[Libreoffice-commits] core.git: basic/source
Vasily Melenchuk
Vasily.Melenchuk at cib.de
Mon May 21 13:41:31 UTC 2018
basic/source/runtime/dllmgr-x64.cxx | 2 +-
basic/source/runtime/dllmgr-x86.cxx | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
New commits:
commit de9620dd4539397715dab3102d256f9d634fcb23
Author: Vasily Melenchuk <Vasily.Melenchuk at cib.de>
Date: Mon May 21 10:58:49 2018 +0300
tdf#97231: potential crash fixed
blob2 pointer can be invalidated during marshalString() call,
because it also adds new element in data vector and thus later
access to blob2 can cause crash.
Change-Id: I2de519c363193f34b249e7250a016397b7420882
Reviewed-on: https://gerrit.libreoffice.org/54613
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens at CIB.de>
diff --git a/basic/source/runtime/dllmgr-x64.cxx b/basic/source/runtime/dllmgr-x64.cxx
index 0bafdec1fb32..4450bbfa6029 100644
--- a/basic/source/runtime/dllmgr-x64.cxx
+++ b/basic/source/runtime/dllmgr-x64.cxx
@@ -319,12 +319,12 @@ ErrCode marshal(
break;
case SbxSTRING:
{
- std::vector< char > * blob2 = data.newBlob();
void * p;
ErrCode e = marshalString(variable, special, data, &p);
if (e != ERRCODE_NONE) {
return e;
}
+ std::vector< char >* blob2 = data.newBlob();
add(*blob2, p, 8, 0);
add(blob, address(*blob2), 8, offset);
break;
diff --git a/basic/source/runtime/dllmgr-x86.cxx b/basic/source/runtime/dllmgr-x86.cxx
index 576e3da1b736..63fd3bcea160 100644
--- a/basic/source/runtime/dllmgr-x86.cxx
+++ b/basic/source/runtime/dllmgr-x86.cxx
@@ -334,12 +334,12 @@ ErrCode marshal(
break;
case SbxSTRING:
{
- std::vector< char > * blob2 = data.newBlob();
void * p;
ErrCode e = marshalString(variable, special, data, &p);
if (e != ERRCODE_NONE) {
return e;
}
+ std::vector< char > * blob2 = data.newBlob();
add(*blob2, p, 4, 0);
add(blob, address(*blob2), 4, offset);
break;
More information about the Libreoffice-commits
mailing list