From 619d022fb0e01a2073b6c2635e2e8dc1c29162bc Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Thu, 1 Jun 2023 12:32:57 +0100 Subject: take a copy of SwAccessibleParagraph::GetString() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit take a copy of this a11y and not a reference it is not guaranteed that listeners to the a11y events called by FireAccessibleEvent will themselves not call anything which could end up calling ClearPortionData which would leave rText pointing to old released memory seen in the wild with: ==15145==ERROR: AddressSanitizer: heap-use-after-free program/../program/libswlo.so rtl::OUString::equals(rtl::OUString const&) const builddir/libreoffice/include/rtl/ustring.hxx:952 program/../program/libswlo.so rtl::operator==(rtl::OUString const&, rtl::OUString const&) builddir/libreoffice/include/rtl/ustring.hxx:1713 program/../program/libswlo.so SwAccessibleContext::InvalidatePosOrSize(SwRect const&) builddir/libreoffice/sw/source/core/access/acccontext.cxx:1196 and previously allocated by thread T0 here: program/../program/libswlo.so SwAccessibleParagraph::UpdatePortionData() builddir/libreoffice/sw/source/core/access/accpara.cxx:442 with free of: program/../program/libswlo.so std::default_delete::operator()(SwAccessiblePortionData*) const gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:78 program/../program/libswlo.so SwAccessibleParagraph::ClearPortionData() builddir/libreoffice/sw/source/core/access/accpara.cxx:451 program/../program/libswlo.so SwAccessibleParagraph::getCaretPosition() builddir/libreoffice/sw/source/core/access/accpara.cxx:1016 program/libmergedlo.so LOKDocumentFocusListener::updateParagraphInfo(com::sun::star::uno::Reference const&, bool, std::__cxx11::basic_string, std::allocator >) builddir/libreoffice/sfx2/source/view/viewsh.cxx:685 Change-Id: I72c9894ca842b8f040b27481f0fd8d56542eb530 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152486 Tested-by: Caolán McNamara Reviewed-by: Caolán McNamara --- sw/source/core/access/accpara.cxx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'sw/source') diff --git a/sw/source/core/access/accpara.cxx b/sw/source/core/access/accpara.cxx index 05bbacfbbd2a..bf88bda18bc4 100644 --- a/sw/source/core/access/accpara.cxx +++ b/sw/source/core/access/accpara.cxx @@ -249,16 +249,16 @@ void SwAccessibleParagraph::InvalidateContent_( bool bVisibleDataFired ) ClearPortionData(); - const OUString& rText = GetString(); + const OUString sText = GetString(); - if( rText != sOldText ) + if( sText != sOldText ) { // The text is changed AccessibleEventObject aEvent; aEvent.EventId = AccessibleEventId::TEXT_CHANGED; - // determine exact changes between sOldText and rText - (void)comphelper::OCommonAccessibleText::implInitTextChangedEvent(sOldText, rText, + // determine exact changes between sOldText and sText + (void)comphelper::OCommonAccessibleText::implInitTextChangedEvent(sOldText, sText, aEvent.OldValue, aEvent.NewValue); @@ -301,7 +301,7 @@ void SwAccessibleParagraph::InvalidateContent_( bool bVisibleDataFired ) FireAccessibleEvent( aEvent ); } - if( rText == sOldText ) + if( sText == sOldText ) return; OUString sNewDesc( GetDescription() ); -- cgit