[PATCH] fdo#47436: FILEOPEN: Writer crashes when it opens an odt file produced by JasperReport
Dézsi Szabolcs
dezsiszabi at hotmail.com
Thu Apr 19 15:51:28 PDT 2012
Hi!
https://bugs.freedesktop.org/show_bug.cgi?id=47436
Hi!
editeng/source/items/frmitems.cxx:1954
1951: for (int n(0); n != SAL_N_ELEMENTS(aBorders); ++n)
1952: {
1953: editeng::SvxBorderLine* pLine = const_cast< editeng::SvxBorderLine*
>( GetLine( aBorders[n] ) );
1954: pLine->SetStyle( eBorderStyle );
1956: }
Here pLine is a NULL pointer, so calling its member function (SetStyle) causes
SIGSEGV.
aBorders is just an array with 4 elements: { BOX_LINE_LEFT, BOX_LINE_RIGHT, BOX_LINE_BOTTOM, BOX_LINE_TOP }
GetLine returns pLeft, pTop, pRight, pBottom. All of these are NULL pointers in this case.
These get their values in sw/source/core/unocore/unoframe.cxx (from line 370)
370: const ::uno::Any* pLeft = 0;
371: GetProperty(RES_BOX, LEFT_BORDER |CONVERT_TWIPS, pLeft );
pLeft remains NULL after this (and pTop, pRight, pBottom too)
so these:
396: SvxBoxItem aBox ( static_cast < const :: SvxBoxItem & > ( rFromSet.Get ( RES_BOX ) ) );
397: if( pLeft )
398: bRet &= ((SfxPoolItem&)aBox).PutValue(*pLeft, CONVERT_TWIPS|LEFT_BORDER );
are not executed, and aBox's pLeft (etc) members remain NULLs.
but this:
415: if( pLineStyle )
416: bRet &= ((SfxPoolItem&)aBox).PutValue(*pLineStyle, LINE_STYLE);
gets executed, and this has a call to pLine->SetStyle (line 1954 mentioned earlier)
Putting 'if( pLine )' before line 1954 causes LO to load the document.
PS.: Like on bug's page. It isn't sure that the odt is valid, but it shouldn't crash anyway.
Szabolcs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/libreoffice/attachments/20120420/cae0e276/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Workaround-for-Bug-47436-Crash-while-opening-odt-fil.patch
Type: text/x-patch
Size: 1044 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/libreoffice/attachments/20120420/cae0e276/attachment.bin>
More information about the LibreOffice
mailing list