[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-6.2' - vcl/source

[Miklos Vajna (via logerrit)]

 vcl/source/window/event.cxx   |   10 ++++++++++
 vcl/source/window/window2.cxx |    5 +++++
 2 files changed, 15 insertions(+)

New commits:
commit 7c4435b8c69ca3a9d5ff1d280152cec1bfc51a1e
Author:     Miklos Vajna <vmik...@collabora.com>
AuthorDate: Tue Feb 11 21:06:06 2020 +0100
Commit:     Tamás Zolnai <tamas.zol...@collabora.com>
CommitDate: Thu Feb 4 16:31:07 2021 +0100

    vcl: fix UB in Window::ImplGetFirstOverlapWindow()
    
    mpWindowImpl can be nullptr here, see online.git's
    unit-load-torture test:
    
    vcl/source/window/window2.cxx:882:24: runtime error: member access within 
null pointer of type 'WindowImpl'
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior 
vcl/source/window/window2.cxx:882:24 in
    
    Surrouding code already checks for nullptr mpWindowImpl, so fix it directly
    where the problem is reported, not a caller.
    
    (Also fix a similar case in Window::ImplCallFocusChangeActivate().)
    
    Change-Id: I34dee0fd49483c428a78fd48b54c00b2f0a26417
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88474
    Tested-by: Jenkins
    Reviewed-by: Miklos Vajna <vmik...@collabora.com>
    (cherry picked from commit d1378b92c6697c09def7b3db8b36c3cf883b55c4)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/110418
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoff...@gmail.com>
    Reviewed-by: Tamás Zolnai <tamas.zol...@collabora.com>

diff --git a/vcl/source/window/event.cxx b/vcl/source/window/event.cxx
index 797d40a79912..e7752ae77043 100644
--- a/vcl/source/window/event.cxx
+++ b/vcl/source/window/event.cxx
@@ -576,7 +576,17 @@ void Window::ImplCallFocusChangeActivate( vcl::Window* 
pNewOverlapWindow,
     bool bCallActivate = true;
     bool bCallDeactivate = true;
 
+    if (!pOldOverlapWindow)
+    {
+        return;
+    }
+
     pOldRealWindow = pOldOverlapWindow->ImplGetWindow();
+    if (!pNewOverlapWindow)
+    {
+        return;
+    }
+
     pNewRealWindow = pNewOverlapWindow->ImplGetWindow();
     if ( (pOldRealWindow->GetType() != WindowType::FLOATINGWINDOW) ||
          pOldRealWindow->GetActivateMode() != ActivateModeFlags::NONE )
diff --git a/vcl/source/window/window2.cxx b/vcl/source/window/window2.cxx
index 61ea3d80c3d0..3037491703fd 100644
--- a/vcl/source/window/window2.cxx
+++ b/vcl/source/window/window2.cxx
@@ -893,6 +893,11 @@ vcl::Window* Window::ImplGetBorderWindow() const
 
 vcl::Window* Window::ImplGetFirstOverlapWindow()
 {
+    if (!mpWindowImpl)
+    {
+        return nullptr;
+    }
+
     if ( mpWindowImpl->mbOverlapWin )
         return this;
     else
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits