[Libreoffice-commits] core.git: sw/source
Stephan Bergmann
sbergman at redhat.com
Thu Aug 21 04:35:45 PDT 2014
sw/source/core/layout/frmtool.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 98fba3ab3675e19a1260d4e2cddd4bfd6c005118
Author: Stephan Bergmann <sbergman at redhat.com>
Date: Thu Aug 21 13:27:08 2014 +0200
Check pTmpFrm->GetType(), not nFrmType, for FRM_FLY
...as nFrmType need not match pTmpFrm->GetType() exactly, but can e.g. be
USHORT_MAX when GetFrmOfModify is called from SwFrmFmt::FindLayoutRect
(sw/source/core/layout/atrfrm.cxx). It is probably good luck that the two
comparisons against FAR_AWAY made it too unlikely for the if's true branch to
ever be taken for a pTmpFrm that is not actually a SwFlyFrm. Found the bug when
running CppunitTest_sw_ooxmlexport2 under -fsanitize=undefined, where
((SwFlyFrm*)pTmpFrm)->GetAnchorFrm()
was called for a pTmpFrm of type SwTabFrm.
Change-Id: Ia886a809bdb82488c3f410be66cf827b3f723c55
diff --git a/sw/source/core/layout/frmtool.cxx b/sw/source/core/layout/frmtool.cxx
index 663551f..aabdd39 100644
--- a/sw/source/core/layout/frmtool.cxx
+++ b/sw/source/core/layout/frmtool.cxx
@@ -3279,7 +3279,7 @@ SwFrm* GetFrmOfModify( const SwRootFrm* pLayout, SwModify const& rMod, sal_uInt1
}
// for Flys go via the parent if the Fly is not yet "formatted"
- if( !bCalcFrm && nFrmType & FRM_FLY &&
+ if( !bCalcFrm && pTmpFrm->GetType() & FRM_FLY &&
((SwFlyFrm*)pTmpFrm)->GetAnchorFrm() &&
FAR_AWAY == pTmpFrm->Frm().Pos().getX() &&
FAR_AWAY == pTmpFrm->Frm().Pos().getY() )
More information about the Libreoffice-commits
mailing list