So ZCodec::ReadAsynchron was wrong in using a persistent mpIStm after all

The fun thing is that with the (only) call-site to ReadAsynchron in PNGReaderImpl::ImplReadIDAT (vcl/source/gdi/pngread.cxx) passing in rIStm references to stack-allocated SvMemoryStream instances, mpIStm could point to an old, destroyed instance from a previous call, but which would have been located at exactly the same stack address as the currently passed in rIStm, so the wrong mpIStm->Read call would effectively behaved exactly the same as a correct rIStm.Read call. This went unnoticed "since the beginning" until AddressSanitizer's UseAfterReturn check came along... Change-Id: I7c75ed2d36a4c24c111d88eff647816bd2c5dbca

So ZCodec::ReadAsynchron was wrong in using a persistent mpIStm after all
The fun thing is that with the (only) call-site to ReadAsynchron in PNGReaderImpl::ImplReadIDAT (vcl/source/gdi/pngread.cxx) passing in rIStm references to stack-allocated SvMemoryStream instances, mpIStm could point to an old, destroyed instance from a previous call, but which would have been located at exactly the same stack address as the currently passed in rIStm, so the wrong mpIStm->Read call would effectively behaved exactly the same as a correct rIStm.Read call. This went unnoticed "since the beginning" until AddressSanitizer's UseAfterReturn check came along... Change-Id: I7c75ed2d36a4c24c111d88eff647816bd2c5dbca
8f97326b · Stephan Bergmann · c5a603ce · 8f97326b · 8f97326b
Kaydet (Commit) 8f97326b authored May 21, 2014 tarafından Stephan Bergmann
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 5 deletions

zcodec.hxx include/tools/zcodec.hxx +0 -1

zcodec.cxx tools/source/zcodec/zcodec.cxx +2 -4

No files found.
--- a/include/tools/zcodec.hxx
+++ b/include/tools/zcodec.hxx
@@ -39,7 +39,6 @@ class TOOLS_DLLPUBLIC ZCodec
    State           meState;
    bool            mbStatus;
    bool            mbFinish;
-    SvStream*       mpIStm;
    sal_uInt8*      mpInBuf;
    sal_uIntPtr     mnInBufSize;
    sal_uIntPtr     mnInToRead;

--- a/tools/source/zcodec/zcodec.cxx
+++ b/tools/source/zcodec/zcodec.cxx
@@ -41,7 +41,6 @@ ZCodec::ZCodec( sal_uIntPtr nInBufSize, sal_uIntPtr nOutBufSize )
    : meState(STATE_INIT)
    , mbStatus(false)
    , mbFinish(false)
-    , mpIStm(NULL)
    , mpInBuf(NULL)
    , mnInBufSize(nInBufSize)
    , mnInToRead(0)
@@ -66,7 +65,7 @@ void ZCodec::BeginCompression( int nCompressLevel, bool updateCrc, bool gzLib )
    assert(meState == STATE_INIT);
    mbStatus = true;
    mbFinish = false;
-    mpIStm = mpOStm = NULL;
+    mpOStm = NULL;
    mnInToRead = 0xffffffff;
    mpInBuf = mpOutBuf = NULL;
    PZSTREAM->total_out = PZSTREAM->total_in = 0;
@@ -249,7 +248,6 @@ long ZCodec::ReadAsynchron( SvStream& rIStm, sal_uInt8* pData, sal_uIntPtr nSize
    if (meState == STATE_INIT)
    {
        InitDecompress(rIStm);
-        mpIStm = &rIStm;
    }
    PZSTREAM->avail_out = nSize;
    PZSTREAM->next_out = pData;
@@ -267,7 +265,7 @@ long ZCodec::ReadAsynchron( SvStream& rIStm, sal_uInt8* pData, sal_uIntPtr nSize
                break;
            }
-            PZSTREAM->avail_in = mpIStm->Read (
+            PZSTREAM->avail_in = rIStm.Read (
                PZSTREAM->next_in = mpInBuf, nInToRead);
            mnInToRead -= nInToRead;