embeddedobj/source/msole/olecomponent.cxx | 15 +++++++++- sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx |binary sw/qa/extras/ooxmlimport/ooxmlimport2.cxx | 7 ++++ 3 files changed, 21 insertions(+), 1 deletion(-)
New commits: commit e5be1c6eec6b89cd62e970fb0aa7fe0aa47b7d99 Author: Mike Kaganski <[email protected]> AuthorDate: Sat Sep 10 22:56:17 2022 +0300 Commit: Christian Lohmaier <[email protected]> CommitDate: Wed Sep 21 13:00:22 2022 +0200 tdf#119039: workaround an OleLoad bug releasing passed storage unexpectedly See https://developercommunity.visualstudio.com/t/10144795 Change-Id: I75ee88c1dd50e0772c358967ac09b7788156d9f0 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139756 Tested-by: Jenkins Reviewed-by: Mike Kaganski <[email protected]> (cherry picked from commit b31992ea518cec906a65ef971a637d0529302a2c) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139664 Reviewed-by: Christian Lohmaier <[email protected]> diff --git a/embeddedobj/source/msole/olecomponent.cxx b/embeddedobj/source/msole/olecomponent.cxx index 1aec0c704926..f3111302355f 100644 --- a/embeddedobj/source/msole/olecomponent.cxx +++ b/embeddedobj/source/msole/olecomponent.cxx @@ -589,11 +589,24 @@ namespace HRESULT OleLoadSeh(LPSTORAGE pIStorage, LPVOID* ppObj) { HRESULT hr = E_FAIL; + // tdf#119039: there is a nasty bug in OleLoad, that may call an unpaired + // IUnknown::Release on pIStorage on STG_E_FILENOTFOUND: see + // https://developercommunity.visualstudio.com/t/10144795 + // Workaround it here to avoid crash in smart COM pointer destructor that + // would try to release already released object. Since we don't know if + // the bug appears each time STG_E_FILENOTFOUND is returned, this might + // potentially leak the storge object. + if (pIStorage) + pIStorage->AddRef(); + __try { hr = OleLoad(pIStorage, IID_IUnknown, nullptr, ppObj); } __except( EXCEPTION_EXECUTE_HANDLER ) { - return E_FAIL; + hr = E_FAIL; } + if (pIStorage && hr != STG_E_FILENOTFOUND) + pIStorage->Release(); + return hr; } } diff --git a/sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx b/sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx new file mode 100644 index 000000000000..c0cda280d447 Binary files /dev/null and b/sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx differ diff --git a/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx b/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx index fd148cd8db49..62ae3250af73 100644 --- a/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx +++ b/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx @@ -934,6 +934,13 @@ CPPUNIT_TEST_FIXTURE(Test, testTdf126426) CPPUNIT_ASSERT_EQUAL(sal_Int32(-1), getProperty<sal_Int32>(xRun, "CharColor")); } } + +CPPUNIT_TEST_FIXTURE(Test, testTdf119039) +{ + load(mpTestDocumentPath, "tdf119039_bad_embedded_compound.docx"); + // Should not crash/hang because of problematic embedded compound +} + // tests should only be added to ooxmlIMPORT *if* they fail round-tripping in ooxmlEXPORT CPPUNIT_PLUGIN_IMPLEMENT();
