[REVIEW] fix for fdo#46825, crash copying a chart

Stephan Bergmann sbergman at redhat.com
Thu Mar 8 01:06:04 PST 2012

On 03/03/2012 01:08 AM, Markus Mohrhard wrote:
> [1] fixes a crash when you copy a chart in the document. The problem
> is that you should not create a uno::Sequence with new because the
> uno::Sequence copy c'tor is creating a flat copy. This will later
> result in a double delete.
> I think the patch is quite save and fixes a crash and therefore should
> be included into at least 3-5 and if still possible in 3-5-1.
> Regards,
> Markus
> [1] http://cgit.freedesktop.org/libreoffice/core/commit/?id=8f2d3c47ad40039a842fa09d98137155dcfdfe9e

While changing from a pointer-to-Sequence member to a plain Sequence 
member is probably a good choice, anyway (as Sequence itself is nothing 
more than a pointer to the underlying uno_Sequence data structure), I do 
not see how the original code was actually wrong:  The Sequence copy 
ctor increases the shared _pSequence->nRefCount, while delete, via 
Sequence dtor, uno_type_destructData, _destructData, and 
idestructSequence decrements nRefCount again, and destroys the shared 
uno_Sequence only when the ref count has dropped to zero.


More information about the LibreOffice mailing list