[Libreoffice-commits] core.git: Branch 'libreoffice-7-4' - sw/source

Thu, 16 Jun 2022 02:55:55 -0700 

 sw/source/core/doc/DocumentRedlineManager.cxx |    6 ++++++
 1 file changed, 6 insertions(+)

New commits:
commit 5e0443c29daaf31d41cd162544b601b9753b8199
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Jun 14 17:19:23 2022 +0200
Commit:     Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Jun 16 11:55:14 2022 +0200

    sw_redlinehide: skip unnecessary updates when undoing redlined delete
    
    When reproducing tdf#135976 and then Undo, an UAF crash happens here:
    
      assert(!pFrame->GetDrawObjs() || !pObjs->Contains(*pObj));
    
    The pObjs was actually deleted and then re-created, because the pObj was
    removed from the frame and added again to the same frame.
    
    This is a bit unexpected, so prevent it by taking a shortcut in the
    caller UpdateFramesForRemoveDeleteRedline() to insert a check that had
    been removed in commit 14e87a4b15d31a34e6053f6194688f3aa23af991.
    
    If the rPam is inside a single node, the sw::RedlineUnDelText hint that
    was sent to the SwTextFrame should be sufficient to update it and the
    rest of the code in the loop that deals with newly split paragraph can
    be skipped.
    
    Change-Id: I5f36eb91bc20003887ee0bad03ea4a6e67135de9
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135907
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
    (cherry picked from commit 8334d280a3e250fc7f327d3638f40a330ea3944c)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/135891

diff --git a/sw/source/core/doc/DocumentRedlineManager.cxx 
b/sw/source/core/doc/DocumentRedlineManager.cxx
index c2ddb046ef8b..8a9a70ae2bb9 100644
--- a/sw/source/core/doc/DocumentRedlineManager.cxx
+++ b/sw/source/core/doc/DocumentRedlineManager.cxx
@@ -309,6 +309,12 @@ void UpdateFramesForRemoveDeleteRedline(SwDoc & rDoc, 
SwPaM const& rPam)
                 break;
             }
 
+            // no nodes can be unmerged by this - skip MakeFrames() etc.
+            if (rPam.GetPoint()->nNode == rPam.GetMark()->nNode)
+            {
+                break; // continue with AppendAllObjs()
+            }
+
             // first, call CheckParaRedlineMerge on the first paragraph,
             // to init flag on new merge range (if any) + 1st node post the 
merge
             auto eMode(sw::FrameMode::Existing);

Reply via email to