https://bz.apache.org/ooo/show_bug.cgi?id=126635
orcmid <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] Status|UNCONFIRMED |CONFIRMED Ever confirmed|0 |1 --- Comment #2 from orcmid <[email protected]> --- Nice one! This is essentially saying if (pColl == NULL) pColl-> .... an attempt to access a structure at *pColl, when pColl is NULL and OpenOffice will crash. Hard. This code was in the original OpenOffice.org code imported for use as the base for development of Apache OpenOffice in 2011. There are many places where the containing function, lcl_SetNumBul, is called with the second parameter presumably not NULL. Which is to say, the line pColl -> ... is never executed. It appears that is the actual bug. If a defense against a NULL pColl parameter is needed, it should be at the beginning and all of the wasted work in this procedure avoided. We should then figure out if the line that is never executed needs to be executed and determine how many issues about OpenOffice behavior are all attributable to that line not being executed :). We can also take steps to ensure that the function is truly local to the SwDoc::GetTextCollFromPool method. -- You are receiving this mail because: You are the assignee for the issue.
