[Libreoffice-commits] core.git: hwpfilter/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Tue Oct 29 08:18:51 UTC 2019
hwpfilter/source/hwpread.cxx | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
New commits:
commit 80cbd1ceedc1a50a70f3eef61ce38e13f7556422
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Mon Oct 28 19:50:10 2019 +0000
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Oct 29 09:17:37 2019 +0100
cid#1448471 Wrapper object use after free
Change-Id: I4a6f31491f857280623302569afa982b37c16e89
Reviewed-on: https://gerrit.libreoffice.org/81629
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/hwpfilter/source/hwpread.cxx b/hwpfilter/source/hwpread.cxx
index 43a15635ba9d..d03f1226aab9 100644
--- a/hwpfilter/source/hwpread.cxx
+++ b/hwpfilter/source/hwpread.cxx
@@ -365,6 +365,28 @@ bool TxtBox::Read(HWPFile & hwpf)
return !hwpf.State();
}
+namespace
+{
+ class ChangeMemGuard
+ {
+ private:
+ HIODev* m_pOldMem;
+ HIODev* m_pNewMem;
+ public:
+ ChangeMemGuard(HMemIODev* pNewMem)
+ : m_pOldMem(hmem)
+ , m_pNewMem(pNewMem)
+ {
+ hmem = m_pNewMem;
+ }
+ ~ChangeMemGuard()
+ {
+ assert(hmem == m_pNewMem);
+ hmem = m_pOldMem;
+ }
+ };
+}
+
// picture(11)
bool Picture::Read(HWPFile & hwpf)
{
@@ -467,14 +489,12 @@ bool Picture::Read(HWPFile & hwpf)
if (pictype == PICTYPE_DRAW)
{
- HIODev* pOldMem = hmem;
- std::unique_ptr<HMemIODev> pNewMem(new HMemIODev(reinterpret_cast<char *>(follow.data()), follow_block_size));
- hmem = pNewMem.get();
+ auto xNewMem(std::make_unique<HMemIODev>(reinterpret_cast<char*>(follow.data()), follow_block_size));
+ auto xGuard(std::make_unique<ChangeMemGuard>(xNewMem.get()));
LoadDrawingObjectBlock(this);
style.cell = picinfo.picdraw.hdo;
- assert(hmem == pNewMem.get());
- pNewMem.reset();
- hmem = pOldMem;
+ xGuard.reset();
+ xNewMem.reset();
}
else if (follow_block_size >= 4)
{
More information about the Libreoffice-commits
mailing list