[Libreoffice-commits] core.git: svx/source
Mike Kaganski (via logerrit)
logerrit at kemper.freedesktop.org
Fri Jul 23 18:07:23 UTC 2021
svx/source/svdraw/svdmodel.cxx | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
New commits:
commit 6362c905cf19f2f6cb67bf634091b14c2a8e90ec
Author: Mike Kaganski <mike.kaganski at collabora.com>
AuthorDate: Fri Jul 23 17:35:45 2021 +0200
Commit: Mike Kaganski <mike.kaganski at collabora.com>
CommitDate: Fri Jul 23 20:06:49 2021 +0200
tdf#143514: Avoid double-free in dbgutil code
SdrObject::Free may start a chain of deletions, removing more
than one object from maAllIncarnatedObjects. Trying to free
them for the second time after that would lead to crash.
Change-Id: I8648b05d167acecb2799ecf165c387721528a11a
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/119433
Tested-by: Mike Kaganski <mike.kaganski at collabora.com>
Reviewed-by: Mike Kaganski <mike.kaganski at collabora.com>
diff --git a/svx/source/svdraw/svdmodel.cxx b/svx/source/svdraw/svdmodel.cxx
index f46a34eaf6ec..7dcc8110faa4 100644
--- a/svx/source/svdraw/svdmodel.cxx
+++ b/svx/source/svdraw/svdmodel.cxx
@@ -197,13 +197,13 @@ SdrModel::~SdrModel()
if(!maAllIncarnatedObjects.empty())
{
SAL_WARN("svx","SdrModel::~SdrModel: Not all incarnations of SdrObjects deleted, possible memory leak (!)");
- // copy to std::vector - calling SdrObject::Free will change maAllIncarnatedObjects
- const std::vector< const SdrObject* > maRemainingObjects(maAllIncarnatedObjects.begin(), maAllIncarnatedObjects.end());
- for(auto pSdrObject : maRemainingObjects)
+ // calling SdrObject::Free will change maAllIncarnatedObjects, and potentially remove more
+ // than one - do not copy to another container, to not try to free already removed object.
+ do
{
- SdrObject* pCandidate(const_cast<SdrObject*>(pSdrObject));
+ SdrObject* pCandidate(const_cast<SdrObject*>(*maAllIncarnatedObjects.begin()));
SdrObject::Free(pCandidate);
- }
+ } while (!maAllIncarnatedObjects.empty());
}
#endif
More information about the Libreoffice-commits
mailing list