[Libreoffice-commits] core.git: Branch 'libreoffice-7-4' - sw/source

[Caolán McNamara (via logerrit)]

 sw/source/core/unocore/unofield.cxx |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

New commits:
commit 3293a3a78491d86cd799e741d212299df280db2c
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Jun 27 21:29:11 2022 +0100
Commit:     Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Dec 22 09:05:34 2022 +0000

    crashtesting: failure on load of forum-en-7529.odt
    
    ==324198== Invalid read of size 8
    ==324198==    at 0x2D840D75: std::__uniq_ptr_impl<SwField, 
std::default_delete<SwField> >::_M_ptr() const (unique_ptr.h:191)
    ==324198==    by 0x2D840D54: std::unique_ptr<SwField, 
std::default_delete<SwField> >::get() const (unique_ptr.h:462)
    ==324198==    by 0x2D932B9B: SwFormatField::GetField() (fmtfld.hxx:122)
    ==324198==    by 0x2E740E7B: SwXTextField::Impl::GetField() const 
(unofield.cxx:2634)
    ==324198==    by 0x2E7487EB: SwXTextField::setPropertyValue(rtl::OUString 
const&, com::sun::star::uno::Any const&) (unofield.cxx:2150)
    ==324198==    by 0x1100C123: 
XMLPropertyBackpatcher<short>::ResolveId(rtl::OUString const&, short) 
(XMLPropertyBackpatcher.cxx:73)
    ==324198==    by 0x1100BB0F: 
XMLTextImportHelper::InsertFootnoteID(rtl::OUString const&, short) 
(XMLPropertyBackpatcher.cxx:180)
    ==324198==    by 0x10FF7E71: 
XMLFootnoteImportContext::startFastElement(int, 
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList> 
const&) (XMLFootnoteImportContext.cxx:99)
    ==324198==    by 0x10C40361: SvXMLImport::startFastElement(int, 
com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList> 
const&) (xmlimp.cxx:812)
    ==324198==    by 0x28FBFE71: (anonymous 
namespace)::Entity::startElement((anonymous namespace)::Event const*) 
(fastparser.cxx:470)
    ==324198==    by 0x28FBED4E: 
sax_fastparser::FastSaxParserImpl::callbackStartElement(unsigned char const*, 
unsigned char const*, unsigned char const*, int, unsigned char const**, int, 
unsigned char const**) (fastparser.cxx:1304)
    ==324198==    by 0x28FBCCAF: (anonymous 
namespace)::call_callbackStartElement(void*, unsigned char const*, unsigned 
char const*, unsigned char const*, int, unsigned char const**, int, int, 
unsigned char const**) (fastparser.cxx:333)
    ==324198==  Address 0x259e2b68 is 328 bytes inside a block of size 344 
free'd
    ==324198==    at 0x4848669: operator delete(void*) (vg_replace_malloc.c:923)
    ==324198==    by 0x2E4EC2B1: SwFormatField::~SwFormatField() 
(atrfld.cxx:132)
    ==324198==    by 0x8635DA2: SfxItemPool::Remove(SfxPoolItem const&) 
(itempool.cxx:802)
    ==324198==    by 0x2E5BB014: SwTextAttr::Destroy(SwTextAttr*, SfxItemPool&) 
(txatbase.cxx:63)
    ==324198==    by 0x2E594EE2: SwTextNode::DestroyAttr(SwTextAttr*) 
(thints.cxx:1302)
    ==324198==    by 0x2E55C4EC: SwTextNode::~SwTextNode() (ndtxt.cxx:238)
    ==324198==    by 0x2E55CB38: SwTextNode::~SwTextNode() (ndtxt.cxx:227)
    ==324198==    by 0x2DEE048F: SwNodes::RemoveNode(o3tl::strong_int<int, 
Tag_SwNodeOffset>, o3tl::strong_int<int, Tag_SwNodeOffset>, bool) 
(nodes.cxx:2325)
    ==324198==    by 0x2DEE50C2: SwNodes::DelNodes(SwNodeIndex const&, 
o3tl::strong_int<int, Tag_SwNodeOffset>) (nodes.cxx:1384)
    ==324198==    by 0x2DC87B02: 
sw::DocumentContentOperationsManager::DeleteSection(SwNode*) 
(DocumentContentOperationsManager.cxx:2118)
    ==324198==    by 0x2DD2BB66: 
sw::DocumentLayoutManager::DelLayoutFormat(SwFrameFormat*) 
(DocumentLayoutManager.cxx:285)
    ==324198==    by 0x2DB0900E: DelFlyInRange(SwNodeIndex const&, SwNodeIndex 
const&, SwIndex const*, SwIndex const*) (docedt.cxx:254)
    
    maybe this is a problem since the various changes associated with:
    
    commit 2c9298e4f667a5dd7606d79890fcedfff0f66e26
    Date:   Fri Apr 5 23:14:47 2019 +0200
    
        SwXTextField::Impl FieldTypeClient: SwClient no more
    
    commit e18359445fabad9ba1a704600e9ee327112cc6ae
    Date:   Sun Apr 14 13:33:35 2019 +0200
    
        [API CHANGE] SwXTextField: no more SwModify/SwClient
    
    Change-Id: I52aa0a70604ea5ce96d2b55a9a2ad363a889f58e
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/136515
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    (cherry picked from commit ad387d5b984c6666906505d25685065f710ed55d)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/144670
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>

diff --git a/sw/source/core/unocore/unofield.cxx 
b/sw/source/core/unocore/unofield.cxx
index 945ee2dca67d..abe754f62b4f 100644
--- a/sw/source/core/unocore/unofield.cxx
+++ b/sw/source/core/unocore/unofield.cxx
@@ -1967,6 +1967,7 @@ void SAL_CALL SwXTextField::attach(
         if (!pTextAttr)
             throw uno::RuntimeException("no SwTextAttr inserted?");  // could 
theoretically happen, if paragraph is full
 
+        m_pImpl->ClearFieldType();
         const SwFormatField& rField = pTextAttr->GetFormatField();
         m_pImpl->SetFormatField(const_cast<SwFormatField*>(&rField), pDoc);
 
@@ -1990,7 +1991,6 @@ void SAL_CALL SwXTextField::attach(
         m_pImpl->GetFormatField()->SetXTextField(this);
         m_pImpl->m_wThis = *this;
         m_pImpl->m_bIsDescriptor = false;
-        m_pImpl->ClearFieldType();
         m_pImpl->m_pProps.reset();
         if (m_pImpl->m_bCallUpdate)
             update();