[Libreoffice-commits] core.git: vcl/source

Tor Lillqvist tml at collabora.com
Wed Mar 11 04:51:17 PDT 2015 

 vcl/source/gdi/pdfwriter_impl.cxx |    9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

New commits:
commit 90a684b32b93988e890d854deff384addd875de9
Author: Tor Lillqvist <tml at collabora.com>
Date:   Wed Mar 11 09:56:57 2015 +0200

    Move more variables out of the timestamping block
    
    One or more pointers into them apparently gets stored into the NSSCMSMessage
    data structures during the my_NSS_CMSSignerInfo_AddUnauthAttr() call, and thus
    when the variables go out of scope said data can and will be reused for some
    arbitrary other thing, and those pointers in the NSSCMSMessage will point to
    bogus data.
    
    Avoids a crash when compiled with gcc. (No crash when compiled with Clang, it
    apparently allocates nested block stack variables differently.)
    
    (The Windows MSVC build uses a different code path entirely here.)
    
    Change-Id: Ic941d766904a216cce86ee6bd38864801b9110e8

diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index 55a918b..df2e74e 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -6893,6 +6893,10 @@ bool PDFWriterImpl::finalizeSignature()
 
     char *pass(strdup(OUStringToOString( m_aContext.SignPassword, RTL_TEXTENCODING_UTF8 ).getStr()));
 
+    TimeStampReq src;
+    OStringBuffer response_buffer;
+    TimeStampResp response;
+    SECItem response_item;
     NSSCMSAttribute timestamp;
     SECItem values[2];
     SECItem *valuesp = values;
@@ -6963,7 +6967,6 @@ bool PDFWriterImpl::finalizeSignature()
             fclose(out);
         }
 #endif
-        TimeStampReq src;
 
         unsigned char cOne = 1;
         src.version.type = siUnsignedInteger;
@@ -7064,8 +7067,6 @@ bool PDFWriterImpl::finalizeSignature()
             return false;
         }
 
-        OStringBuffer response_buffer;
-
         if ((rc = curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response_buffer)) != CURLE_OK ||
             (rc = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AppendToBuffer)) != CURLE_OK)
         {
@@ -7129,10 +7130,8 @@ bool PDFWriterImpl::finalizeSignature()
         curl_easy_cleanup(curl);
         SECITEM_FreeItem(timestamp_request, PR_TRUE);
 
-        TimeStampResp response;
         memset(&response, 0, sizeof(response));
 
-        SECItem response_item;
         response_item.type = siBuffer;
         response_item.data = reinterpret_cast<unsigned char*>(const_cast<char*>(response_buffer.getStr()));
         response_item.len = response_buffer.getLength();

More information about the Libreoffice-commits mailing list