[Libreoffice-commits] core.git: Branch 'libreoffice-5-4' - xmloff/source

Sun Sep 24 15:22:19 UTC 2017

xmloff/source/core/xmlexp.cxx |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

New commits:
commit 89a5b2c31b4c9d5e068e9d1aef2eac50d70df80e
Author: Michael Stahl <mstahl at redhat.com>
Date:   Tue Sep 19 21:43:23 2017 +0200

    xmloff: fix stack-use-after-return in SvXMLExport::exportDoc()
    
    PropertySetInfo(PropertyMapEntry const * pMap) stores the pointers,
    and its lifetime is controlled by refcounting, so the lifetime
    of aInfoMap can't be automatic.
    
    ERROR: AddressSanitizer: stack-use-after-return on address ...
    ... is located in stack of thread T46
    at offset 224 in frame SvXMLExport::exportDoc(xmloff::token::XMLTokenEnum)
    
    This frame has 39 object(s):
      ...
      [224, 288) 'aInfoMap' <== Memory access at offset 224 is inside this variable
    
    Change-Id: I4eaa9d38bab708b222d999b0982100d7ef97e95c
    (cherry picked from commit ee599ea46365adc37f4d495d9ff9778c25c04c92)
    Reviewed-on: https://gerrit.libreoffice.org/42504
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/xmloff/source/core/xmlexp.cxx b/xmloff/source/core/xmlexp.cxx
index bfb18b8e0853..6c38127b9462 100644
--- a/xmloff/source/core/xmlexp.cxx
+++ b/xmloff/source/core/xmlexp.cxx
@@ -1284,7 +1284,7 @@ sal_uInt32 SvXMLExport::exportDoc( enum ::xmloff::token::XMLTokenEnum eClass )
     {
         try
         {
-            ::comphelper::PropertyMapEntry const aInfoMap[] =
+            static ::comphelper::PropertyMapEntry const aInfoMap[] =
             {
                 { OUString("Class"), 0,
                     ::cppu::UnoType<OUString>::get(),
