[Libreoffice-commits] core.git: sw/source

Stephan Bergmann sbergman at redhat.com
Tue Sep 1 00:12:36 PDT 2015 

 sw/source/filter/ww8/ww8graf.cxx  |    2 +-
 sw/source/filter/ww8/ww8graf2.cxx |    2 +-
 sw/source/filter/ww8/ww8par.hxx   |    2 +-
 sw/source/filter/ww8/ww8par4.cxx  |    6 +++---
 4 files changed, 6 insertions(+), 6 deletions(-)

New commits:
commit 3b1ab016386cebe14435d79ec8693e3c7339a7df
Author: Stephan Bergmann <sbergman at redhat.com>
Date:   Tue Sep 1 09:08:21 2015 +0200

    -fsanitize=null
    
    ...as happens in CppunitTest_sw_filters_test with
    sw/qa/core/data/ww8/pass/CVE-2015-2431-1.doc:
    
    > sw/source/filter/ww8/ww8par4.cxx:294:76: runtime error: reference binding to null pointer of type 'const SfxItemSet'
    >  SwWW8ImplReader::ImportOle(Graphic const*, SfxItemSet const*, SfxItemSet const*, Rectangle const&) sw/source/filter/ww8/ww8par4.cxx:294:23
    >  SwWW8ImplReader::ReadChar(long, long) sw/source/filter/ww8/ww8par.cxx:3611:35
    >  SwWW8ImplReader::ReadChars(int&, int, long, long) sw/source/filter/ww8/ww8par.cxx:3436:27
    >  SwWW8ImplReader::ReadText(int, int, ManTypes) sw/source/filter/ww8/ww8par.cxx:3974:22
    >  SwWW8ImplReader::CoreLoad(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:5175:9
    >  SwWW8ImplReader::LoadThroughDecryption(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:5773:19
    >  SwWW8ImplReader::LoadDoc(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:6045:19
    >  WW8Reader::Read(SwDoc&, rtl::OUString const&, SwPaM&, rtl::OUString const&) sw/source/filter/ww8/ww8par.cxx:6167:20
    >  SwReader::Read(Reader const&) sw/source/filter/basflt/shellio.cxx:175:18
    >  SwDocShell::ConvertFrom(SfxMedium&) sw/source/uibase/app/docsh.cxx:258:22
    >  SfxObjectShell::DoLoad(SfxMedium*) sfx2/source/doc/objstor.cxx:790:23
    >  SwFiltersTest::filter(rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned int, bool) sw/qa/core/filters-test.cxx:112:20
    
    Change-Id: I4482bc5d8e0c2646e7c8667a231a78311b557e89

diff --git a/sw/source/filter/ww8/ww8graf.cxx b/sw/source/filter/ww8/ww8graf.cxx
index d37be70..f6078e9 100644
--- a/sw/source/filter/ww8/ww8graf.cxx
+++ b/sw/source/filter/ww8/ww8graf.cxx
@@ -3026,7 +3026,7 @@ SwFlyFrameFormat* SwWW8ImplReader::ImportReplaceableDrawables( SdrObject* &rpObj
 
     OUString aObjectName(rpObject->GetName());
     if (OBJ_OLE2 == SdrObjKind(rpObject->GetObjIdentifier()))
-        pRetFrameFormat = InsertOle(*static_cast<SdrOle2Obj*>(rpObject), rFlySet, aGrSet);
+        pRetFrameFormat = InsertOle(*static_cast<SdrOle2Obj*>(rpObject), rFlySet, &aGrSet);
     else
     {
         const SdrGrafObj *pGrf = static_cast<const SdrGrafObj*>(rpObject);
diff --git a/sw/source/filter/ww8/ww8graf2.cxx b/sw/source/filter/ww8/ww8graf2.cxx
index 2c1182d..91717f8 100644
--- a/sw/source/filter/ww8/ww8graf2.cxx
+++ b/sw/source/filter/ww8/ww8graf2.cxx
@@ -642,7 +642,7 @@ SwFrameFormat* SwWW8ImplReader::ImportGraf(SdrTextObj* pTextObj,
                     if (sal_uInt16(OBJ_OLE2) == pObject->GetObjIdentifier())
                     {
                         // the size from BLIP, if there is any, should be already set
-                        pRet = InsertOle(*static_cast<SdrOle2Obj*>(pObject), aAttrSet, aGrSet);
+                        pRet = InsertOle(*static_cast<SdrOle2Obj*>(pObject), aAttrSet, &aGrSet);
                     }
                     else
                     {
diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx
index 84541fd..a0d7202 100644
--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -1522,7 +1522,7 @@ private:
     SwFrameFormat* ImportOle( const Graphic* = 0, const SfxItemSet* pFlySet = 0,
         const SfxItemSet* pGrfSet = 0, const Rectangle& aVisArea = Rectangle() );
     SwFlyFrameFormat* InsertOle(SdrOle2Obj &rObject, const SfxItemSet &rFlySet,
-        const SfxItemSet &rGrfSet);
+        const SfxItemSet *rGrfSet);
 
     bool ImportFormulaControl(WW8FormulaControl &rBox,WW8_CP nStart,
         SwWw8ControlType nWhich);
diff --git a/sw/source/filter/ww8/ww8par4.cxx b/sw/source/filter/ww8/ww8par4.cxx
index 5ef7a77..1aeaacb 100644
--- a/sw/source/filter/ww8/ww8par4.cxx
+++ b/sw/source/filter/ww8/ww8par4.cxx
@@ -198,7 +198,7 @@ static bool SwWw6ReadMacPICTStream(Graphic& rGraph, tools::SvRef<SotStorage>& rS
 }
 
 SwFlyFrameFormat* SwWW8ImplReader::InsertOle(SdrOle2Obj &rObject,
-    const SfxItemSet &rFlySet, const SfxItemSet &rGrfSet)
+    const SfxItemSet &rFlySet, const SfxItemSet *rGrfSet)
 {
     SfxObjectShell *pPersist = m_rDoc.GetPersist();
     OSL_ENSURE(pPersist, "No persist, cannot insert objects correctly");
@@ -238,7 +238,7 @@ SwFlyFrameFormat* SwWW8ImplReader::InsertOle(SdrOle2Obj &rObject,
     if (bSuccess)
     {
         const SfxItemSet *pFlySet = pMathFlySet ? pMathFlySet : &rFlySet;
-        pRet = m_rDoc.getIDocumentContentOperations().InsertOLE(*m_pPaM, sNewName, rObject.GetAspect(), pFlySet, &rGrfSet, 0);
+        pRet = m_rDoc.getIDocumentContentOperations().InsertOLE(*m_pPaM, sNewName, rObject.GetAspect(), pFlySet, rGrfSet, 0);
     }
     delete pMathFlySet;
     return pRet;
@@ -291,7 +291,7 @@ SwFrameFormat* SwWW8ImplReader::ImportOle(const Graphic* pGrf,
     {
         if (pRet->ISA(SdrOle2Obj))
         {
-            pFormat = InsertOle(*static_cast<SdrOle2Obj*>(pRet), *pFlySet, *pGrfSet);
+            pFormat = InsertOle(*static_cast<SdrOle2Obj*>(pRet), *pFlySet, pGrfSet);
             SdrObject::Free( pRet );        // das brauchen wir nicht mehr
         }
         else

More information about the Libreoffice-commits mailing list