editeng/source/editeng/impedit2.cxx | 6 ++++++
1 file changed, 6 insertions(+)
New commits:
commit 60d2dd11a73bf7a1269896f15b1ec7c98507571e
Author: Patrick Luby <plub...@neooffice.org>
AuthorDate: Wed Dec 7 16:12:11 2022 -0500
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Thu Dec 8 09:32:32 2022 +0000
Related: tdf#82115 Fix crash when handling input method events
The nodes in mpIMEInfos may be deleted in ImpEditEngine::Clear() which
causes a crash in the CommandEventId::ExtTextInput and
CommandEventId::EndExtTextInput event handlers.
This crash occurs on Windows or macOS using the following steps:
- Enter uncommitted text (enter "aaa" with a Japanese Hiragana input
method) in a comment in a Writer document
- Switch to another empty Writer document without committing the text in
the first Writer document
- Switch back to the first Writer document
The above steps may need to be repeated a few times but it will eventually
crash with the following stack trace:
(lldb) bt 25
* thread #1, queue = 'com.apple.main-thread', stop reason = hit program
assert
frame #0: 0x00000001b928ad98 libsystem_kernel.dylib`__pthread_kill + 8
frame #1: 0x00000001b92bfee0 libsystem_pthread.dylib`pthread_kill + 288
frame #2: 0x00000001b91fa340 libsystem_c.dylib`abort + 168
* frame #3: 0x00000001b91f9754 libsystem_c.dylib`__assert_rtn + 272
frame #4: 0x000000010374a09c
libeditenglo.dylib`ImpEditEngine::ImpRemoveParagraph(this=0x000000011a684e00,
nPara=-2147483648) at impedit2.cxx:2512:5
frame #5: 0x0000000103739658
libeditenglo.dylib`ImpEditEngine::ImpDeleteSelection(this=0x000000011a684e00,
rCurSel=0x000000016fdf7250) at impedit2.cxx:2473:9
frame #6: 0x0000000103739328
libeditenglo.dylib`ImpEditEngine::DeleteSelected(this=0x000000011a684e00,
rSel=0x000000016fdf7250) at impedit2.cxx:259:19
frame #7: 0x000000010373aac4
libeditenglo.dylib`ImpEditEngine::Command(this=0x000000011a684e00,
rCEvt=0x000000016fdf7698, pView=0x0000600000169e10) at impedit2.cxx:408:24
frame #8: 0x0000000103721744
libeditenglo.dylib`ImpEditView::Command(this=0x00000002e3f8b7b0,
rCEvt=0x000000016fdf7698) at impedit.cxx:1757:41
frame #9: 0x00000001036d7df4
libeditenglo.dylib`EditView::Command(this=0x0000600000169e10,
rCEvt=0x000000016fdf7698) at editview.cxx:495:26
frame #10: 0x000000010b1d2420
libsvxlo.dylib`WeldEditView::Command(this=0x0000600002b11e30,
rCEvt=0x000000016fdf7698) at weldeditview.cxx:312:23
frame #11: 0x00000002ea78dd50
libswlo.dylib`sw::sidebarwindows::SidebarTextControl::Command(this=0x0000600002b11e30,
rCEvt=0x000000016fdf7698) at SidebarTxtControl.cxx:461:26
frame #12: 0x000000011656f3d4
libvcllo.dylib`weld::CustomWeld::DoCommand(this=0x000060000016a740,
rPos=0x000000016fdf7698) at customweld.cxx:93:32
frame #13: 0x000000011656ee7c
libvcllo.dylib`weld::CustomWeld::LinkStubDoCommand(instance=0x000060000016a740,
data=0x000000016fdf7698) at customweld.cxx:91:1
frame #14: 0x0000000115ca1dd4 libvcllo.dylib`Link<CommandEvent const&,
bool>::Call(this=0x00000002e3f8bc48, data=0x000000016fdf7698) const at
link.hxx:111:45
frame #15: 0x00000001165b1658
libvcllo.dylib`SalInstanceDrawingArea::CommandHdl(this=0x00000002e3f8bb50,
rEvent=0x000000016fdf7698) at salvtables.cxx:6473:26
frame #16: 0x00000001165af588
libvcllo.dylib`SalInstanceDrawingArea::LinkStubCommandHdl(instance=0x00000002e3f8bb50,
data=0x000000016fdf7698) at salvtables.cxx:6471:1
frame #17: 0x0000000115ca1dd4 libvcllo.dylib`Link<CommandEvent const&,
bool>::Call(this=0x00000002e3f90208, data=0x000000016fdf7698) const at
link.hxx:111:45
frame #18: 0x0000000115d047d0
libvcllo.dylib`VclDrawingArea::Command(this=0x00000002e3f90080,
rEvent=0x000000016fdf7698) at layout.hxx:685:27
frame #19: 0x0000000115e2e2bc
libvcllo.dylib`ImplCallCommand(pChild=0x000000016fdf77c8, nEvt=ExtTextInput,
pData=0x000000016fdf77d8, bMouse=false, pPos=0x0000000000000000) at
winproc.cxx:229:17
frame #20: 0x0000000115e34458
libvcllo.dylib`ImplHandleExtTextInput(pWindow=0x0000600002aa8930,
rText=0x000000016fdf8290, pTextAttr=0x0000600000018710, nCursorPos=4,
nCursorFlags=1) at winproc.cxx:1424:13
frame #21: 0x0000000115e30dc8
libvcllo.dylib`ImplWindowFrameProc(_pWindow=0x0000600002aa8930,
nEvent=ExtTextInput, pEvent=0x000000016fdf8290) at winproc.cxx:2863:20
frame #22: 0x000000011b0424e0
libvclplug_osxlo.dylib`SalFrame::CallCallback(this=0x00000001378ffb40,
nEvent=ExtTextInput, pEvent=0x000000016fdf8290) const at salframe.hxx:306:29
frame #23: 0x000000011b0ef8f4 libvclplug_osxlo.dylib`-[SalFrameView
setMarkedText:selectedRange:replacementRange:](self=0x00000002c4b0d980,
_cmd="setMarkedText:selectedRange:replacementRange:", aString="嗚呼嗚呼",
selRange=location=4, length=0, replacementRange=location=9223372036854775807,
length=0) at salframeview.mm:1595:18
frame #24: 0x00000001bc8d6a2c
AppKit`-[NSTextInputContext(NSInputContext_WithCompletion)
setMarkedText:selectedRange:replacementRange:completionHandler:] + 168
Change-Id: I500824967d56232272041f8a2b972cdb2c9fe05c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/143806
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/editeng/source/editeng/impedit2.cxx
b/editeng/source/editeng/impedit2.cxx
index c7df8af33337..4e87e36af5d3 100644
--- a/editeng/source/editeng/impedit2.cxx
+++ b/editeng/source/editeng/impedit2.cxx
@@ -678,6 +678,12 @@ void ImpEditEngine::Clear()
EditView* pView = aEditViews[--nView];
pView->pImpEditView->SetEditSelection( aSel );
}
+
+ // Related: tdf#82115 Fix crash when handling input method events.
+ // The nodes in mpIMEInfos may be deleted in ImpEditEngine::Clear() which
+ // causes a crash in the CommandEventId::ExtTextInput and
+ // CommandEventId::EndExtTextInput event handlers.
+ mpIMEInfos.reset();
}
EditPaM ImpEditEngine::RemoveText()
