source

Mike Kaganski (via logerrit) Thu, 18 May 2023 22:09:13 -0700

 editeng/source/misc/svxacorr.cxx |   12 ++++++++----
 include/editeng/svxacorr.hxx     |    2 +-
 sw/source/core/edit/edws.cxx     |    4 ++++
 3 files changed, 13 insertions(+), 5 deletions(-)


New commits:
commit 971c9945825db02a4809538d26fff3ae77d16866
Author:     Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Thu May 18 20:06:21 2023 +0300
Commit:     Mike Kaganski <mike.kagan...@collabora.com>
CommitDate: Fri May 19 07:08:46 2023 +0200

    Fix "AddressSanitizer: heap-use-after-free"
    
    https://github.com/CollaboraOnline/online/issues/6380
    
    Commit 7481e8b5500e86626be5f8eae1e7f48b7f51e21a (sw_redlinehide_4a:
    SwEditShell::AutoCorrect() etc., 2018-11-28) explicitly relied upon
    the reference to the node text being updated on editing operations.
    
    Commit 14f6700fefa945c4cf995c09af9326c2a022f886 (use more string_view
    in editeng, 2022-04-14) converted the argument of FnChgToEnEmDash to
    a string view, which means that any change in the underlying OUString
    frees the memory referenced by the view.
    
    But in this method, we really don't want to have the text updated;
    so use a local OUString copy for later reference.
    
    Partially revert commit 14f6700fefa945c4cf995c09af9326c2a022f886.
    
    And copy mst's commit 7481e8b5500e86626be5f8eae1e7f48b7f51e21a
    message to document the assumptions in SwEditShell::AutoCorrect.
    
    Change-Id: I0ff02958c8de9566d774f366d905aa9bb603055c
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151970
    Tested-by: Mike Kaganski <mike.kagan...@collabora.com>
    Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>

diff --git a/editeng/source/misc/svxacorr.cxx b/editeng/source/misc/svxacorr.cxx
index 6b759415b52b..dfb1e6c0d726 100644
--- a/editeng/source/misc/svxacorr.cxx
+++ b/editeng/source/misc/svxacorr.cxx
@@ -545,7 +545,7 @@ bool SvxAutoCorrect::FnChgOrdinalNumber(
 
 // Replace dashes
 bool SvxAutoCorrect::FnChgToEnEmDash(
-                                SvxAutoCorrDoc& rDoc, std::u16string_view rTxt,
+                                SvxAutoCorrDoc& rDoc, const OUString& rTxt,
                                 sal_Int32 nSttPos, sal_Int32 nEndPos,
                                 LanguageType eLang )
 {
@@ -555,6 +555,10 @@ bool SvxAutoCorrect::FnChgToEnEmDash(
         eLang = GetAppLang().getLanguageType();
     bool bAlwaysUseEmDash = (eLang == LANGUAGE_RUSSIAN || eLang == 
LANGUAGE_UKRAINIAN);
 
+    // rTxt may refer to the frame text that will change in the calls to 
rDoc.Delete / rDoc.Insert;
+    // keep a local copy for later use
+    OUString aOrigTxt = rTxt;
+
     // replace " - " or " --" with "enDash"
     if( 1 < nSttPos && 1 <= nEndPos - nSttPos )
     {
@@ -631,14 +635,14 @@ bool SvxAutoCorrect::FnChgToEnEmDash(
     bool bEnDash = (eLang == LANGUAGE_HUNGARIAN || eLang == LANGUAGE_FINNISH);
     if( 4 <= nEndPos - nSttPos )
     {
-        OUString sTmp( rTxt.substr( nSttPos, nEndPos - nSttPos ) );
+        OUString sTmp( aOrigTxt.subView( nSttPos, nEndPos - nSttPos ) );
         sal_Int32 nFndPos = sTmp.indexOf("--");
         if( nFndPos != -1 && nFndPos &&
             nFndPos + 2 < sTmp.getLength() &&
             ( rCC.isLetterNumeric( sTmp, nFndPos - 1 ) ||
-              lcl_IsInAsciiArr( sImplEndSkipChars, rTxt[ nFndPos - 1 ] )) &&
+              lcl_IsInAsciiArr( sImplEndSkipChars, aOrigTxt[ nFndPos - 1 ] )) 
&&
             ( rCC.isLetterNumeric( sTmp, nFndPos + 2 ) ||
-            lcl_IsInAsciiArr( sImplSttSkipChars, rTxt[ nFndPos + 2 ] )))
+            lcl_IsInAsciiArr( sImplSttSkipChars, aOrigTxt[ nFndPos + 2 ] )))
         {
             nSttPos = nSttPos + nFndPos;
             rDoc.Delete( nSttPos, nSttPos + 2 );
diff --git a/include/editeng/svxacorr.hxx b/include/editeng/svxacorr.hxx
index fcb5f97aca2b..a5e43032a78f 100644
--- a/include/editeng/svxacorr.hxx
+++ b/include/editeng/svxacorr.hxx
@@ -408,7 +408,7 @@ public:
     bool FnChgOrdinalNumber( SvxAutoCorrDoc&, const OUString&,
                                 sal_Int32 nSttPos, sal_Int32 nEndPos,
                                 LanguageType eLang );
-    bool FnChgToEnEmDash( SvxAutoCorrDoc&, std::u16string_view,
+    bool FnChgToEnEmDash( SvxAutoCorrDoc&, const OUString&,
                                 sal_Int32 nSttPos, sal_Int32 nEndPos,
                                 LanguageType eLang );
     bool FnAddNonBrkSpace( SvxAutoCorrDoc&, std::u16string_view,
diff --git a/sw/source/core/edit/edws.cxx b/sw/source/core/edit/edws.cxx
index abbb920afdc5..4e46ae2daf5a 100644
--- a/sw/source/core/edit/edws.cxx
+++ b/sw/source/core/edit/edws.cxx
@@ -272,6 +272,10 @@ void SwEditShell::AutoCorrect( SvxAutoCorrect& rACorr, 
bool bInsert,
     // something - so first normalize cursor point to end of redline so that
     // point will then be moved forward when something is inserted.
     *pCursor->GetPoint() = pFrame->MapViewToModelPos(nPos);
+    // The hope is that the AutoCorrect never deletes nodes, hence never
+    // deletes SwTextFrames, hence we can pass in the SwTextFrame::GetText()
+    // result and it will be updated via the SwTextFrame::SwClientNotify()
+    // on editing operations.
     OUString const& rMergedText(pFrame->GetText());
     rACorr.DoAutoCorrect( aSwAutoCorrDoc,
                     rMergedText, sal_Int32(nPos),

[Libreoffice-commits] core.git: editeng/source include/editeng sw/source

Reply via email to