[Libreoffice-commits] core.git: Branch 'libreoffice-5-3' - xmloff/source

Sun Sep 24 15:25:56 UTC 2017

xmloff/source/core/xmlexp.cxx |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

New commits:
commit e68c82d2c194aafc6406f9f27caa2d1e70a7614e
Author: Michael Stahl <mstahl at redhat.com>
Date:   Tue Sep 19 21:43:23 2017 +0200

    xmloff: fix stack-use-after-return in SvXMLExport::exportDoc()
    
    PropertySetInfo(PropertyMapEntry const * pMap) stores the pointers,
    and its lifetime is controlled by refcounting, so the lifetime
    of aInfoMap can't be automatic.
    
    ERROR: AddressSanitizer: stack-use-after-return on address ...
    ... is located in stack of thread T46
    at offset 224 in frame SvXMLExport::exportDoc(xmloff::token::XMLTokenEnum)
    
    This frame has 39 object(s):
      ...
      [224, 288) 'aInfoMap' <== Memory access at offset 224 is inside this variable
    
    Change-Id: I4eaa9d38bab708b222d999b0982100d7ef97e95c
    (cherry picked from commit ee599ea46365adc37f4d495d9ff9778c25c04c92)
    Reviewed-on: https://gerrit.libreoffice.org/42505
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/xmloff/source/core/xmlexp.cxx b/xmloff/source/core/xmlexp.cxx
index aced8d37b245..cb12d33b11d5 100644
--- a/xmloff/source/core/xmlexp.cxx
+++ b/xmloff/source/core/xmlexp.cxx
@@ -1296,7 +1296,7 @@ sal_uInt32 SvXMLExport::exportDoc( enum ::xmloff::token::XMLTokenEnum eClass )
     {
         try
         {
-            ::comphelper::PropertyMapEntry const aInfoMap[] =
+            static ::comphelper::PropertyMapEntry const aInfoMap[] =
             {
                 { OUString("Class"), 0,
                     ::cppu::UnoType<OUString>::get(),
