[Libreoffice-commits] core.git: 2 commits - formula/source sw/source

Caolán McNamara caolanm at redhat.com
Thu Apr 30 01:39:27 PDT 2015 

 formula/source/core/api/FormulaCompiler.cxx |    7 +++++--
 sw/source/core/inc/frame.hxx                |    2 +-
 sw/source/core/layout/sectfrm.cxx           |    9 ++++++---
 sw/source/core/layout/wsfrm.cxx             |    4 +++-
 4 files changed, 15 insertions(+), 7 deletions(-)

New commits:
commit e80f1f1987d7be27f1b4277ddc0a12f348fa53d6
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Thu Apr 30 09:13:53 2015 +0100

    coverity#1296214 Dereference null return value
    
    Change-Id: Ifc82f42ff8d82cfe094701ace57ff7cadabc59d9

diff --git a/formula/source/core/api/FormulaCompiler.cxx b/formula/source/core/api/FormulaCompiler.cxx
index dac5283..7319c34 100644
--- a/formula/source/core/api/FormulaCompiler.cxx
+++ b/formula/source/core/api/FormulaCompiler.cxx
@@ -1875,10 +1875,13 @@ const FormulaToken* FormulaCompiler::CreateStringFromToken( OUStringBuffer& rBuf
                     const FormulaToken* const p = pArr->PeekNext();
                     if (p && p->GetOpCode() == ocTableRefOpen)
                     {
-                        t = pArr->Next();
                         int nLevel = 0;
                         do
                         {
+                            t = pArr->Next();
+                            if (!t)
+                                break;
+
                             // Switch cases correspond with those in
                             // ScCompiler::HandleTableRef()
                             switch (t->GetOpCode())
@@ -1903,7 +1906,7 @@ const FormulaToken* FormulaCompiler::CreateStringFromToken( OUStringBuffer& rBuf
                                     nLevel = 0;
                                     bNext = false;
                             }
-                        } while (nLevel && (t = pArr->Next()));
+                        } while (nLevel);
                     }
                 }
                 break;
commit c9a54162f5c61f8dc0173d742e7e1641670ce7ab
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Thu Apr 30 09:11:18 2015 +0100

    coverity#1296217 Use after free
    
    Change-Id: I6af270f1c7ae5348b96a1fb2948b6aa675d39ace

diff --git a/sw/source/core/inc/frame.hxx b/sw/source/core/inc/frame.hxx
index 6df4a5a..fe3ec91 100644
--- a/sw/source/core/inc/frame.hxx
+++ b/sw/source/core/inc/frame.hxx
@@ -445,7 +445,7 @@ public:
     void InsertBehind( SwLayoutFrm *pParent, SwFrm *pBefore );
     // insert before pBehind or at the end of the chain while considering
     // the siblings of pSct
-    void InsertGroupBefore( SwFrm* pParent, SwFrm* pWhere, SwFrm* pSct );
+    bool InsertGroupBefore( SwFrm* pParent, SwFrm* pWhere, SwFrm* pSct );
     void RemoveFromLayout();
 
     // For internal use only - who ignores this will be put in a sack and has
diff --git a/sw/source/core/layout/sectfrm.cxx b/sw/source/core/layout/sectfrm.cxx
index 02c4526..144973b 100644
--- a/sw/source/core/layout/sectfrm.cxx
+++ b/sw/source/core/layout/sectfrm.cxx
@@ -352,9 +352,12 @@ void SwSectionFrm::Paste( SwFrm* pParent, SwFrm* pSibling )
         if( pSect->GetFollow() )
             pParent->_InvalidateSize();
 
-        InsertGroupBefore( pParent, pSibling, pSect );
-        pSect->Init();
-        (pSect->*fnRect->fnMakePos)( pSect->GetUpper(), pSect->GetPrev(), true);
+        const bool bInserted = InsertGroupBefore( pParent, pSibling, pSect );
+        if (bInserted)
+        {
+            pSect->Init();
+            (pSect->*fnRect->fnMakePos)( pSect->GetUpper(), pSect->GetPrev(), true);
+        }
         if( !static_cast<SwLayoutFrm*>(pParent)->Lower() )
         {
             SwSectionFrm::MoveCntntAndDelete( static_cast<SwSectionFrm*>(pParent), false );
diff --git a/sw/source/core/layout/wsfrm.cxx b/sw/source/core/layout/wsfrm.cxx
index faf7243..57f81cc 100644
--- a/sw/source/core/layout/wsfrm.cxx
+++ b/sw/source/core/layout/wsfrm.cxx
@@ -593,7 +593,7 @@ void SwFrm::InsertBehind( SwLayoutFrm *pParent, SwFrm *pBefore )
  * The purpose is: a SectionFrm (this) won't become a child of another SectionFrm (pParent), but
  * pParent gets split into two siblings (pParent+pSect) and this is inserted between.
  */
-void SwFrm::InsertGroupBefore( SwFrm* pParent, SwFrm* pBehind, SwFrm* pSct )
+bool SwFrm::InsertGroupBefore( SwFrm* pParent, SwFrm* pBehind, SwFrm* pSct )
 {
     OSL_ENSURE( pParent, "No parent for insert." );
     OSL_ENSURE( (!pBehind || ( (pBehind && (pParent == pBehind->GetUpper()))
@@ -656,6 +656,7 @@ void SwFrm::InsertGroupBefore( SwFrm* pParent, SwFrm* pBehind, SwFrm* pSct )
         {
             OSL_ENSURE( pSct->IsSctFrm(), "InsertGroup: For SectionFrms only" );
             SwFrm::DestroyFrm(pSct);
+            return false;
         }
     }
     else
@@ -690,6 +691,7 @@ void SwFrm::InsertGroupBefore( SwFrm* pParent, SwFrm* pBehind, SwFrm* pSct )
                 mpUpper->m_pLower = this;
         }
     }
+    return true;
 }
 
 void SwFrm::RemoveFromLayout()

More information about the Libreoffice-commits mailing list