[Libreoffice-commits] core.git: Branch 'libreoffice-7-6' - editeng/source

Caolán McNamara (via logerrit) Thu, 02 Nov 2023 12:52:31 -0700

 editeng/source/uno/unotext.cxx |    5 +++++
 1 file changed, 5 insertions(+)


New commits:
commit 10250f7b38a60aceeea125239f5cec4d98beb0b8
Author:     Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Thu Nov 2 12:18:05 2023 +0000
Commit:     Xisco Fauli <xiscofa...@libreoffice.org>
CommitDate: Thu Nov 2 20:52:04 2023 +0100

    crash seen in EditView::GetTransferable in calc
    
    if (pColor->getComplexColor().getType() == model::ColorType::Unused)
    
    (gdb) print pColor
    $10 = <optimized out>
    
    but:
    
    (gdb) print *pSet
    $12 = {_vptr.SfxItemSet = 0x7f7cd56f3198 <vtable for SfxItemSet+16>, 
m_pPool = 0x31e7d880, m_pParent = 0x0, m_ppItems = 0x33ecece0, m_pWhichRanges = 
{
        m_pairs = 0x7f7cd47b2480 <svl::Items_t<(unsigned short)4008, (unsigned 
short)4064>::value>, m_size = 1, m_bOwnRanges = false}, m_nCount = 1, 
m_bItemsFixed = false}
    
    (gdb) print *(pSet->m_ppItems)
    $11 = (const SfxPoolItem *) 0x0
    
    so, apparent null deref of pColor
    
     #0  SvxUnoTextRangeBase::_getOnePropertyStates (pSet=0x7ffe47b3ded0, 
pMap=0x7f7cd5a50600 
<ImplGetSvxTextPortionPropertyMap()::aSvxTextPortionPropertyMap+384>,
         rState=@0x38ae2d4c: 
com::sun::star::beans::PropertyState::PropertyState_DIRECT_VALUE)
         at editeng/source/uno/unotext.cxx:1179
     #1  0x00007f7cd1e6f5be in SvxUnoTextRangeBase::_getPropertyStates 
(this=0x3543bc00, PropertyName=..., nPara=nPara@entry=-1)
         at editeng/source/uno/unotext.cxx:1057
     #2  0x00007f7cd1e6fa12 in SvxUnoTextRangeBase::getPropertyStates 
(this=<optimized out>, aPropertyName=...)
         at editeng/source/uno/unotext.cxx:1031
     #3  0x00007f7cd41e723b in (anonymous 
namespace)::FilterPropertiesInfo_Impl::FillPropertyStateArray 
(this=this@entry=0x32e94820,
         rPropStates=std::vector of length 0, capacity 0, rPropSet=..., 
rPropMapper=..., bDefault=bDefault@entry=false, 
pOnlyTheseProps=pOnlyTheseProps@entry=0x0)
         at xmloff/source/style/xmlexppr.cxx:327
     #4  0x00007f7cd41e9230 in SvXMLExportPropertyMapper::Filter_ 
(this=this@entry=0x34dc72a0, rExport=..., xPropSet=..., 
bDefault=bDefault@entry=false,
         bEnableFoFontFamily=bEnableFoFontFamily@entry=false, 
pOnlyTheseProps=0x0)
         at xmloff/source/style/xmlexppr.cxx:651
     #5  0x00007f7cd41ea026 in SvXMLExportPropertyMapper::Filter 
(this=this@entry=0x34dc72a0, rExport=..., rPropSet=..., 
bEnableFoFontFamily=bEnableFoFontFamily@entry=false,
         pOnlyTheseProps=pOnlyTheseProps@entry=0x0) at 
xmloff/source/style/xmlexppr.cxx:526
     #6  0x00007f7cd42dbbcd in XMLTextParagraphExport::Add 
(this=this@entry=0x37110830, nFamily=nFamily@entry=XmlStyleFamily::TEXT_TEXT, 
rPropSet=..., aAddStates=...,
         bDontSeek=bDontSeek@entry=false) at xmloff/source/text/txtparae.cxx:685
     #7  0x00007f7cd42dd09f in XMLTextParagraphExport::exportTextRange 
(this=this@entry=0x37110830, rTextRange=..., bAutoStyles=bAutoStyles@entry=true,
         rPrevCharIsSpace=@0x7ffe47b3eef0: true, openFieldMark=@0x7ffe47b3ec34: 
XMLTextParagraphExport::NONE)
         at xmloff/source/text/txtparae.cxx:3731
     #8  0x00007f7cd42e57df in 
XMLTextParagraphExport::exportTextRangeEnumeration (this=this@entry=0x37110830, 
rTextEnum=..., bAutoStyles=bAutoStyles@entry=true,
         bIsProgress=bIsProgress@entry=false, rPrevCharIsSpace=@0x7ffe47b3eef0: 
true)
         at xmloff/source/text/txtparae.cxx:2438
     #9  0x00007f7cd42ea746 in XMLTextParagraphExport::exportParagraph 
(this=this@entry=0x37110830, rTextContent=..., 
bAutoStyles=bAutoStyles@entry=true,
         bIsProgress=bIsProgress@entry=false, 
bExportParagraph=bExportParagraph@entry=true, rPropSetHelper=..., 
eExtensionNS=<optimized out>)
         at xmloff/source/text/txtparae.cxx:2378
     #10 0x00007f7cd42e0634 in 
XMLTextParagraphExport::exportTextContentEnumeration 
(this=this@entry=0x37110830, rContEnum=..., bAutoStyles=bAutoStyles@entry=true,
         rBaseSection=..., bIsProgress=bIsProgress@entry=false, 
bExportParagraph=bExportParagraph@entry=true, pRangePropSet=<optimized out>, 
eExtensionNS=<optimized out>)
         at xmloff/source/text/txtparae.cxx:2008
     #11 0x00007f7cd42e113a in XMLTextParagraphExport::exportText 
(this=this@entry=0x37110830, rText=..., bAutoStyles=bAutoStyles@entry=true,
         bIsProgress=bIsProgress@entry=false, 
bExportParagraph=bExportParagraph@entry=true, 
eExtensionNS=eExtensionNS@entry=TextPNS::ODF)
         at xmloff/source/text/txtparae.cxx:1762
     #12 0x00007f7cd1e78669 in XMLTextParagraphExport::collectTextAutoStyles 
(bExportParagraph=true, bIsProgress=false, rText=..., this=<optimized out>)
         at include/xmloff/txtparae.hxx:459
     #13 (anonymous namespace)::SvxXMLTextExportComponent::ExportAutoStyles_ 
(this=0x7f7cb4522930)
         at editeng/source/xml/xmltxtexp.cxx:341
     #14 0x00007f7cd406121c in SvXMLExport::ImplExportAutoStyles 
(this=this@entry=0x7f7cb4522930)
         at xmloff/source/core/xmlexp.cxx:1127
     #15 0x00007f7cd40645f5 in SvXMLExport::exportDoc (this=0x7f7cb4522930, 
eClass=<optimized out>)
         at xmloff/source/core/xmlexp.cxx:1380
     #16 0x00007f7cd1e78d64 in SvxWriteXML (rEditEngine=..., rStream=..., 
rSel=...)
         at editeng/source/xml/xmltxtexp.cxx:321
     #17 0x00007f7cd1da1d0c in ImpEditEngine::WriteXML 
(this=this@entry=0x34f87990, rOutput=..., rSel=...)
         at editeng/source/editeng/impedit4.cxx:270
     #18 0x00007f7cd1d88881 in ImpEditEngine::CreateTransferable 
(this=0x34f87990, rSelection=...)
         at editeng/source/editeng/impedit2.cxx:3843
     #19 0x00007f7cd1d4c091 in EditEngine::CreateTransferable (this=<optimized 
out>, rSelection=...)
         at editeng/source/editeng/editeng.cxx:816
     #20 0x00007f7cd1d5c91a in EditView::GetTransferable (this=0x33eb8190)
         at editeng/source/editeng/editview.cxx:662
     #21 0x00007f7cc2c03eac in ScModelObj::getSelection (this=<optimized out>)
        at sc/source/ui/unoobj/docuno.cxx:904
    
    Change-Id: Idb8cbbebe02188678f9c1b17e80cf89feffa9de8
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158803
    Tested-by: Caolán McNamara <caolan.mcnam...@collabora.com>
    Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
    (cherry picked from commit b50681f8da6fbc57db07d488c6e76e33fcd59147)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/158818
    Tested-by: Jenkins
    Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>

diff --git a/editeng/source/uno/unotext.cxx b/editeng/source/uno/unotext.cxx
index 1eb84a177f44..c63573d6082f 100644
--- a/editeng/source/uno/unotext.cxx
+++ b/editeng/source/uno/unotext.cxx
@@ -1140,6 +1140,11 @@ bool SvxUnoTextRangeBase::_getOnePropertyStates(const 
SfxItemSet* pSet, const Sf
             // Theme & effects can be DEFAULT_VALUE, even if the same pool 
item has a color
             // which is a DIRECT_VALUE.
             const SvxColorItem* pColor = 
pSet->GetItem<SvxColorItem>(EE_CHAR_COLOR);
+            if (!pColor)
+            {
+                SAL_WARN("editeng", "Missing EE_CHAR_COLOR SvxColorItem");
+                return false;
+            }
             switch (pMap->nMemberId)
             {
                 case MID_COLOR_THEME_INDEX:

[Libreoffice-commits] core.git: Branch 'libreoffice-7-6' - editeng/source

Reply via email to