From d1378b92c6697c09def7b3db8b36c3cf883b55c4 Mon Sep 17 00:00:00 2001 From: Miklos Vajna Date: Tue, 11 Feb 2020 21:06:06 +0100 Subject: vcl: fix UB in Window::ImplGetFirstOverlapWindow() mpWindowImpl can be nullptr here, see online.git's unit-load-torture test: vcl/source/window/window2.cxx:882:24: runtime error: member access within null pointer of type 'WindowImpl' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior vcl/source/window/window2.cxx:882:24 in Surrouding code already checks for nullptr mpWindowImpl, so fix it directly where the problem is reported, not a caller. (Also fix a similar case in Window::ImplCallFocusChangeActivate().) Change-Id: I34dee0fd49483c428a78fd48b54c00b2f0a26417 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88474 Tested-by: Jenkins Reviewed-by: Miklos Vajna --- vcl/source/window/event.cxx | 10 ++++++++++ vcl/source/window/window2.cxx | 5 +++++ 2 files changed, 15 insertions(+) (limited to 'vcl/source/window') diff --git a/vcl/source/window/event.cxx b/vcl/source/window/event.cxx index 31733682c18f..a31964ecd7fd 100644 --- a/vcl/source/window/event.cxx +++ b/vcl/source/window/event.cxx @@ -588,7 +588,17 @@ void Window::ImplCallFocusChangeActivate( vcl::Window* pNewOverlapWindow, bool bCallActivate = true; bool bCallDeactivate = true; + if (!pOldOverlapWindow) + { + return; + } + pOldRealWindow = pOldOverlapWindow->ImplGetWindow(); + if (!pNewOverlapWindow) + { + return; + } + pNewRealWindow = pNewOverlapWindow->ImplGetWindow(); if ( (pOldRealWindow->GetType() != WindowType::FLOATINGWINDOW) || pOldRealWindow->GetActivateMode() != ActivateModeFlags::NONE ) diff --git a/vcl/source/window/window2.cxx b/vcl/source/window/window2.cxx index 685b77a15666..d8aca4adc5eb 100644 --- a/vcl/source/window/window2.cxx +++ b/vcl/source/window/window2.cxx @@ -879,6 +879,11 @@ vcl::Window* Window::ImplGetBorderWindow() const vcl::Window* Window::ImplGetFirstOverlapWindow() { + if (!mpWindowImpl) + { + return nullptr; + } + if ( mpWindowImpl->mbOverlapWin ) return this; else -- cgit