[REVIEW] fix for fdo#46825, crash copying a chart
Stephan Bergmann
sbergman at redhat.com
Thu Mar 8 11:42:36 PST 2012
On 03/08/2012 10:06 AM, Stephan Bergmann wrote:
> On 03/03/2012 01:08 AM, Markus Mohrhard wrote:
>> [1] fixes a crash when you copy a chart in the document. The problem
>> is that you should not create a uno::Sequence with new because the
>> uno::Sequence copy c'tor is creating a flat copy. This will later
>> result in a double delete.
>>
>> I think the patch is quite save and fixes a crash and therefore should
>> be included into at least 3-5 and if still possible in 3-5-1.
>>
>> Regards,
>> Markus
>>
>> [1]
>> http://cgit.freedesktop.org/libreoffice/core/commit/?id=8f2d3c47ad40039a842fa09d98137155dcfdfe9e
>>
>
> While changing from a pointer-to-Sequence member to a plain Sequence
> member is probably a good choice, anyway (as Sequence itself is nothing
> more than a pointer to the underlying uno_Sequence data structure), I do
> not see how the original code was actually wrong: The Sequence copy ctor
> increases the shared _pSequence->nRefCount, while delete, via Sequence
> dtor, uno_type_destructData, _destructData, and idestructSequence
> decrements nRefCount again, and destroys the shared uno_Sequence only
> when the ref count has dropped to zero.
The real issue was the SchXMLCell assignment operator (which has become
a non-issue with the fix, of course, making the compiler-generated one
behave correctly now).
Stephan
More information about the LibreOffice
mailing list