sw/source/core/layout/frmtool.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 98fba3ab3675e19a1260d4e2cddd4bfd6c005118
Author: Stephan Bergmann <sberg...@redhat.com>
Date: Thu Aug 21 13:27:08 2014 +0200
Check pTmpFrm->GetType(), not nFrmType, for FRM_FLY
...as nFrmType need not match pTmpFrm->GetType() exactly, but can e.g. be
USHORT_MAX when GetFrmOfModify is called from SwFrmFmt::FindLayoutRect
(sw/source/core/layout/atrfrm.cxx). It is probably good luck that the two
comparisons against FAR_AWAY made it too unlikely for the if's true branch
to
ever be taken for a pTmpFrm that is not actually a SwFlyFrm. Found the bug
when
running CppunitTest_sw_ooxmlexport2 under -fsanitize=undefined, where
((SwFlyFrm*)pTmpFrm)->GetAnchorFrm()
was called for a pTmpFrm of type SwTabFrm.
Change-Id: Ia886a809bdb82488c3f410be66cf827b3f723c55
diff --git a/sw/source/core/layout/frmtool.cxx
b/sw/source/core/layout/frmtool.cxx
index 663551f..aabdd39 100644
--- a/sw/source/core/layout/frmtool.cxx
+++ b/sw/source/core/layout/frmtool.cxx
@@ -3279,7 +3279,7 @@ SwFrm* GetFrmOfModify( const SwRootFrm* pLayout, SwModify
const& rMod, sal_uInt1
}
// for Flys go via the parent if the Fly is not yet
"formatted"
- if( !bCalcFrm && nFrmType & FRM_FLY &&
+ if( !bCalcFrm && pTmpFrm->GetType() & FRM_FLY &&
((SwFlyFrm*)pTmpFrm)->GetAnchorFrm() &&
FAR_AWAY == pTmpFrm->Frm().Pos().getX() &&
FAR_AWAY == pTmpFrm->Frm().Pos().getY() )
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
