-fsanitize=null

...as happens in CppunitTest_sw_filters_test with sw/qa/core/data/ww8/pass/CVE-2015-2431-1.doc: > sw/source/filter/ww8/ww8par4.cxx:294:76: runtime error: reference binding to null pointer of type 'const SfxItemSet' > SwWW8ImplReader::ImportOle(Graphic const*, SfxItemSet const*, SfxItemSet const*, Rectangle const&) sw/source/filter/ww8/ww8par4.cxx:294:23 > SwWW8ImplReader::ReadChar(long, long) sw/source/filter/ww8/ww8par.cxx:3611:35 > SwWW8ImplReader::ReadChars(int&, int, long, long) sw/source/filter/ww8/ww8par.cxx:3436:27 > SwWW8ImplReader::ReadText(int, int, ManTypes) sw/source/filter/ww8/ww8par.cxx:3974:22 > SwWW8ImplReader::CoreLoad(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:5175:9 > SwWW8ImplReader::LoadThroughDecryption(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:5773:19 > SwWW8ImplReader::LoadDoc(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:6045:19 > WW8Reader::Read(SwDoc&, rtl::OUString const&, SwPaM&, rtl::OUString const&) sw/source/filter/ww8/ww8par.cxx:6167:20 > SwReader::Read(Reader const&) sw/source/filter/basflt/shellio.cxx:175:18 > SwDocShell::ConvertFrom(SfxMedium&) sw/source/uibase/app/docsh.cxx:258:22 > SfxObjectShell::DoLoad(SfxMedium*) sfx2/source/doc/objstor.cxx:790:23 > SwFiltersTest::filter(rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned int, bool) sw/qa/core/filters-test.cxx:112:20 Change-Id: I4482bc5d8e0c2646e7c8667a231a78311b557e89

-fsanitize=null
...as happens in CppunitTest_sw_filters_test with sw/qa/core/data/ww8/pass/CVE-2015-2431-1.doc: > sw/source/filter/ww8/ww8par4.cxx:294:76: runtime error: reference binding to null pointer of type 'const SfxItemSet' > SwWW8ImplReader::ImportOle(Graphic const*, SfxItemSet const*, SfxItemSet const*, Rectangle const&) sw/source/filter/ww8/ww8par4.cxx:294:23 > SwWW8ImplReader::ReadChar(long, long) sw/source/filter/ww8/ww8par.cxx:3611:35 > SwWW8ImplReader::ReadChars(int&, int, long, long) sw/source/filter/ww8/ww8par.cxx:3436:27 > SwWW8ImplReader::ReadText(int, int, ManTypes) sw/source/filter/ww8/ww8par.cxx:3974:22 > SwWW8ImplReader::CoreLoad(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:5175:9 > SwWW8ImplReader::LoadThroughDecryption(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:5773:19 > SwWW8ImplReader::LoadDoc(WW8Glossary*) sw/source/filter/ww8/ww8par.cxx:6045:19 > WW8Reader::Read(SwDoc&, rtl::OUString const&, SwPaM&, rtl::OUString const&) sw/source/filter/ww8/ww8par.cxx:6167:20 > SwReader::Read(Reader const&) sw/source/filter/basflt/shellio.cxx:175:18 > SwDocShell::ConvertFrom(SfxMedium&) sw/source/uibase/app/docsh.cxx:258:22 > SfxObjectShell::DoLoad(SfxMedium*) sfx2/source/doc/objstor.cxx:790:23 > SwFiltersTest::filter(rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, SfxFilterFlags, SotClipboardFormatId, unsigned int, bool) sw/qa/core/filters-test.cxx:112:20 Change-Id: I4482bc5d8e0c2646e7c8667a231a78311b557e89
3b1ab016 · Stephan Bergmann · fd1571e8 · 3b1ab016 · 3b1ab016 · 3b1ab016
Kaydet (Commit) 3b1ab016 authored Eyl 01, 2015 tarafından Stephan Bergmann
Showing with 6 additions and 6 deletions

ww8graf.cxx sw/source/filter/ww8/ww8graf.cxx +1 -1

ww8graf2.cxx sw/source/filter/ww8/ww8graf2.cxx +1 -1

ww8par.hxx sw/source/filter/ww8/ww8par.hxx +1 -1

ww8par4.cxx sw/source/filter/ww8/ww8par4.cxx +3 -3

No files found.
--- a/sw/source/filter/ww8/ww8graf.cxx
+++ b/sw/source/filter/ww8/ww8graf.cxx
@@ -3026,7 +3026,7 @@ SwFlyFrameFormat* SwWW8ImplReader::ImportReplaceableDrawables( SdrObject* &rpObj

    OUString aObjectName(rpObject->GetName());
    if (OBJ_OLE2 == SdrObjKind(rpObject->GetObjIdentifier()))
-        pRetFrameFormat = InsertOle(*static_cast<SdrOle2Obj*>(rpObject), rFlySet, aGrSet);
+        pRetFrameFormat = InsertOle(*static_cast<SdrOle2Obj*>(rpObject), rFlySet, &aGrSet);
    else
    {
        const SdrGrafObj *pGrf = static_cast<const SdrGrafObj*>(rpObject);

--- a/sw/source/filter/ww8/ww8graf2.cxx
+++ b/sw/source/filter/ww8/ww8graf2.cxx
@@ -642,7 +642,7 @@ SwFrameFormat* SwWW8ImplReader::ImportGraf(SdrTextObj* pTextObj,
                    if (sal_uInt16(OBJ_OLE2) == pObject->GetObjIdentifier())
                    {
                        // the size from BLIP, if there is any, should be already set
-                        pRet = InsertOle(*static_cast<SdrOle2Obj*>(pObject), aAttrSet, aGrSet);
+                        pRet = InsertOle(*static_cast<SdrOle2Obj*>(pObject), aAttrSet, &aGrSet);
                    }
                    else
                    {

--- a/sw/source/filter/ww8/ww8par.hxx
+++ b/sw/source/filter/ww8/ww8par.hxx
@@ -1522,7 +1522,7 @@ private:
    SwFrameFormat* ImportOle( const Graphic* = 0, const SfxItemSet* pFlySet = 0,
        const SfxItemSet* pGrfSet = 0, const Rectangle& aVisArea = Rectangle() );
    SwFlyFrameFormat* InsertOle(SdrOle2Obj &rObject, const SfxItemSet &rFlySet,
-        const SfxItemSet &rGrfSet);
+        const SfxItemSet *rGrfSet);

    bool ImportFormulaControl(WW8FormulaControl &rBox,WW8_CP nStart,
        SwWw8ControlType nWhich);

--- a/sw/source/filter/ww8/ww8par4.cxx
+++ b/sw/source/filter/ww8/ww8par4.cxx
@@ -198,7 +198,7 @@ static bool SwWw6ReadMacPICTStream(Graphic& rGraph, tools::SvRef<SotStorage>& rS
 }

 SwFlyFrameFormat* SwWW8ImplReader::InsertOle(SdrOle2Obj &rObject,
-    const SfxItemSet &rFlySet, const SfxItemSet &rGrfSet)
+    const SfxItemSet &rFlySet, const SfxItemSet *rGrfSet)
 {
    SfxObjectShell *pPersist = m_rDoc.GetPersist();
    OSL_ENSURE(pPersist, "No persist, cannot insert objects correctly");
@@ -238,7 +238,7 @@ SwFlyFrameFormat* SwWW8ImplReader::InsertOle(SdrOle2Obj &rObject,
    if (bSuccess)
    {
        const SfxItemSet *pFlySet = pMathFlySet ? pMathFlySet : &rFlySet;
-        pRet = m_rDoc.getIDocumentContentOperations().InsertOLE(*m_pPaM, sNewName, rObject.GetAspect(), pFlySet, &rGrfSet, 0);
+        pRet = m_rDoc.getIDocumentContentOperations().InsertOLE(*m_pPaM, sNewName, rObject.GetAspect(), pFlySet, rGrfSet, 0);
    }
    delete pMathFlySet;
    return pRet;
@@ -291,7 +291,7 @@ SwFrameFormat* SwWW8ImplReader::ImportOle(const Graphic* pGrf,
    {
        if (pRet->ISA(SdrOle2Obj))
        {
-            pFormat = InsertOle(*static_cast<SdrOle2Obj*>(pRet), *pFlySet, *pGrfSet);
+            pFormat = InsertOle(*static_cast<SdrOle2Obj*>(pRet), *pFlySet, pGrfSet);
            SdrObject::Free( pRet );        // das brauchen wir nicht mehr
        }
        else