[Libreoffice-commits] core.git: basic/source

[Caolán McNamara (via logerrit)]

 basic/source/classes/sbxmod.cxx |   45 ++++++++++++++++++++++++++++++----------
 1 file changed, 34 insertions(+), 11 deletions(-)

New commits:
commit 5d1be8f1d28adbbbffd7c8a7ab70a41703f8911b
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Nov 11 14:16:08 2019 +0000
Commit:     Caolán McNamara <caolanm at redhat.com>
CommitDate: Mon Nov 11 17:56:44 2019 +0100

    cid#1448492 Wrapper object use after free
    
    Change-Id: I4c5978b019549d1509c4c70b4cfa93a362395fed
    Reviewed-on: https://gerrit.libreoffice.org/82448
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/basic/source/classes/sbxmod.cxx b/basic/source/classes/sbxmod.cxx
index bbab27dec8c8..1df211a3f8b3 100644
--- a/basic/source/classes/sbxmod.cxx
+++ b/basic/source/classes/sbxmod.cxx
@@ -1201,9 +1201,39 @@ void SbModule::Run( SbMethod* pMeth )
     }
 }
 
+namespace
+{
+    class SbiRuntimeGuard
+    {
+    private:
+        std::unique_ptr<SbiRuntime> m_xRt;
+        SbiGlobals* m_pSbData;
+        SbModule* m_pOldMod;
+    public:
+        SbiRuntimeGuard(SbModule* pModule, SbiGlobals* pSbData)
+            : m_xRt(new SbiRuntime(pModule, nullptr, 0))
+            , m_pSbData(pSbData)
+            , m_pOldMod(pSbData->pMod)
+        {
+            m_xRt->pNext = pSbData->pInst->pRun;
+            m_pSbData->pMod = pModule;
+            m_pSbData->pInst->pRun = m_xRt.get();
+        }
+        void run()
+        {
+            while (m_xRt->Step()) {}
+        }
+        ~SbiRuntimeGuard()
+        {
+            m_pSbData->pInst->pRun = m_xRt->pNext;
+            m_pSbData->pMod = m_pOldMod;
+            m_xRt.reset();
+        }
+    };
+}
+
 // Execute of the init method of a module after the loading
 // or the compilation
-
 void SbModule::RunInit()
 {
     if( pImage
@@ -1215,18 +1245,11 @@ void SbModule::RunInit()
         // Set flag, so that RunInit get active (Testtool)
         pSbData->bRunInit = true;
 
-        SbModule* pOldMod = pSbData->pMod;
-        pSbData->pMod = this;
         // The init code starts always here
-        std::unique_ptr<SbiRuntime> pRt(new SbiRuntime( this, nullptr, 0 ));
-
-        pRt->pNext = pSbData->pInst->pRun;
-        pSbData->pInst->pRun = pRt.get();
-        while( pRt->Step() ) {}
+        auto xRuntimeGuard(std::make_unique<SbiRuntimeGuard>(this, pSbData));
+        xRuntimeGuard->run();
+        xRuntimeGuard.reset();
 
-        pSbData->pInst->pRun = pRt->pNext;
-        pRt.reset();
-        pSbData->pMod = pOldMod;
         pImage->bInit = true;
         pImage->bFirstInit = false;