starmath/source/view.cxx | 21 ++++-----------------
1 file changed, 4 insertions(+), 17 deletions(-)
New commits:
commit 6fb5a87e31b7df01f4b212ab979ae57e8d4ab4fb
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Fri Mar 11 15:19:41 2022 +0300
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Tue Mar 15 11:27:40 2022 +0100
Related: tdf#128610 Avoid use-after-free
Creating SvMemoryStream from string makes it non-owning, i.e. pointing
to the string's memory. So the string must outlive the stream.
Since commit 64bc8b45b5c23efc5fe57585a69aa4263aaf4e83
Date Wed Jul 08 12:31:43 2015 +0000
i#107734 Support for Math Input Panel in Windows 7
Was only working by chance, when destructor didn't clean the memory
(e.g., in optimized release builds) and the released memory hasn't
been reused yet.
Change-Id: I2e0c195de7bd2aff2889a94ef0f2eb084411933f
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131373
Tested-by: Mike Kaganski <mike.kagan...@collabora.com>
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
(cherry picked from commit c964700d16d99d1569373a1eb9a1352fb3512915)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131474
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>
Signed-off-by: Xisco Fauli <xiscofa...@libreoffice.org>
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131541
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/starmath/source/view.cxx b/starmath/source/view.cxx
index d369ad97db20..34b5572a5286 100644
--- a/starmath/source/view.cxx
+++ b/starmath/source/view.cxx
@@ -1774,31 +1774,18 @@ void SmViewShell::Execute(SfxRequest& rReq)
SfxFilter::GetFilterByName(MATHML_XML);
aClipboardMedium.SetFilter(pMathFilter);
- std::unique_ptr<SvMemoryStream> pStrm;
// The text to be imported might asserts encoding
like 'encoding="utf-8"' but FORMAT_STRING is UTF-16.
// Force encoding to UTF-16, if encoding exists.
- bool bForceUTF16 = false;
sal_Int32 nPosL = aString.indexOf("encoding=\"");
- sal_Int32 nPosU = -1;
if ( nPosL >= 0 && nPosL +10 < aString.getLength()
)
{
nPosL += 10;
- nPosU = aString.indexOf( '"',nPosL);
+ sal_Int32 nPosU = aString.indexOf( '"',nPosL);
if (nPosU > nPosL)
- {
- bForceUTF16 = true;
- }
+ aString = aString.replaceAt(nPosL, nPosU -
nPosL, u"UTF-16");
}
- if ( bForceUTF16 )
- {
- OUString aNewString = aString.replaceAt(
nPosL,nPosU-nPosL,"UTF-16");
- pStrm.reset(new SvMemoryStream(
const_cast<sal_Unicode *>(aNewString.getStr()), aNewString.getLength() *
sizeof(sal_Unicode), StreamMode::READ));
- }
- else
- {
- pStrm.reset(new SvMemoryStream(
const_cast<sal_Unicode *>(aString.getStr()), aString.getLength() *
sizeof(sal_Unicode), StreamMode::READ));
- }
- uno::Reference<io::XInputStream> xStrm2( new
::utl::OInputStreamWrapper(*pStrm) );
+ SvMemoryStream aStrm( const_cast<sal_Unicode
*>(aString.getStr()), aString.getLength() * sizeof(sal_Unicode),
StreamMode::READ);
+ uno::Reference<io::XInputStream> xStrm2( new
::utl::OInputStreamWrapper(aStrm) );
aClipboardMedium.setStreamToLoadFrom(xStrm2, true
/*bIsReadOnly*/);
InsertFrom(aClipboardMedium);
GetDoc()->UpdateText();
