From 764e3016b62665281539af4e990ca4ff0445c26c Mon Sep 17 00:00:00 2001 From: "Matthew J. Francis" Date: Sat, 20 Sep 2014 12:14:41 +0800 Subject: fdo#84086 Fix assorted use-after-free bugs Change-Id: Iec004fffdb0afbe27bd69f379db90f6d904a8a65 Reviewed-on: https://gerrit.libreoffice.org/11553 Reviewed-by: Noel Grandin Tested-by: Noel Grandin --- basic/source/comp/sbcomp.cxx | 15 +++++++-------- connectivity/source/drivers/mork/MStatement.cxx | 2 -- .../source/drivers/odbc/ODatabaseMetaDataResultSet.cxx | 4 ++-- connectivity/workben/testmoz/main.cxx | 6 ++---- connectivity/workben/testmoz/mozthread.cxx | 9 +++------ fpicker/source/office/OfficeControlAccess.cxx | 6 ++++-- sfx2/source/control/shell.cxx | 2 +- sfx2/source/sidebar/Deck.cxx | 12 ++++++------ sw/source/ui/vba/vbasystem.cxx | 6 +++--- unoxml/source/dom/attr.cxx | 1 - unoxml/source/dom/documentbuilder.cxx | 6 ------ vcl/source/gdi/pdfwriter_impl.cxx | 4 ++-- 12 files changed, 30 insertions(+), 43 deletions(-) diff --git a/basic/source/comp/sbcomp.cxx b/basic/source/comp/sbcomp.cxx index 59b0fd7457e8..7e79bef3c337 100644 --- a/basic/source/comp/sbcomp.cxx +++ b/basic/source/comp/sbcomp.cxx @@ -414,7 +414,7 @@ void lcl_printTimeOutput( void ) if( pFunctionItem != NULL ) { OUString aCompleteFunctionName = pFunctionItem->m_aCompleteFunctionName; - const char* pName = OUStringToOString( aCompleteFunctionName, RTL_TEXTENCODING_ASCII_US ).getStr(); + OString aName = OUStringToOString( aCompleteFunctionName, RTL_TEXTENCODING_ASCII_US ); int nNameLen = aCompleteFunctionName.getLength(); double dFctTotalTime = pFunctionItem->m_dTotalTime; @@ -427,7 +427,7 @@ void lcl_printTimeOutput( void ) nSpaceCount = 2; } sprintf( TimeBuffer, "%s:%sCalled %d times\t%f ms (%f%%) / net %f (%f%%) ms", - pName, lcl_getSpaces( nSpaceCount ), pFunctionItem->m_nCallCount, + aName.getStr(), lcl_getSpaces( nSpaceCount ), pFunctionItem->m_nCallCount, dFctTotalTime*1000.0, dFctTotalTimePercent, dFctNetTime*1000.0, dFctNetTimePercent ); lcl_lineOut( TimeBuffer ); } @@ -566,9 +566,9 @@ void dbg_traceStep( SbModule* pModule, sal_uInt32 nPC, sal_Int32 nCallLvl ) ModuleTraceMap::iterator it = rModuleTraceMap.find( aModuleName ); if( it == rModuleTraceMap.end() ) { - const char* pModuleNameStr = OUStringToOString( OUString( aModuleName ), RTL_TEXTENCODING_ASCII_US ).getStr(); + OString aModuleNameStr = OUStringToOString( OUString( aModuleName ), RTL_TEXTENCODING_ASCII_US ); char Buffer[200]; - sprintf( Buffer, "TRACE ERROR: Unknown module \"%s\"", pModuleNameStr ); + sprintf( Buffer, "TRACE ERROR: Unknown module \"%s\"", aModuleNameStr.getStr() ); lcl_lineOut( Buffer ); return; } @@ -583,9 +583,9 @@ void dbg_traceStep( SbModule* pModule, sal_uInt32 nPC, sal_Int32 nCallLvl ) PCToTextDataMap::iterator itInner = pInnerMap->find( nPC ); if( itInner == pInnerMap->end() ) { - const char* pModuleNameStr = OUStringToOString( OUString( aModuleName ), RTL_TEXTENCODING_ASCII_US ).getStr(); + OString aModuleNameStr = OUStringToOString( OUString( aModuleName ), RTL_TEXTENCODING_ASCII_US ); char Buffer[200]; - sprintf( Buffer, "TRACE ERROR: No info for PC = %d in module \"%s\"", (int)nPC, pModuleNameStr ); + sprintf( Buffer, "TRACE ERROR: No info for PC = %d in module \"%s\"", (int)nPC, aModuleNameStr.getStr() ); lcl_lineOut( Buffer ); return; } @@ -925,9 +925,8 @@ void RTL_Impl_TraceCommand( StarBASIC* pBasic, SbxArray& rPar, sal_Bool bWrite ) } char Buffer[500]; - const char* pValStr = OUStringToOString( OUString( aValStr ), RTL_TEXTENCODING_ASCII_US ).getStr(); - sprintf( Buffer, "### TRACE_PRINT: %s ###", pValStr ); + sprintf( Buffer, "### TRACE_PRINT: %s ###", OUStringToOString( OUString( aValStr ), RTL_TEXTENCODING_ASCII_US ).getStr() ); int nIndent = GnLastCallLvl * GnIndentPerCallLevel; lcl_lineOut( Buffer, lcl_getSpaces( nIndent ) ); diff --git a/connectivity/source/drivers/mork/MStatement.cxx b/connectivity/source/drivers/mork/MStatement.cxx index 1ee4b8c62c98..3dd425e9ec4e 100644 --- a/connectivity/source/drivers/mork/MStatement.cxx +++ b/connectivity/source/drivers/mork/MStatement.cxx @@ -196,8 +196,6 @@ OCommonStatement::StatementType OCommonStatement::parseSql( const OUString& sql #if OSL_DEBUG_LEVEL > 0 { - const char* str = OUtoCStr(sql); - OSL_UNUSED( str ); OSL_TRACE("ParseSQL: %s", OUtoCStr( sql ) ); } #endif // OSL_DEBUG_LEVEL diff --git a/connectivity/source/drivers/odbc/ODatabaseMetaDataResultSet.cxx b/connectivity/source/drivers/odbc/ODatabaseMetaDataResultSet.cxx index ecc8bdaa9168..79dce14e7433 100644 --- a/connectivity/source/drivers/odbc/ODatabaseMetaDataResultSet.cxx +++ b/connectivity/source/drivers/odbc/ODatabaseMetaDataResultSet.cxx @@ -1180,14 +1180,14 @@ void ODatabaseMetaDataResultSet::openForeignKeys( const Any& catalog, const OUSt const Any& catalog2, const OUString* schema2, const OUString* table2) throw(SQLException, RuntimeException) { - OString aPKQ, aPKN, aFKQ, aFKO, aFKN; + OString aPKQ, aPKO, aPKN, aFKQ, aFKO, aFKN; if ( catalog.hasValue() ) aPKQ = OUStringToOString(comphelper::getString(catalog),m_nTextEncoding); if ( catalog2.hasValue() ) aFKQ = OUStringToOString(comphelper::getString(catalog2),m_nTextEncoding); const char *pPKQ = catalog.hasValue() && !aPKQ.isEmpty() ? aPKQ.getStr() : NULL, - *pPKO = schema && !schema->isEmpty() ? OUStringToOString(*schema,m_nTextEncoding).getStr() : NULL, + *pPKO = schema && !schema->isEmpty() ? (aPKO = OUStringToOString(*schema,m_nTextEncoding)).getStr() : NULL, *pPKN = table ? (aPKN = OUStringToOString(*table,m_nTextEncoding)).getStr(): NULL, *pFKQ = catalog2.hasValue() && !aFKQ.isEmpty() ? aFKQ.getStr() : NULL, *pFKO = schema2 && !schema2->isEmpty() ? (aFKO = OUStringToOString(*schema2,m_nTextEncoding)).getStr() : NULL, diff --git a/connectivity/workben/testmoz/main.cxx b/connectivity/workben/testmoz/main.cxx index 7051ef2e28d4..0b49ea3e2596 100644 --- a/connectivity/workben/testmoz/main.cxx +++ b/connectivity/workben/testmoz/main.cxx @@ -82,8 +82,7 @@ void printColumns( Reference &xRes ) printf( "ColumnCount = %d\n", xMeta->getColumnCount()); for(sal_Int32 i=1;i<=xMeta->getColumnCount();++i) { - const char *str = OUtoCStr(xMeta->getColumnName(i)); - printf( aPat, str ); + printf( aPat, OUtoCStr(xMeta->getColumnName(i) ); } printf("\n"); printf("------------------------------------------------------------------------------------------\n"); @@ -100,8 +99,7 @@ void printXResultSet( Reference &xRes ) for(sal_Int32 j=1;j<=xMeta->getColumnCount();++j) { try { - const char *str = OUtoCStr(xRow->getString(j)); - printf( aPat_Short, str ); + printf( aPat_Short, OUtoCStr(xRow->getString(j)) ); } catch (...) { printf(" Ex "); } diff --git a/connectivity/workben/testmoz/mozthread.cxx b/connectivity/workben/testmoz/mozthread.cxx index 48ab7b1f68eb..527d2f34373a 100644 --- a/connectivity/workben/testmoz/mozthread.cxx +++ b/connectivity/workben/testmoz/mozthread.cxx @@ -102,8 +102,7 @@ void printColumns( Reference &xRes ) OSL_TRACE( "ColumnCount = %d", xMeta->getColumnCount()); for(sal_Int32 i=1;i<=xMeta->getColumnCount();++i) { - const char *str = OUtoCStr(xMeta->getColumnName(i)); - OSL_TRACE( aPat, str ); + OSL_TRACE( aPat, OUtoCStr(xMeta->getColumnName(i) ); } OSL_TRACE("\n"); OSL_TRACE("------------------------------------------------------------------------------------------"); @@ -125,8 +124,7 @@ void printXResultSet( Reference &xRes ) { try { - const char *str = OUtoCStr(xRow->getString(j)); - OSL_TRACE( aPat_Short, str ); + OSL_TRACE( aPat_Short, OUtoCStr(xRow->getString(j) ); } catch (...) { OSL_TRACE(" Ex "); } @@ -235,8 +233,7 @@ void TestQuery(Reference< ::com::sun::star::sdbc::XConnection> &pConnection) while( xRes.is() && xRes->next()) { Reference xRow(xRes,UNO_QUERY); - const char *strTableName = OUtoCStr(xRow->getString(3)); - OSL_TRACE("Testing Table:%s",strTableName); + OSL_TRACE("Testing Table:%s",OUtoCStr(xRow->getString(3)); Reference tmpRes = xStmt->executeQuery(sqlPrefix + qut + xRow->getString(3) + qut); diff --git a/fpicker/source/office/OfficeControlAccess.cxx b/fpicker/source/office/OfficeControlAccess.cxx index fe45acd860d0..1ac55e03fa52 100644 --- a/fpicker/source/office/OfficeControlAccess.cxx +++ b/fpicker/source/office/OfficeControlAccess.cxx @@ -238,7 +238,8 @@ namespace svt { Control* pControl = NULL; ControlDescription tmpDesc; - tmpDesc.pControlName = OUStringToOString(_rControlName, RTL_TEXTENCODING_UTF8).getStr(); + OString aControlName = OUStringToOString( _rControlName, RTL_TEXTENCODING_UTF8 ); + tmpDesc.pControlName = aControlName.getStr(); // translate the name into an id ControlDescRange aFoundRange = ::std::equal_range( s_pControls, s_pControlsEnd, tmpDesc, ControlDescriptionLookup() ); @@ -319,7 +320,8 @@ namespace svt bool OControlAccess::isControlSupported( const OUString& _rControlName ) { ControlDescription tmpDesc; - tmpDesc.pControlName = OUStringToOString(_rControlName, RTL_TEXTENCODING_UTF8).getStr(); + OString aControlName = OUStringToOString(_rControlName, RTL_TEXTENCODING_UTF8); + tmpDesc.pControlName = aControlName.getStr(); return ::std::binary_search( s_pControls, s_pControlsEnd, tmpDesc, ControlDescriptionLookup() ); } diff --git a/sfx2/source/control/shell.cxx b/sfx2/source/control/shell.cxx index 808c0b439a3f..983f36e83b3c 100644 --- a/sfx2/source/control/shell.cxx +++ b/sfx2/source/control/shell.cxx @@ -585,7 +585,7 @@ void SfxShell::SetVerbs(const com::sun::star::uno::Sequence < com::sun::star::em pNewSlot->fnExec = SFX_STUB_PTR(SfxShell,VerbExec); pNewSlot->fnState = SFX_STUB_PTR(SfxShell,VerbState); pNewSlot->pType = 0; // HACK(SFX_TYPE(SfxVoidItem)) ??? - pNewSlot->pName = OUStringToOString( aVerbs[n].VerbName, RTL_TEXTENCODING_UTF8 ).getStr(); + pNewSlot->pName = strdup (OUStringToOString( aVerbs[n].VerbName, RTL_TEXTENCODING_UTF8 ).getStr()); pNewSlot->pLinkedSlot = 0; pNewSlot->nArgDefCount = 0; pNewSlot->pFirstArgDef = 0; diff --git a/sfx2/source/sidebar/Deck.cxx b/sfx2/source/sidebar/Deck.cxx index 63e24dbe95b1..f08173a9ecc9 100644 --- a/sfx2/source/sidebar/Deck.cxx +++ b/sfx2/source/sidebar/Deck.cxx @@ -291,17 +291,17 @@ void Deck::ShowPanel (const Panel& rPanel) -const char* GetWindowClassification (const Window* pWindow) +const OUString& GetWindowClassification (const Window* pWindow) { const OUString& rsName (pWindow->GetText()); if (!rsName.isEmpty()) { - return ::rtl::OUStringToOString(rsName, RTL_TEXTENCODING_ASCII_US).getStr(); + return rsName; } else { - static const char msWindow[] = "window"; - return msWindow; + static const OUString aWindow ("window"); + return aWindow; } } @@ -311,12 +311,12 @@ void Deck::PrintWindowSubTree (Window* pRoot, int nIndentation) static const char* sIndentation = " "; const Point aLocation (pRoot->GetPosPixel()); const Size aSize (pRoot->GetSizePixel()); - const char* sClassification = GetWindowClassification(pRoot); + OUString sClassification = GetWindowClassification(pRoot); const char* sVisible = pRoot->IsVisible() ? "visible" : "hidden"; OSL_TRACE("%s%x %s %s +%d+%d x%dx%d", sIndentation+strlen(sIndentation)-nIndentation*4, pRoot, - sClassification, + OUStringToOString(sClassification, RTL_TEXTENCODING_ASCII_US).getStr(), sVisible, aLocation.X(),aLocation.Y(), aSize.Width(),aSize.Height()); diff --git a/sw/source/ui/vba/vbasystem.cxx b/sw/source/ui/vba/vbasystem.cxx index dc95d82f2d2e..b2de217a8d2d 100644 --- a/sw/source/ui/vba/vbasystem.cxx +++ b/sw/source/ui/vba/vbasystem.cxx @@ -152,10 +152,10 @@ void PrivateProfileStringListener::setValueEvent( const css::uno::Any& value ) lResult = RegCreateKeyEx( hBaseKey, lpSubKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, NULL ); if( ERROR_SUCCESS == lResult ) { - LPCTSTR szValue = TEXT( OUStringToOString( aValue, RTL_TEXTENCODING_UTF8 ).getStr() ); - DWORD cbData = sizeof(TCHAR) * (_tcslen(szValue) + 1); + OString aUTF8Value = OUStringToOString( aValue, RTL_TEXTENCODING_UTF8 ); + DWORD cbData = sizeof(TCHAR) * (_tcslen(aUTF8Value.getStr()) + 1); LPCTSTR lpValueName = TEXT(maKey.getStr()); - lResult = RegSetValueEx( hKey, lpValueName, 0 /* Reserved */, REG_SZ, (LPBYTE)szValue, cbData ); + lResult = RegSetValueEx( hKey, lpValueName, 0 /* Reserved */, REG_SZ, (LPBYTE)aUTF8Value.getStr(), cbData ); RegCloseKey( hKey ); } } diff --git a/unoxml/source/dom/attr.cxx b/unoxml/source/dom/attr.cxx index c7b11e6e06f4..68c5c82a4e6b 100644 --- a/unoxml/source/dom/attr.cxx +++ b/unoxml/source/dom/attr.cxx @@ -180,7 +180,6 @@ namespace DOM OString o1 = OUStringToOString(value, RTL_TEXTENCODING_UTF8); xmlChar* xValue = (xmlChar*)o1.getStr(); - // xmlChar* xName = OUStringToOString(m_aAttrPtr->name, RTL_TEXTENCODING_UTF8).getStr(); // this does not work if the attribute was created anew // xmlNodePtr pNode = m_aAttrPtr->parent; // xmlSetProp(pNode, m_aAttrPtr->name, xValue); diff --git a/unoxml/source/dom/documentbuilder.cxx b/unoxml/source/dom/documentbuilder.cxx index e404a1952b8c..bb8477e3eded 100644 --- a/unoxml/source/dom/documentbuilder.cxx +++ b/unoxml/source/dom/documentbuilder.cxx @@ -317,12 +317,6 @@ namespace DOM ::osl::MutexGuard const g(m_Mutex); - // encoding... - /* - xmlChar *encstr = (xmlChar*) OUStringToOString(src.sEncoding, RTL_TEXTENCODING_UTF8).getStr(); - xmlCharEncoding enc = xmlParseCharEncoding(encstr); - */ - ::boost::shared_ptr const pContext( xmlNewParserCtxt(), xmlFreeParserCtxt); diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx index c73d3e22d206..100685d62aef 100644 --- a/vcl/source/gdi/pdfwriter_impl.cxx +++ b/vcl/source/gdi/pdfwriter_impl.cxx @@ -6039,7 +6039,7 @@ bool PDFWriterImpl::finalizeSignature() HASH_End(hc.get(), digest.data, &digest.len, SHA1_LENGTH); hc.clear(); - const char *pass = OUStringToOString( m_aContext.SignPassword, RTL_TEXTENCODING_UTF8 ).getStr(); + OString pass = OUStringToOString( m_aContext.SignPassword, RTL_TEXTENCODING_UTF8 ); NSSCMSMessage *cms_msg = NSS_CMSMessage_Create(NULL); if (!cms_msg) @@ -6116,7 +6116,7 @@ bool PDFWriterImpl::finalizeSignature() NSSCMSEncoderContext *cms_ecx; //FIXME: Check if password is passed correctly to SEC_PKCS7CreateSignedData function - cms_ecx = NSS_CMSEncoder_Start(cms_msg, NULL, NULL, &cms_output, arena, (PK11PasswordFunc)::PDFSigningPKCS7PasswordCallback, (void *)pass, NULL, NULL, NULL, NULL); + cms_ecx = NSS_CMSEncoder_Start(cms_msg, NULL, NULL, &cms_output, arena, (PK11PasswordFunc)::PDFSigningPKCS7PasswordCallback, (void *)pass.getStr(), NULL, NULL, NULL, NULL); if (!cms_ecx) { -- cgit