sw/source/core/access/accpara.cxx | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
New commits:
commit 51d3161bd9114fa503a6286247c87bc6f77b8b4b
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Thu Jun 1 12:32:57 2023 +0100
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Thu Jun 1 14:39:36 2023 +0200
take a copy of SwAccessibleParagraph::GetString()
take a copy of this a11y and not a reference
it is not guaranteed that listeners to the a11y events called by
FireAccessibleEvent will themselves not call anything which could end up
calling ClearPortionData which would leave rText pointing to old
released memory
seen in the wild with:
==15145==ERROR: AddressSanitizer: heap-use-after-free
program/../program/libswlo.so
rtl::OUString::equals(rtl::OUString const&) const
builddir/libreoffice/include/rtl/ustring.hxx:952
program/../program/libswlo.so
rtl::operator==(rtl::OUString const&, rtl::OUString const&)
builddir/libreoffice/include/rtl/ustring.hxx:1713
program/../program/libswlo.so
SwAccessibleContext::InvalidatePosOrSize(SwRect const&)
builddir/libreoffice/sw/source/core/access/acccontext.cxx:1196
and
previously allocated by thread T0 here:
program/../program/libswlo.so
SwAccessibleParagraph::UpdatePortionData()
builddir/libreoffice/sw/source/core/access/accpara.cxx:442
with free of:
program/../program/libswlo.so
std::default_delete<SwAccessiblePortionData>::operator()(SwAccessiblePortionData*)
const
gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:78
program/../program/libswlo.so
SwAccessibleParagraph::ClearPortionData()
builddir/libreoffice/sw/source/core/access/accpara.cxx:451
program/../program/libswlo.so
SwAccessibleParagraph::getCaretPosition()
builddir/libreoffice/sw/source/core/access/accpara.cxx:1016
program/libmergedlo.so
LOKDocumentFocusListener::updateParagraphInfo(com::sun::star::uno::Reference<com::sun::star::accessibility::XAccessibleText>
const&, bool, std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >)
builddir/libreoffice/sfx2/source/view/viewsh.cxx:685
Change-Id: I72c9894ca842b8f040b27481f0fd8d56542eb530
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/152442
Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
diff --git a/sw/source/core/access/accpara.cxx
b/sw/source/core/access/accpara.cxx
index 687e2571c339..8761e379b1e7 100644
--- a/sw/source/core/access/accpara.cxx
+++ b/sw/source/core/access/accpara.cxx
@@ -250,16 +250,16 @@ void SwAccessibleParagraph::InvalidateContent_( bool
bVisibleDataFired )
ClearPortionData();
- const OUString& rText = GetString();
+ const OUString sText = GetString();
- if( rText != sOldText )
+ if( sText != sOldText )
{
// The text is changed
AccessibleEventObject aEvent;
aEvent.EventId = AccessibleEventId::TEXT_CHANGED;
- // determine exact changes between sOldText and rText
-
(void)comphelper::OCommonAccessibleText::implInitTextChangedEvent(sOldText,
rText,
+ // determine exact changes between sOldText and sText
+
(void)comphelper::OCommonAccessibleText::implInitTextChangedEvent(sOldText,
sText,
aEvent.OldValue,
aEvent.NewValue);
@@ -302,7 +302,7 @@ void SwAccessibleParagraph::InvalidateContent_( bool
bVisibleDataFired )
FireAccessibleEvent( aEvent );
}
- if( rText == sOldText )
+ if( sText == sOldText )
return;
OUString sNewDesc( GetDescription() );
