diff options
| author | Vasily Melenchuk <Vasily.Melenchuk@cib.de> | 2018-05-21 10:58:49 +0300 |
|---|---|---|
| committer | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2018-05-21 15:41:09 +0200 |
| commit | de9620dd4539397715dab3102d256f9d634fcb23 (patch) | |
| tree | 1ab8ff5e33d84a5301e123e5180cad99c25774bd /basic/source/runtime/dllmgr-x86.cxx | |
| parent | Partially revert "Fixup 23c5125148a8110d88385b29570bf0b7d4400458" (diff) | |
| download | core-de9620dd4539397715dab3102d256f9d634fcb23.tar.gz core-de9620dd4539397715dab3102d256f9d634fcb23.zip | |
tdf#97231: potential crash fixed
blob2 pointer can be invalidated during marshalString() call,
because it also adds new element in data vector and thus later
access to blob2 can cause crash.
Change-Id: I2de519c363193f34b249e7250a016397b7420882
Reviewed-on: https://gerrit.libreoffice.org/54613
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Diffstat (limited to 'basic/source/runtime/dllmgr-x86.cxx')
| -rw-r--r-- | basic/source/runtime/dllmgr-x86.cxx | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/basic/source/runtime/dllmgr-x86.cxx b/basic/source/runtime/dllmgr-x86.cxx index 576e3da1b736..63fd3bcea160 100644 --- a/basic/source/runtime/dllmgr-x86.cxx +++ b/basic/source/runtime/dllmgr-x86.cxx @@ -334,12 +334,12 @@ ErrCode marshal( break; case SbxSTRING: { - std::vector< char > * blob2 = data.newBlob(); void * p; ErrCode e = marshalString(variable, special, data, &p); if (e != ERRCODE_NONE) { return e; } + std::vector< char > * blob2 = data.newBlob(); add(*blob2, p, 4, 0); add(blob, address(*blob2), 4, offset); break; |