[Libreoffice-commits] core.git: vcl/source

Miklos Vajna (via logerrit) logerrit at kemper.freedesktop.org
Thu Jan 30 08:09:22 UTC 2020 

 vcl/source/window/cursor.cxx |    2 +-
 vcl/source/window/mouse.cxx  |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

New commits:
commit f12fc2d07e6f2e9d33ad9350b1f005cbcbe72a18
Author:     Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Wed Jan 29 21:06:35 2020 +0100
Commit:     Miklos Vajna <vmiklos at collabora.com>
CommitDate: Thu Jan 30 09:08:47 2020 +0100

    vcl: fix UB in vcl::Cursor::ImplDoShow()
    
    pWindow->mpWindowImpl can be nullptr here, see online.git's
    unit-load-torture test:
    
    vcl/source/window/cursor.cxx:204:54: runtime error: member access within null pointer of type 'WindowImpl'
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior vcl/source/window/cursor.cxx:204:54 in
    
    (And one more similar case in Window::ImplGrabFocus().)
    
    Change-Id: Idd145082b58c10139be53e9b997efedeb0cec364
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87709
    Tested-by: Jenkins
    Reviewed-by: Miklos Vajna <vmiklos at collabora.com>

diff --git a/vcl/source/window/cursor.cxx b/vcl/source/window/cursor.cxx
index 8291d29e2b21..3b55bea61690 100644
--- a/vcl/source/window/cursor.cxx
+++ b/vcl/source/window/cursor.cxx
@@ -201,7 +201,7 @@ void vcl::Cursor::ImplDoShow( bool bDrawDirect, bool bRestore )
             // show the cursor, if there is an active window and the cursor
             // has been selected in this window
             pWindow = Application::GetFocusWindow();
-            if ( !pWindow || (pWindow->mpWindowImpl->mpCursor != this) || pWindow->mpWindowImpl->mbInPaint
+            if ( !pWindow || !pWindow->mpWindowImpl || (pWindow->mpWindowImpl->mpCursor != this) || pWindow->mpWindowImpl->mbInPaint
                 || !pWindow->mpWindowImpl->mpFrameData->mbHasFocus )
                 pWindow = nullptr;
         }
diff --git a/vcl/source/window/mouse.cxx b/vcl/source/window/mouse.cxx
index 0aea5205fbb5..16993d199987 100644
--- a/vcl/source/window/mouse.cxx
+++ b/vcl/source/window/mouse.cxx
@@ -312,7 +312,7 @@ void Window::ImplGrabFocus( GetFocusFlags nFlags )
 
     pSVData->mpWinData->mpFocusWin = this;
 
-    if ( pOldFocusWindow )
+    if ( pOldFocusWindow && pOldFocusWindow->mpWindowImpl )
     {
         // Cursor hidden
         if ( pOldFocusWindow->mpWindowImpl->mpCursor )

More information about the Libreoffice-commits mailing list