From ef117cad3a13fda0932bd3da6c032f3499eb9069 Mon Sep 17 00:00:00 2001 From: Mike Kaganski Date: Tue, 23 May 2017 23:57:50 +0300 Subject: tdf#108039: check for nullptr in rtl_uString and OUString rtl_[u]String_newConcat now checks allocation result to return early and avoid SIGSEGV. Other functions are not modified, to keep old behavior relying on allocation success and crashing early on OOM to avoid added overhead in performance-critical places. OUString operator+= now checks rtl_uString_newConcat result and throws std::bad_alloc on failure, to specifically address BASIC problem. It keeps strong exception guarantee of leaving this' state unaltered. Concatenation in BASIC now checks for bad string allocation (previously SIGSEGV was generated). Unit test included. Change-Id: I1513311d3d58eac43b2d2ec9a230e22dff0b4245 Reviewed-on: https://gerrit.libreoffice.org/37965 Reviewed-by: Stephan Bergmann Tested-by: Jenkins --- sal/rtl/strtmpl.cxx | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'sal') diff --git a/sal/rtl/strtmpl.cxx b/sal/rtl/strtmpl.cxx index 6748209fb50f..3ab7698877ad 100644 --- a/sal/rtl/strtmpl.cxx +++ b/sal/rtl/strtmpl.cxx @@ -1507,11 +1507,13 @@ void SAL_CALL IMPL_RTL_STRINGNAME( newConcat )( IMPL_RTL_STRINGDATA** ppThis, { IMPL_RTL_STRINGDATA* pTempStr = IMPL_RTL_STRINGNAME( ImplAlloc )( pLeft->length + pRight->length ); OSL_ASSERT(pTempStr != nullptr); - rtl_str_ImplCopy( pTempStr->buffer, pLeft->buffer, pLeft->length ); - rtl_str_ImplCopy( pTempStr->buffer+pLeft->length, pRight->buffer, pRight->length ); *ppThis = pTempStr; + if (*ppThis != nullptr) { + rtl_str_ImplCopy( pTempStr->buffer, pLeft->buffer, pLeft->length ); + rtl_str_ImplCopy( pTempStr->buffer+pLeft->length, pRight->buffer, pRight->length ); - RTL_LOG_STRING_NEW( *ppThis ); + RTL_LOG_STRING_NEW( *ppThis ); + } } /* must be done last, if left or right == *ppThis */ -- cgit