrm*, SwFrm*) (flowfrm.cxx:583)
==14185== by 0x2801CF8B: SwCntntFrm::MoveFtnCntFwd(bool, SwFtnBossFrm*) (ftnfrm.cxx:2753)
==14185== by 0x27FE7C29: SwFlowFrm::MoveFwd(bool, bool, bool) (flowfrm.cxx:1795)
Change-Id: If96d845fdf22726df513b0dabd2764ad60c85987
Diffstat (limited to 'sw')
-rw-r--r-- | sw/qa/extras/odfimport/data/ooo77837-1.odt | bin | 0 -> 15724 bytes | |||
-rw-r--r-- | sw/qa/extras/odfimport/odfimport.cxx | 5 | ||||
-rw-r--r-- | sw/source/core/layout/flowfrm.cxx | 14 |
3 files changed, 19 insertions, 0 deletions
diff --git a/sw/qa/extras/odfimport/data/ooo77837-1.odt b/sw/qa/extras/odfimport/data/ooo77837-1.odt Binary files differnew file mode 100644 index 000000000000..7be4f2b3e33b --- /dev/null +++ b/sw/qa/extras/odfimport/data/ooo77837-1.odt diff --git a/sw/qa/extras/odfimport/odfimport.cxx b/sw/qa/extras/odfimport/odfimport.cxx index dd32fb6da717..7c6e2e257137 100644 --- a/sw/qa/extras/odfimport/odfimport.cxx +++ b/sw/qa/extras/odfimport/odfimport.cxx @@ -319,6 +319,11 @@ DECLARE_ODFIMPORT_TEST(testCalcFtnCntnt, "ooo32780-1.odt") //this was a CalcFtnCntnt crash } +DECLARE_ODFIMPORT_TEST(testMoveSubTree, "ooo77837-1.odt") +{ + //this was a MoveSubTree crash +} + DECLARE_ODFIMPORT_TEST(testFdo75872_ooo33, "fdo75872_ooo33.odt") { // graphics default style: line color and fill color changed diff --git a/sw/source/core/layout/flowfrm.cxx b/sw/source/core/layout/flowfrm.cxx index f4a67d49f33a..365413aff33b 100644 --- a/sw/source/core/layout/flowfrm.cxx +++ b/sw/source/core/layout/flowfrm.cxx @@ -574,9 +574,23 @@ void SwFlowFrm::MoveSubTree( SwLayoutFrm* pParent, SwFrm* pSibling ) SwPageFrm *pOldPage = m_rThis.FindPageFrm(); + //JoinLock pParent for the lifetime of the Cut/Paste call to avoid + //SwSectionFrm::MergeNext removing the pParent we're trying to reparent + //into + bool bOldJoinLocked(false); + SwFlowFrm *pParentFlow = SwFlowFrm::CastFlowFrm(pParent); + if (pParentFlow) + { + bOldJoinLocked = pParentFlow->IsJoinLocked(); + pParentFlow->LockJoin(); + } + SwLayoutFrm *pOldParent = CutTree( &m_rThis ); const bool bInvaLay = PasteTree( &m_rThis, pParent, pSibling, pOldParent ); + if (pParentFlow && !bOldJoinLocked) + pParentFlow->UnlockJoin(); + // If, by cutting & pasting, an empty SectionFrm came into existence, it should // disappear automatically. SwSectionFrm *pSct; |