On 06/15/2016 09:52 PM, Markus Mohrhard wrote:
commit b5876bfcb69a65c87d602bae687b3c0634c0a1e7 Author: Markus Mohrhard <[email protected]> Date: Wed Jun 15 20:15:20 2016 +0200passing a NULL pointer to fileno is not allowed See crash reports at http://crashreport.libreoffice.org/stats/signature/do_msvcr_magic+0x7 and documentation at https://msdn.microsoft.com/en-us/library/zs6wbdhx.aspx Change-Id: Ia9166d3b9fa10b87585821504e39cdfecbd22eda Reviewed-on: https://gerrit.libreoffice.org/26317 Reviewed-by: Michael Stahl <[email protected]> Tested-by: Markus Mohrhard <[email protected]> diff --git a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx index fad3c0a9..43ddc82 100644 --- a/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx +++ b/jvmfwk/plugins/sunmajor/pluginlib/sunjavaplugin.cxx @@ -548,6 +548,9 @@ static void do_msvcr_magic(rtl_uString *jvm_dll) FILE *f = _wfopen(reinterpret_cast<LPCWSTR>(Module->buffer), L"rb"); + if (!f) + return; + if (fstat(fileno(f), &st) == -1) { fclose(f);
What I don't quite understand is: <https://cgit.freedesktop.org/libreoffice/core/commit/?id=a82e532ce006c54b2740de74d1da5d11307da7c1> "fdo#38913: Prevent invalid parameter handler crashes" establishes a _set_invalid_parameter_handler (that outputs to std::wcerr and then returns), so one would assume that calling fileno(nullptr) would not abort via MSVCR's _invalid_parameter_noinfo (see <http://crashreport.libreoffice.org/stats/crash_details/8e1e262d-3281-431c-89b5-a5642033fe94>) but rather return EINVAL.
_______________________________________________ LibreOffice mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice
