[Libreoffice] [REVIEW] avoid overwriting stack
David Tardon
dtardon at redhat.com
Thu Jun 30 01:53:49 PDT 2011
Hi all,
could someone review commit 01096e7487d9e60fcd24eea8131b650588845f2b in
libs-core for 3.4?
It fixes the following crash scenario:
1. create new presentation
2. press F11 to open stylist
3. right click on a style and click on Modify
4. press Esc (or click Cancel)
5. press F11
It does not happen if the stylist is closed using menu. Neither it
happen in Writer.
It crashes because pbDeleted member of SfxCommonTemplateDialog_Impl is
set to point to a stack variable in SfxCommonTemplateDialog_Impl::Exec_Impl
and is not reset to 0 if the code returns through
if ( !pItem || aDeleted )
return sal_False;
. ~SfxCommonTemplateDialog_Impl writes into pbDeleted->bDead, but at
that point the stack variable no longer exists, so it just overwrites
a couple of bytes somewhere on the stack.
D.
More information about the LibreOffice
mailing list