[Libreoffice-bugs] [Bug 99556] New: CRASH: NULL pointer dereference in MathML node.cxx

bugzilla-daemon Thu, 28 Apr 2016 09:51:05 -0700

https://bugs.documentfoundation.org/show_bug.cgi?id=99556


            Bug ID: 99556
           Summary: CRASH: NULL pointer dereference in MathML node.cxx
           Product: LibreOffice
           Version: 5.2.0.0.alpha1
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: framework
          Assignee: [email protected]
          Reporter: [email protected]

Abstract: MathML msqrt element will be handled improperly when it has no
children.

Problem: there is no code to check whether a node has a subnodes or not in
SmRootNode::CreateTextFromNode function:

// ...
if (!pExtra && GetSubNode(2)->GetNumSubNodes() > 1)
    rText += "{ ";

GetSubNode(2)->CreateTextFromNode(rText);

if (!pExtra && GetSubNode(2)->GetNumSubNodes() > 1)
    rText += "} ";
// ...

In the case of <msqrt/> (see below) a return value of GetSubNode will be NULL
so it cannot be dereferenced.

Solution: store a return values of GetSubNode and compare them with NULL before
dereferencing.

How to reproduce: copy the code below into example.xml and open it in
LibreOffice.
<math xmlns="http://www.w3.org/1998/Math/MathML";>
<msqrt/>
</math>

-- 
You are receiving this mail because:
You are the assignee for the bug.

_______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 99556] New: CRASH: NULL pointer dereference in MathML node.cxx

Reply via email to