[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-5.3' - 10 commits - filter/source sc/source sw/inc sw/source vcl/source
Caolán McNamara
caolanm at redhat.com
Mon Nov 27 13:12:55 UTC 2017
filter/source/graphicfilter/icgm/class7.cxx | 45 ++++++++++++++++----------
filter/source/graphicfilter/idxf/dxftblrd.cxx | 9 ++++-
sc/source/core/tool/compiler.cxx | 6 ++-
sc/source/filter/inc/formel.hxx | 30 ++++++++++++++---
sw/inc/redline.hxx | 3 +
sw/source/core/doc/DocumentRedlineManager.cxx | 2 -
sw/source/core/doc/docredln.cxx | 12 +++---
sw/source/filter/ww8/ww8par.cxx | 6 +--
sw/source/filter/ww8/ww8par.hxx | 1
sw/source/uibase/shells/textfld.cxx | 2 -
vcl/source/filter/ixpm/xpmread.cxx | 3 +
vcl/source/gdi/pngread.cxx | 8 +++-
12 files changed, 89 insertions(+), 38 deletions(-)
New commits:
commit bbf087bd267f19c6b4b6f537efaa9adb9fb67748
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Nov 13 16:03:28 2017 +0000
ofz: compare against available data len
Reviewed-on: https://gerrit.libreoffice.org/44688
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: David Tardon <dtardon at redhat.com>
(cherry picked from commit 7e3572833b8ce0c9d2b92130df099a8bbbe95c4d)
Change-Id: I407e104e08aa393d66ed5c6baf5e0b0ab2d361bd
diff --git a/filter/source/graphicfilter/icgm/class7.cxx b/filter/source/graphicfilter/icgm/class7.cxx
index a18c5fd30272..1d5f442b7427 100644
--- a/filter/source/graphicfilter/icgm/class7.cxx
+++ b/filter/source/graphicfilter/icgm/class7.cxx
@@ -30,16 +30,23 @@ void CGM::ImplDoClass7()
case 0x01 : /*Message */break;
case 0x02 :
{
- sal_uInt8* pAppData = mpSource + 12;
+ if (mpEndValidSource - mpSource < 12)
+ throw css::uno::Exception("attempt to read past end of input", nullptr);
+
sal_uInt16* pTemp = reinterpret_cast<sal_uInt16*>(mpSource);
sal_uInt16 nOpcode = pTemp[ 4 ];
+ sal_uInt8* pAppData = mpSource + 12;
+
if ( mpChart || ( nOpcode == 0 ) )
{
switch ( nOpcode )
{
case 0x000 : /*AppData - Beginning of File Opcodes*/
{
+ if (mpEndValidSource - pAppData < 4)
+ throw css::uno::Exception("attempt to read past end of input", nullptr);
+
if ( mpChart == nullptr )
mpChart = new CGMChart;
mpChart->mnCurrentFileType = pAppData[ 3 ];
@@ -68,6 +75,9 @@ void CGM::ImplDoClass7()
case 0x262 : /*AppData - ENDGROUP */break;
case 0x264 : /*AppData - DATANODE*/
{
+ if (static_cast<size_t>(mpEndValidSource - pAppData) < sizeof(DataNode))
+ throw css::uno::Exception("attempt to read past end of input", nullptr);
+
mpChart->mDataNode[ 0 ] = *reinterpret_cast<DataNode*>( pAppData );
sal_Int8 nZoneEnum = mpChart->mDataNode[ 0 ].nZoneEnum;
if ( nZoneEnum && ( nZoneEnum <= 6 ) )
@@ -76,25 +86,25 @@ void CGM::ImplDoClass7()
break;
case 0x2BE : /*AppData - SHWSLIDEREC*/
{
- if ( mnMode & CGM_EXPORT_IMPRESS )
+ if (mpEndValidSource - pAppData < 16)
+ throw css::uno::Exception("attempt to read past end of input", nullptr);
+
+ if ( pAppData[ 16 ] == 0 ) // a blank template ?
{
- if ( pAppData[ 16 ] == 0 ) // a blank template ?
+ if ( pAppData[ 2 ] == 46 )
{
- if ( pAppData[ 2 ] == 46 )
- {
- // this starts the document -> maybe we could insert a new document
- }
- else if ( pAppData[ 2 ] & 0x80 )
- {
- // this is a template
- }
- else
- {
- mpOutAct->InsertPage();
- }
+ // this starts the document -> maybe we could insert a new document
+ }
+ else if ( pAppData[ 2 ] & 0x80 )
+ {
+ // this is a template
+ }
+ else
+ {
+ mpOutAct->InsertPage();
}
- mpChart->ResetAnnotation();
}
+ mpChart->ResetAnnotation();
}
break;
case 0x2C0 : /*AppData - SHWKEYTABLE */break;
@@ -104,6 +114,9 @@ void CGM::ImplDoClass7()
case 0x2CA : /*AppData - SHWAPP */break;
case 0x320 : /*AppData - TEXT*/
{
+ if (mpEndValidSource - pAppData < 9)
+ throw css::uno::Exception("attempt to read past end of input", nullptr);
+
TextEntry* pTextEntry = new TextEntry;
pTextEntry->nTypeOfText = *(reinterpret_cast<sal_uInt16*>( pAppData ) );
pTextEntry->nRowOrLineNum = *(reinterpret_cast<sal_uInt16*>( pAppData + 2 ) );
commit 3e2aeb61db631a6e2cce0e9d9df2e70db2540c0e
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Nov 11 15:10:30 2017 +0000
ofz: XPMReader::ImplGetColKey short read
like
commit 10a2388558df957b30136ba32ecc97ddef43fb57
Date: Tue Jan 17 12:35:24 2017 +0000
ofz#411: XPMReader::ImplGetColKey short read
Change-Id: Iffc7ddb00b2849b2f9fad17314086b87d3097660
Reviewed-on: https://gerrit.libreoffice.org/44629
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: David Tardon <dtardon at redhat.com>
(cherry picked from commit e02f068b9719c89d7aac1aaf4bb650160a3a3aed)
diff --git a/vcl/source/filter/ixpm/xpmread.cxx b/vcl/source/filter/ixpm/xpmread.cxx
index 6aaaa1c828ee..f72ff950ca66 100644
--- a/vcl/source/filter/ixpm/xpmread.cxx
+++ b/vcl/source/filter/ixpm/xpmread.cxx
@@ -457,6 +457,9 @@ bool XPMReader::ImplGetColKey( sal_uInt8 nKey )
{
sal_uInt8 nTemp, nPrev = ' ';
+ if (mnStringSize < mnCpp + 1)
+ return false;
+
mpPara = mpStringBuf + mnCpp + 1;
mnParaSize = 0;
commit ac95841c345c414ddc2d20880302bce75b8e1096
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 15 11:48:47 2017 +0000
ofz: special case max index for cSymbol
Change-Id: Ia5fb036196b0cff0739789e691a36d294660540b
Reviewed-on: https://gerrit.libreoffice.org/44759
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Eike Rathke <erack at redhat.com>
(cherry picked from commit a5550289a37950195b7a7e5b22cba79ce5b5a673)
Reviewed-on: https://gerrit.libreoffice.org/44803
(cherry picked from commit 701e1ec3a2e38a7b0bd2cdd3511a2a50578ea74e)
diff --git a/sc/source/core/tool/compiler.cxx b/sc/source/core/tool/compiler.cxx
index 69e33b128ea3..23b72f4bc8a7 100644
--- a/sc/source/core/tool/compiler.cxx
+++ b/sc/source/core/tool/compiler.cxx
@@ -3267,6 +3267,8 @@ bool ScCompiler::IsReference( const OUString& rName, const OUString* pErrRef )
return true;
// Now try with a symbol up to the range operator, rewind source
// position.
+ if (mnRangeOpPosInSymbol == MAXSTRLEN-1)
+ return false;
sal_Int32 nLen = mnRangeOpPosInSymbol;
while (cSymbol[++nLen])
;
commit 662f502d13f5108dc471ba8e26cd92ecbe036897
Author: Eike Rathke <erack at redhat.com>
Date: Fri Nov 10 10:52:19 2017 +0100
ofz#4123 do not read past end of file
Change-Id: I1fa3543d541ea084a43a1a11f62680fa798f5647
(cherry picked from commit 78bcc5ddca186f0009124a697184f332405d3e1e)
Reviewed-on: https://gerrit.libreoffice.org/44586
Tested-by: Eike Rathke <erack at redhat.com>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
(cherry picked from commit 6ba9b72cff5a761f36b2b9b892b572bc7cb5ae18)
diff --git a/sc/source/filter/inc/formel.hxx b/sc/source/filter/inc/formel.hxx
index 494cd0a164ca..6c93c5a79430 100644
--- a/sc/source/filter/inc/formel.hxx
+++ b/sc/source/filter/inc/formel.hxx
@@ -144,31 +144,51 @@ inline void LotusConverterBase::Ignore( const long nSeekRel )
inline void LotusConverterBase::Read( sal_uInt8& nByte )
{
aIn.ReadUChar( nByte );
- nBytesLeft--;
+ if (aIn.good())
+ nBytesLeft--;
+ else
+ {
+ // SvStream::ReadUChar() does not init a single char on failure. This
+ // behaviour is even tested in a unit test.
+ nByte = 0;
+ nBytesLeft = -1; // bail out early
+ }
}
inline void LotusConverterBase::Read( sal_uInt16& nUINT16 )
{
aIn.ReadUInt16( nUINT16 );
- nBytesLeft -= 2;
+ if (aIn.good())
+ nBytesLeft -= 2;
+ else
+ nBytesLeft = -1; // bail out early
}
inline void LotusConverterBase::Read( sal_Int16& nINT16 )
{
aIn.ReadInt16( nINT16 );
- nBytesLeft -= 2;
+ if (aIn.good())
+ nBytesLeft -= 2;
+ else
+ nBytesLeft = -1; // bail out early
}
inline void LotusConverterBase::Read( double& fDouble )
{
aIn.ReadDouble( fDouble );
- nBytesLeft -= 8;
+ if (aIn.good())
+ nBytesLeft -= 8;
+ else
+ nBytesLeft = -1; // bail out early
}
inline void LotusConverterBase::Read( sal_uInt32& nUINT32 )
{
aIn.ReadUInt32( nUINT32 );
- nBytesLeft -= 4;
+ if (aIn.good())
+ nBytesLeft -= 4;
+ else
+ nBytesLeft = -1; // bail out early
}
#endif
commit 4ce85db20254a20ff5f8a7a73f09a9f601a1ee62
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sun Nov 12 21:16:42 2017 +0000
ofz+valgrind: Conditional jump or move depends on uninitialised value
if, before lcl_UnicodeStrNCpy is called, aSymbol contains embedded
nulls then the aSymbol.getLength() and the mnRangeOpPosInSymbol value
derived from an earlier aSymbol.getLength() include the range after
the embedded null, while lcl_UnicodeStrNCpy stops at the first
embedded null leaving cSymbol with uninitialized value that
are later read from it.
Conditional jump or move depends on uninitialised value(s)
at 0x23BFBCA0: ScCompiler::IsReference(rtl::OUString const&, rtl::OUString const*) (compiler.cxx:3275)
by 0x23BFFF4C: ScCompiler::NextNewToken(bool) (compiler.cxx:4248)
by 0x23C00D20: ScCompiler::CompileString(rtl::OUString const&) (compiler.cxx:4419)
by 0x23A29FAF: ScFormulaCell::Compile(rtl::OUString const&, bool, formula::FormulaGrammar::Grammar) (formulacell.cxx:1118)
by 0x23A278B7: ScFormulaCell::ScFormulaCell(ScDocument*, ScAddress const&, rtl::OUString const&, formula::FormulaGrammar::Grammar, ScMatrixMode) (formulacell.cxx:656)
by 0x23772EC3: ScColumn::ParseString(ScCellValue&, int, short, rtl::OUString const&, formula::FormulaGrammar::AddressConvention, ScSetStringParam const*) (column3.cxx:1729)
by 0x2377354B: ScColumn::SetString(int, short, rtl::OUString const&, formula::FormulaGrammar::AddressConvention, ScSetStringParam*) (column3.cxx:1851)
by 0x23AE2B97: ScTable::SetString(short, int, short, rtl::OUString const&, ScSetStringParam*) (table2.cxx:1369)
by 0x23897045: ScDocument::SetString(short, int, short, rtl::OUString const&, ScSetStringParam*) (document.cxx:3377)
by 0x1F35F41C: ScEEImport::WriteToDocument(bool, double, SvNumberFormatter*, bool) (eeimpars.cxx:400)
by 0x1F366F3B: ScFormatFilterPluginImpl::ScImportRTF(SvStream&, rtl::OUString const&, ScDocument*, ScRange&) (rtfimp.cxx:34)
Change-Id: Iefc6be6c3a383bd9b3cdeaa896c07e24e5100dc7
Reviewed-on: https://gerrit.libreoffice.org/44658
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Eike Rathke <erack at redhat.com>
(cherry picked from commit 6be596c282f84a3cb3a62edccfdfbf69663cf59e)
Reviewed-on: https://gerrit.libreoffice.org/44690
(cherry picked from commit 8959754d2617dad38968ca008791e6431afcbdbd)
diff --git a/sc/source/core/tool/compiler.cxx b/sc/source/core/tool/compiler.cxx
index 5e74e5e35576..69e33b128ea3 100644
--- a/sc/source/core/tool/compiler.cxx
+++ b/sc/source/core/tool/compiler.cxx
@@ -1939,7 +1939,7 @@ void ScCompiler::SetError(FormulaError nError)
static sal_Unicode* lcl_UnicodeStrNCpy( sal_Unicode* pDst, const sal_Unicode* pSrc, sal_Int32 nMax )
{
const sal_Unicode* const pStop = pDst + nMax;
- while ( *pSrc && pDst < pStop )
+ while ( pDst < pStop )
{
*pDst++ = *pSrc++;
}
commit 82094d1a77bc5ad8d732f640c1a05a6b5339b666
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 8 17:05:59 2017 +0000
ofz: bad mnRangeOpPosInSymbol
Change-Id: Ieae5a81a1b475fd56cce76c43dab11c2d9fcbe6c
Reviewed-on: https://gerrit.libreoffice.org/44499
Reviewed-by: Eike Rathke <erack at redhat.com>
Tested-by: Jenkins <ci at libreoffice.org>
(cherry picked from commit f17640a95b4c65809f8573c778a293c836a847cd)
diff --git a/sc/source/core/tool/compiler.cxx b/sc/source/core/tool/compiler.cxx
index e0f67fc1b5ef..5e74e5e35576 100644
--- a/sc/source/core/tool/compiler.cxx
+++ b/sc/source/core/tool/compiler.cxx
@@ -2678,6 +2678,8 @@ Label_MaskStateMachine:
{
SetError( FormulaError::StringOverflow );
nLen = MAXSTRLEN-1;
+ if (mnRangeOpPosInSymbol > nLen)
+ mnRangeOpPosInSymbol = -1;
}
lcl_UnicodeStrNCpy( cSymbol, aSymbol.getStr(), nLen );
pSym = &cSymbol[nLen];
commit c01a48c81115bf8590df346c277728598534a82f
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue Nov 7 09:13:06 2017 +0000
ofz#4066 Bad-cast
and a cluster of others around here. This pRedl has been deleted at this point.
This doesn't matter for most users, seeing as !LibreOfficeKit::isActive() is
the usual case so the deleted pRedl isn't fully accesssed.
Because the deleted pRedl won't be found in GetRedlineTable when deleted,
rework this a little to avoid the problem.
Reviewed-on: https://gerrit.libreoffice.org/44392
Reviewed-by: Michael Stahl <mstahl at redhat.com>
Tested-by: Jenkins <ci at libreoffice.org>
(cherry picked from commit f0074dd8c6e0040d7f331ba4a42ea6193c0eac99)
Change-Id: I5c2f405cdae0b0c804ee7452629a14206516962d
diff --git a/sw/inc/redline.hxx b/sw/inc/redline.hxx
index f31be5704738..dae29e6e7e7f 100644
--- a/sw/inc/redline.hxx
+++ b/sw/inc/redline.hxx
@@ -271,9 +271,10 @@ public:
bool operator<( const SwRangeRedline& ) const;
void dumpAsXml(struct _xmlTextWriter* pWriter) const;
- void MaybeNotifyModification();
};
+SW_DLLPUBLIC void MaybeNotifyRedlineModification(SwRangeRedline* pRedline, SwDoc* pDoc);
+
/// Base object for 'Redlines' that are not of 'Ranged' type (like table row insert\delete)
class SW_DLLPUBLIC SwExtraRedline
{
diff --git a/sw/source/core/doc/DocumentRedlineManager.cxx b/sw/source/core/doc/DocumentRedlineManager.cxx
index c5da74836240..a9fcfb984091 100644
--- a/sw/source/core/doc/DocumentRedlineManager.cxx
+++ b/sw/source/core/doc/DocumentRedlineManager.cxx
@@ -1243,7 +1243,7 @@ bool DocumentRedlineManager::AppendRedline( SwRangeRedline* pNewRedl, bool bCall
delete pNewRedl;
pNewRedl = nullptr;
if (eCmpPos == POS_INSIDE)
- pRedl->MaybeNotifyModification();
+ MaybeNotifyRedlineModification(pRedl, &m_rDoc);
break;
case POS_OUTSIDE:
diff --git a/sw/source/core/doc/docredln.cxx b/sw/source/core/doc/docredln.cxx
index 9a4f4a583cb2..d30ebdb1cf1f 100644
--- a/sw/source/core/doc/docredln.cxx
+++ b/sw/source/core/doc/docredln.cxx
@@ -1043,17 +1043,17 @@ SwRangeRedline::~SwRangeRedline()
delete pRedlineData;
}
-void SwRangeRedline::MaybeNotifyModification()
+void MaybeNotifyRedlineModification(SwRangeRedline* pRedline, SwDoc* pDoc)
{
if (!comphelper::LibreOfficeKit::isActive())
return;
- const SwRedlineTable& rRedTable = GetDoc()->getIDocumentRedlineAccess().GetRedlineTable();
+ const SwRedlineTable& rRedTable = pDoc->getIDocumentRedlineAccess().GetRedlineTable();
for (SwRedlineTable::size_type i = 0; i < rRedTable.size(); ++i)
{
- if (rRedTable[i] == this)
+ if (rRedTable[i] == pRedline)
{
- SwRedlineTable::LOKRedlineNotification(RedlineNotification::Modify, this);
+ SwRedlineTable::LOKRedlineNotification(RedlineNotification::Modify, pRedline);
break;
}
}
@@ -1064,7 +1064,7 @@ void SwRangeRedline::SetStart( const SwPosition& rPos, SwPosition* pSttPtr )
if( !pSttPtr ) pSttPtr = Start();
*pSttPtr = rPos;
- MaybeNotifyModification();
+ MaybeNotifyRedlineModification(this, GetDoc());
}
void SwRangeRedline::SetEnd( const SwPosition& rPos, SwPosition* pEndPtr )
@@ -1072,7 +1072,7 @@ void SwRangeRedline::SetEnd( const SwPosition& rPos, SwPosition* pEndPtr )
if( !pEndPtr ) pEndPtr = End();
*pEndPtr = rPos;
- MaybeNotifyModification();
+ MaybeNotifyRedlineModification(this, GetDoc());
}
/// Do we have a valid Selection?
diff --git a/sw/source/uibase/shells/textfld.cxx b/sw/source/uibase/shells/textfld.cxx
index 79863dd95dd9..59ab6bc819ed 100644
--- a/sw/source/uibase/shells/textfld.cxx
+++ b/sw/source/uibase/shells/textfld.cxx
@@ -542,7 +542,7 @@ void SwTextShell::ExecField(SfxRequest &rReq)
{
rSh.SetRedlineComment(sCommentText);
GetView().AttrChangedNotify(GetShellPtr());
- const_cast<SwRangeRedline*>(pRedline)->MaybeNotifyModification();
+ MaybeNotifyRedlineModification(const_cast<SwRangeRedline*>(pRedline), pRedline->GetDoc());
break;
}
commit 1e8d8b4fafdda72bafc87ad43a815050f245905a
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Nov 6 09:55:42 2017 +0000
ofz#4076 bad palette READ
Change-Id: I54943d96baa6e2309bbf2cd3b6d8bcada2b76952
Reviewed-on: https://gerrit.libreoffice.org/44353
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Michael Stahl <mstahl at redhat.com>
(cherry picked from commit 4428c662765464e7f461101887f0141fde4ba4ef)
diff --git a/vcl/source/gdi/pngread.cxx b/vcl/source/gdi/pngread.cxx
index 09aae8998cc9..7ad8aed88111 100644
--- a/vcl/source/gdi/pngread.cxx
+++ b/vcl/source/gdi/pngread.cxx
@@ -118,6 +118,7 @@ private:
bool mbGrayScale : 1;
bool mbzCodecInUse : 1;
bool mbStatus : 1;
+ bool mbIDATStarted : 1; // true if IDAT seen
bool mbIDAT : 1; // true if finished with enough IDAT chunks
bool mbGamma : 1; // true if Gamma Correction available
bool mbpHYs : 1; // true if physical size of pixel available
@@ -200,6 +201,7 @@ PNGReaderImpl::PNGReaderImpl( SvStream& rPNGStream )
mbGrayScale( false ),
mbzCodecInUse ( false ),
mbStatus( true ),
+ mbIDATStarted( false ),
mbIDAT( false ),
mbGamma ( false ),
mbpHYs ( false ),
@@ -368,7 +370,7 @@ BitmapEx PNGReaderImpl::GetBitmapEx( const Size& rPreviewSizeHint )
case PNGCHUNK_PLTE :
{
- if ( !mbPalette )
+ if (!mbPalette && !mbIDATStarted)
mbStatus = ImplReadPalette();
}
break;
@@ -498,7 +500,7 @@ bool PNGReaderImpl::ImplReadHeader( const Size& rPreviewSizeHint )
}
mbPalette = true;
- mbIDAT = mbAlphaChannel = mbTransparent = false;
+ mbIDATStarted = mbIDAT = mbAlphaChannel = mbTransparent = false;
mbGrayScale = mbRGBTriple = false;
mnTargetDepth = mnPngDepth;
sal_uInt64 nScansize64 = ( ( static_cast< sal_uInt64 >( maOrigSize.Width() ) * mnPngDepth ) + 7 ) >> 3;
@@ -899,6 +901,8 @@ void PNGReaderImpl::ImplReadIDAT()
{
if( mnChunkLen > 0 )
{
+ mbIDATStarted = true;
+
if ( !mbzCodecInUse )
{
mbzCodecInUse = true;
commit 43a596299257a379bdae7dd16f7f6b03f4c89446
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue Oct 24 11:28:47 2017 +0100
ofz#3759 check for valid starting dash index
Change-Id: I09e117e14eda2565c9b25d407cc4328d4f2ee97a
Reviewed-on: https://gerrit.libreoffice.org/43802
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Michael Stahl <mstahl at redhat.com>
(cherry picked from commit 2851316853b6c9106d9dc89a8ea4c3ca42eab01e)
diff --git a/filter/source/graphicfilter/idxf/dxftblrd.cxx b/filter/source/graphicfilter/idxf/dxftblrd.cxx
index 1d2f8b483428..a7b968de6db3 100644
--- a/filter/source/graphicfilter/idxf/dxftblrd.cxx
+++ b/filter/source/graphicfilter/idxf/dxftblrd.cxx
@@ -68,9 +68,14 @@ void DXFLType::Read(DXFGroupReader & rDGR)
rDGR.SetError();
return;
}
- if (nDashIndex<nDashCount)
+ if (nDashIndex < nDashCount)
{
- fDash[nDashIndex++]=rDGR.GetF();
+ if (nDashIndex < 0)
+ {
+ rDGR.SetError();
+ return;
+ }
+ fDash[nDashIndex++] = rDGR.GetF();
}
break;
}
commit f92b0035e615b261c3fcf30ed3cdf2dae31241ca
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Oct 16 14:23:22 2017 +0100
ofz: returning SfxPoolItem belonging to local
Change-Id: Ib9760efb1231ef057dfd62d06095c15e3bf73a87
Reviewed-on: https://gerrit.libreoffice.org/43426
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
(cherry picked from commit a2ca21fada002b895202abd2cbb4997b112627f8)
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 45c22d149874..216150651009 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -1559,9 +1559,9 @@ const SfxPoolItem* SwWW8FltControlStack::GetFormatAttr(const SwPosition& rPos,
if (pNd->IsTextNode())
{
const sal_Int32 nPos = rPos.nContent.GetIndex();
- SfxItemSet aSet(pDoc->GetAttrPool(), nWhich, nWhich);
- if (pNd->GetTextNode()->GetAttr(aSet, nPos, nPos))
- pItem = aSet.GetItem(nWhich);
+ m_xScratchSet.reset(new SfxItemSet(pDoc->GetAttrPool(), nWhich, nWhich));
+ if (pNd->GetTextNode()->GetAttr(*m_xScratchSet, nPos, nPos))
+ pItem = m_xScratchSet->GetItem(nWhich);
}
if (!pItem)
diff --git a/sw/source/filter/ww8/ww8par.hxx b/sw/source/filter/ww8/ww8par.hxx
index 3d72215dc157..8d35e28f689a 100644
--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -357,6 +357,7 @@ class SwWW8FltControlStack : public SwFltControlStack
{
private:
SwWW8ImplReader& rReader;
+ std::unique_ptr<SfxItemSet> m_xScratchSet;
sal_uInt16 nToggleAttrFlags;
sal_uInt16 nToggleBiDiAttrFlags;
SwWW8FltControlStack(const SwWW8FltControlStack&) = delete;
More information about the Libreoffice-commits
mailing list