Issue 114409 - sw: dangling pointer dereference in SwCalc::Str2Double
Summary: sw: dangling pointer dereference in SwCalc::Str2Double
Status: CLOSED FIXED
Alias: None
Product: Writer
Classification: Application
Component: code (show other issues)
Version: OOO320m12
Hardware: All All
: P3 Trivial (vote)
Target Milestone: 3.4.0
Assignee: dtardon
QA Contact: issues@sw
URL:
Keywords:
Depends on:
Blocks: 90439 114424 114412
  Show dependency tree
 
Reported: 2010-09-08 13:20 UTC by dtardon
Modified: 2017-05-20 10:22 UTC (History)
2 users (show)

See Also:
Issue Type: PATCH
Latest Confirmation in: ---
Developer Difficulty: ---


Attachments
example file (195.67 KB, application/octet-stream)
2010-09-08 13:21 UTC, dtardon
no flags Details
avoid dangling ptr dereference (1.79 KB, patch)
2010-09-08 13:23 UTC, dtardon
no flags Details | Diff
updated patch (5.13 KB, patch)
2010-09-08 16:37 UTC, dtardon
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this issue.
Description dtardon 2010-09-08 13:20:57 UTC
The attached file crashes OO.o on opening because the LocaleDataWrapper* that is
passed down from SwCalc::Str2Double points to already destroyed object. It seems
the code expects there is at least one instance of SvtSysLocale somewhere
around, so the pointer is kept alive, but it's plain that's not the case there
.-) The code works in OOO330_m6 and DEV300_m87, but I think it would be better
to have an instance of SvtSysLocale around while using the LocaleDataWrapper*,
just to avoid future surprises.
Comment 1 dtardon 2010-09-08 13:21:54 UTC
Created attachment 71612 [details]
example file
Comment 2 dtardon 2010-09-08 13:23:26 UTC
Created attachment 71613 [details]
avoid dangling ptr dereference
Comment 3 andreas.martens 2010-09-08 15:31:59 UTC
.
Comment 4 andreas.martens 2010-09-08 15:35:51 UTC
Forgot to reassign :-(
Comment 5 dtardon 2010-09-08 16:35:53 UTC
there is a few more occurences of the same thing throughout sw
Comment 6 dtardon 2010-09-08 16:37:01 UTC
Created attachment 71619 [details]
updated patch
Comment 7 mst.ooo 2010-09-09 19:30:54 UTC
thanks for the patch, that's obviously broken.
what a bizarre idea is that anyway, a static refcounted pImpl???

fixed in cws sw34bf01
http://hg.services.openoffice.org/hg/cws/sw34bf01/rev/e8df63c4d4e2
Comment 8 mst.ooo 2010-10-07 11:19:04 UTC
please verify
Comment 9 dtardon 2010-10-07 20:38:48 UTC
looks good