[Libreoffice-commits] core.git: vcl/inc vcl/win

Tue Jun 3 21:26:54 PDT 2014

vcl/inc/win/saldata.hxx       |    2 ++
 vcl/win/source/gdi/salgdi.cxx |    7 +++++++
 2 files changed, 9 insertions(+)

New commits:
commit dacab84536f61f79a5422e1d8d394019ec62f3ec
Author: Tor Lillqvist <tml at collabora.com>
Date:   Tue Jun 3 23:36:18 2014 +0300

    Avoid accessing freed memory and freeing already freed resources
    
    Seen in smoketest in a 4.2-based branch, but might perhaps happen in master
    too. Should not hurt in any case to be more careful. ImplFreeSalGDI() is
    called both from SalAbort() and from DestroySalInstance().
    
    Change-Id: Ifac37e8ecfb432848bd3451dbda8634c59a06fba

diff --git a/vcl/inc/win/saldata.hxx b/vcl/inc/win/saldata.hxx
index ec4b39a..f0c5e33 100644
--- a/vcl/inc/win/saldata.hxx
+++ b/vcl/inc/win/saldata.hxx
@@ -70,6 +70,8 @@ public:
     // checks if the menuhandle was created by VCL
     bool    IsKnownMenuHandle( HMENU hMenu );
 
+    bool                    mbResourcesAlreadyFreed;
+
 public:
     HINSTANCE               mhInst;                 // default instance handle
     HINSTANCE               mhPrevInst;             // previous instance handle
diff --git a/vcl/win/source/gdi/salgdi.cxx b/vcl/win/source/gdi/salgdi.cxx
index 31af876..50c0f8e 100644
--- a/vcl/win/source/gdi/salgdi.cxx
+++ b/vcl/win/source/gdi/salgdi.cxx
@@ -113,6 +113,8 @@ void ImplInitSalGDI()
 {
     SalData* pSalData = GetSalData();
 
+    pSalData->mbResourcesAlreadyFreed = false;
+
     // init stock brushes
     pSalData->maStockPenColorAry[0]     = PALETTERGB( 0, 0, 0 );
     pSalData->maStockPenColorAry[1]     = PALETTERGB( 0xFF, 0xFF, 0xFF );
@@ -290,6 +292,9 @@ void ImplFreeSalGDI()
 {
     SalData*    pSalData = GetSalData();
 
+    if (pSalData->mbResourcesAlreadyFreed)
+        return;
+
     // destroy stock objects
     int i;
     for ( i = 0; i < pSalData->mnStockPenCount; i++ )
@@ -356,6 +361,8 @@ void ImplFreeSalGDI()
 
     // delete temporary font list
     ImplReleaseTempFonts( *pSalData );
+
+    pSalData->mbResourcesAlreadyFreed = true;
 }
 
 static int ImplIsPaletteEntry( BYTE nRed, BYTE nGreen, BYTE nBlue )
