[PATCH] [REVIEW:3-5] fdo#50372 crash on timestamp primary key
Lionel Elie Mamane
lionel at mamane.lu
Fri Jun 1 23:15:21 PDT 2012
On Fri, Jun 01, 2012 at 05:15:57PM +0200, Lionel Elie Mamane wrote:
> Attached patch fixes a crash when a row fails to refresh
> correctly. (...)
The crash was as follows:
When doTryRefetch_throw fails (but does not throw an exception),
m_aKeyIter is incremented. In the case where after increment it
becomes m_aKeyMap.end(), then the recursive call (refreshRow()) goes
as follows:
if(isBeforeFirst() || isAfterLast() || !m_xStatement.is())
return;
But isAferLast() is "m_aKeyIter == m_aKeyMap.end() &&
m_bRowCountFinal", so in the case that !m_bRowCountFinal, execution
continues with:
if ( m_aKeyIter->second.second.second.is() )
Bang, this dereferences m_aKeyMap.end(), which calls SIGABRT, which is
a crash.
After the patch, before the recursive call, fetchRow() is called. This
will either set m_aKeyIter to a valid (dereferencable) value or set
m_bRowCountFinal, which will keep the recursive call from
dereferencing m_aKeyIter.
--
Lionel
More information about the LibreOffice
mailing list