This is an automated email from the ASF dual-hosted git repository.
leginee pushed a change to branch fix-letent-use-after-free-bug
in repository https://gitbox.apache.org/repos/asf/openoffice.git
at e6374a31c1 This fixes a latent UAF, found in a debug-CRT-deterministic
session, but present in all builds. ScViewData::ReadUserDataSequence
(viewdata.cxx:2821) does delete pTabData[nTab]; pTabData[nTab] = new
ScViewDataTable; per sheet but never refreshes pThisTab (which pointed at
pTabData[nTabNo]). Back in ScTabView::SetTabNo, line 1660 reads aViewData.
GetActivePart() → pThisTab->eWhichActive before line 1663 fixes pThisTab →
use-after-free → AV sc!ScTabView::SetTabNo mov ecx, [...]
This branch includes the following new commits:
new e6374a31c1 This fixes a latent UAF, found in a debug-CRT-deterministic
session, but present in all builds. ScViewData::ReadUserDataSequence
(viewdata.cxx:2821) does delete pTabData[nTab]; pTabData[nTab] = new
ScViewDataTable; per sheet but never refreshes pThisTab (which pointed at
pTabData[nTabNo]). Back in ScTabView::SetTabNo, line 1660 reads aViewData.
GetActivePart() → pThisTab->eWhichActive before line 1663 fixes pThisTab →
use-after-free → AV sc!ScTabView::SetTabNo mov ecx, [...]
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
