[openoffice.org/f13/master] Resolves: rhbz#631543 [abrt] crash on dereferencing dangling pointer passed down from SwCalc::Str2Do

Wed Sep 8 12:33:21 UTC 2010

commit d59f3a035f3286287ac455be92790ea9251d62dc
Author: David Tardon <dtardon at redhat.com>
Date:   Wed Sep 8 14:33:04 2010 +0200

    Resolves: rhbz#631543 [abrt] crash on dereferencing dangling pointer passed down from SwCalc::Str2Double

 ...0.ooo114409.sw.prevent-dangling-ptr-deref.patch |   47 ++++++++++++++++++++
 openoffice.org.spec                                |    6 ++-
 2 files changed, 52 insertions(+), 1 deletions(-)
---

diff --git a/openoffice.org-3.2.0.ooo114409.sw.prevent-dangling-ptr-deref.patch b/openoffice.org-3.2.0.ooo114409.sw.prevent-dangling-ptr-deref.patch
new file mode 100644
index 0000000..3f2a5ba
--- /dev/null
+++ b/openoffice.org-3.2.0.ooo114409.sw.prevent-dangling-ptr-deref.patch
@@ -0,0 +1,47 @@
+# HG changeset patch
+# Parent b682cbb775c33b3969bce1d52e4b0164b42c1bb6
+#i114409# prevent deref. of dangling ptr if there is no other instance of SvtSysLocale hanging around somewhere
+
+diff -r b682cbb775c3 sw/source/core/bastyp/calc.cxx
+--- a/sw/source/core/bastyp/calc.cxx	Tue Aug 17 14:47:10 2010 +0200
++++ b/sw/source/core/bastyp/calc.cxx	Wed Sep 08 14:22:51 2010 +0200
+@@ -1620,9 +1620,10 @@
+ BOOL SwCalc::Str2Double( const String& rCommand, xub_StrLen& rCommandPos,
+ 							double& rVal, const LocaleDataWrapper* pLclData )
+ {
++    const SvtSysLocale aSysLocale;
+ 	const LocaleDataWrapper* pLclD = pLclData;
+ 	if( !pLclD )
+-		pLclD = &SvtSysLocale().GetLocaleData();
++		pLclD = aSysLocale.GetLocaleDataPtr();
+ 
+ 	const xub_Unicode nCurrCmdPos = rCommandPos;
+     rtl_math_ConversionStatus eStatus;
+@@ -1634,7 +1635,7 @@
+             &eStatus, &pEnd );
+ 	rCommandPos = static_cast<xub_StrLen>(pEnd - rCommand.GetBuffer());
+ 
+-	if( !pLclData && pLclD != &SvtSysLocale().GetLocaleData() )
++	if( !pLclData && pLclD != &aSysLocale.GetLocaleData() )
+ 		delete (LocaleDataWrapper*)pLclD;
+ 
+ 	return rtl_math_ConversionStatus_Ok == eStatus && nCurrCmdPos != rCommandPos;
+@@ -1643,7 +1644,8 @@
+ BOOL SwCalc::Str2Double( const String& rCommand, xub_StrLen& rCommandPos,
+ 							double& rVal, SwDoc* pDoc )
+ {
+-	const LocaleDataWrapper* pLclD = &SvtSysLocale().GetLocaleData();
++    const SvtSysLocale aSysLocale;
++	const LocaleDataWrapper* pLclD = aSysLocale.GetLocaleDataPtr();
+ 	if( pDoc )
+ 	{
+ 
+@@ -1664,7 +1666,7 @@
+             &eStatus, &pEnd );
+ 	rCommandPos = static_cast<xub_StrLen>(pEnd - rCommand.GetBuffer());
+ 
+-	if( pLclD != &SvtSysLocale().GetLocaleData() )
++	if( pLclD != &aSysLocale.GetLocaleData() )
+ 		delete (LocaleDataWrapper*)pLclD;
+ 
+ 	return rtl_math_ConversionStatus_Ok == eStatus && nCurrCmdPos != rCommandPos;
diff --git a/openoffice.org.spec b/openoffice.org.spec
index 9841a5e..d47462b 100644
--- a/openoffice.org.spec
+++ b/openoffice.org.spec
@@ -173,6 +173,7 @@ Patch102: openoffice.org-3.3.0.ooo106591.sal.tradcopy.patch
 Patch103: workspace.impress197.patch
 Patch104: openoffice.org-3.3.0.ooo113856.vcl.mutter.patch
 Patch105: openoffice.org-3.1.1.rhbz568277.avoid-crash-in-docx-import.patch
+Patch106: openoffice.org-3.2.0.ooo114409.sw.prevent-dangling-ptr-deref.patch
 
 %{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
 %define instdir %{_libdir}
@@ -1776,6 +1777,7 @@ cp -p %{SOURCE5} external/unowinreg/unowinreg.dll
 %patch103 -p1 -b .workspace.impress197.patch
 %patch104 -p1 -b .ooo113856.vcl.mutter.patch
 %patch105 -p1 -b .rhbz568277.avoid-crash-in-docx-import.patch
+%patch106 -p1 -b .ooo114409.sw.prevent-dangling-ptr-deref.patch
 
 %build
 echo build start time is `date`, diskspace: `df -h . | tail -n 1`
@@ -4261,8 +4263,10 @@ fi
 %endif
 
 %changelog
-* Sat Aug 14 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.2.0-12.32-UNBUILT
+* Wed Sep 08 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.2.0-12.32-UNBUILT
 - Resolves: rhbz#568277 workaround to avoid the crash (dtardon)
+- Resolves: rhbz#631543 [abrt] crash on dereferencing dangling
+  pointer passed down from SwCalc::Str2Double (dtardon)
 
 * Fri Aug 13 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.2.0-12.31
 - Resolves: rhbz#623800 gnome-shell/mutter focus problems
