Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index 

Hi all,

could someone review commit 01096e7487d9e60fcd24eea8131b650588845f2b in
libs-core for 3.4?

It fixes the following crash scenario:

1. create new presentation
2. press F11 to open stylist
3. right click on a style and click on Modify
4. press Esc (or click Cancel)
5. press F11

It does not happen if the stylist is closed using menu. Neither it
happen in Writer.

It crashes because pbDeleted member of SfxCommonTemplateDialog_Impl is
set to point to a stack variable in SfxCommonTemplateDialog_Impl::Exec_Impl
and is not reset to 0 if the code returns through

if ( !pItem || aDeleted )
    return sal_False;

. ~SfxCommonTemplateDialog_Impl writes into pbDeleted->bDead, but at
that point the stack variable no longer exists, so it just overwrites
a couple of bytes somewhere on the stack.

D.

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.