https://bugs.freedesktop.org/show_bug.cgi?id=84086
Priority: high Bug ID: 84086 CC: noelgran...@gmail.com, t...@iki.fi Assignee: libreoffice-bugs@lists.freedesktop.org Summary: Find and fix anti-patterns that result in use-after-free of strings Severity: major Classification: Unclassified OS: All Reporter: fdb...@neosheffield.co.uk Hardware: Other Status: NEW Version: 4.4.0.0.alpha0+ Master Component: Libreoffice Product: LibreOffice In the codebase there are currently some examples of code like this: gchar* aItemCommandStr = (gchar*) OUStringToOString( aItemCommand, RTL_TEXTENCODING_UTF8 ).getStr(); This fails as a pattern, because the destructor of the anonymous temporary OString is called at the end of this expression, before the gchar* that is returned can be used. (the destructor is only called at the very end of the expression, so in this case it would suffice to wrap with a g_strdup() on the same line, or alternatively to split the expression into two with a named OString) See bug 69090 for one example of this that resulted in a visible bug. There may be other related issues of a similar nature. A clang plugin would potentially be a good way to guard against these. -- You are receiving this mail because: You are the assignee for the bug.
_______________________________________________ Libreoffice-bugs mailing list Libreoffice-bugs@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs