https://bugs.freedesktop.org/show_bug.cgi?id=84086
Priority: high
Bug ID: 84086
CC: [email protected], [email protected]
Assignee: [email protected]
Summary: Find and fix anti-patterns that result in
use-after-free of strings
Severity: major
Classification: Unclassified
OS: All
Reporter: [email protected]
Hardware: Other
Status: NEW
Version: 4.4.0.0.alpha0+ Master
Component: Libreoffice
Product: LibreOffice
In the codebase there are currently some examples of code like this:
gchar* aItemCommandStr = (gchar*) OUStringToOString( aItemCommand,
RTL_TEXTENCODING_UTF8 ).getStr();
This fails as a pattern, because the destructor of the anonymous temporary
OString is called at the end of this expression, before the gchar* that is
returned can be used.
(the destructor is only called at the very end of the expression, so in this
case it would suffice to wrap with a g_strdup() on the same line, or
alternatively to split the expression into two with a named OString)
See bug 69090 for one example of this that resulted in a visible bug.
There may be other related issues of a similar nature. A clang plugin would
potentially be a good way to guard against these.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
