[Libreoffice-commits] core.git: sc/source

Caolán McNamara caolanm at redhat.com
Fri Nov 3 09:03:16 UTC 2017 

 sc/source/filter/rtf/rtfparse.cxx |    2 ++
 1 file changed, 2 insertions(+)

New commits:
commit 26bd20f5f350a8438fb2ff19fd92c7ba2a84bf48
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Thu Nov 2 16:48:10 2017 +0000

    crash on loading tdf77861-3.rtf in calc rtf filter
    
    pActDefault is either pInsDefault or a member of maDefaultList,
    so clear it if its not pInsDefault at this location
    
     ScRTFParser::ProcToken(RtfImportInfo*) (rtfparse.cxx:332)
     ScRTFParser::RTFImportHdl(RtfImportInfo&) (rtfparse.cxx:160)
     ScRTFParser::LinkStubRTFImportHdl(void*, RtfImportInfo&) (rtfparse.cxx:155)
     Link<RtfImportInfo&, void>::Call(RtfImportInfo&) const (link.hxx:84)
     EditEngine::CallRtfImportHandler(RtfImportInfo&) (editeng.cxx:2770)
     EditRTFParser::NextToken(int) (eertfpar.cxx:231)
     SvRTFParser::Continue(int) (parrtf.cxx:643)
     SvxRTFParser::Continue(int) (svxrtf.cxx:128)
     SvRTFParser::CallParser() (parrtf.cxx:574)
     SvxRTFParser::CallParser() (svxrtf.cxx:123)
     EditRTFParser::CallParser() (eertfpar.cxx:112)
     ImpEditEngine::ReadRTF(SvStream&, EditSelection) (impedit4.cxx:161)
    Address is 52 bytes inside a block of size 56 free'd
     std::default_delete<ScRTFCellDefault>::operator()(ScRTFCellDefault*) const (unique_ptr.h:76)
     std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >::~unique_ptr() (unique_ptr.h:239)
     void std::_Destroy<std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> > >(std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >*) (stl_construct.h:93)
     void std::_Destroy_aux<false>::__destroy<std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >*>(std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >*, std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >*) (stl_construct.h:103)
     void std::_Destroy<std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >*>(std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >*, std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >*) (stl_construct.h:126)
     void std::_Destroy<std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >*, std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> > >(std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >*, std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >*, std::allocator<std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> > >&) (stl_construct.h:151)
     std::__cxx1998::vector<std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >, std::allocator<std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> > > >::_M_erase_at_end(std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >*) (stl_vector.h:1436)
     std::__cxx1998::vector<std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >, std::allocator<std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> > > >::clear() (stl_vector.h:1210)
     std::__debug::vector<std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> >, std::allocator<std::unique_ptr<ScRTFCellDefault, std::default_delete<ScRTFCellDefault> > > >::clear() (vector:690)
     ScRTFParser::ProcToken(RtfImportInfo*) (rtfparse.cxx:274)
     ScRTFParser::RTFImportHdl(RtfImportInfo&) (rtfparse.cxx:160)
    
    Change-Id: I36624a76ddb01f0d26d38f708af6b910384ad7fd
    Reviewed-on: https://gerrit.libreoffice.org/44225
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/sc/source/filter/rtf/rtfparse.cxx b/sc/source/filter/rtf/rtfparse.cxx
index ceab38517666..49ad81fcb518 100644
--- a/sc/source/filter/rtf/rtfparse.cxx
+++ b/sc/source/filter/rtf/rtfparse.cxx
@@ -271,6 +271,8 @@ void ScRTFParser::ProcToken( RtfImportInfo* pInfo )
                 nLastWidth = maDefaultList.back()->nTwips;
 
             nColCnt = 0;
+            if (pActDefault != pInsDefault)
+                pActDefault = nullptr;
             maDefaultList.clear();
             pDefMerge = nullptr;
             nRtfLastToken = pInfo->nToken;

More information about the Libreoffice-commits mailing list