diff options
| -rw-r--r-- | embeddedobj/source/msole/olecomponent.cxx | 15 | ||||
| -rw-r--r-- | sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx | bin | 0 -> 13876 bytes | |||
| -rw-r--r-- | sw/qa/extras/ooxmlimport/ooxmlimport2.cxx | 7 |
3 files changed, 21 insertions, 1 deletions
diff --git a/embeddedobj/source/msole/olecomponent.cxx b/embeddedobj/source/msole/olecomponent.cxx index 1aec0c704926..f3111302355f 100644 --- a/embeddedobj/source/msole/olecomponent.cxx +++ b/embeddedobj/source/msole/olecomponent.cxx @@ -589,11 +589,24 @@ namespace HRESULT OleLoadSeh(LPSTORAGE pIStorage, LPVOID* ppObj) { HRESULT hr = E_FAIL; + // tdf#119039: there is a nasty bug in OleLoad, that may call an unpaired + // IUnknown::Release on pIStorage on STG_E_FILENOTFOUND: see + // https://developercommunity.visualstudio.com/t/10144795 + // Workaround it here to avoid crash in smart COM pointer destructor that + // would try to release already released object. Since we don't know if + // the bug appears each time STG_E_FILENOTFOUND is returned, this might + // potentially leak the storge object. + if (pIStorage) + pIStorage->AddRef(); + __try { hr = OleLoad(pIStorage, IID_IUnknown, nullptr, ppObj); } __except( EXCEPTION_EXECUTE_HANDLER ) { - return E_FAIL; + hr = E_FAIL; } + if (pIStorage && hr != STG_E_FILENOTFOUND) + pIStorage->Release(); + return hr; } } diff --git a/sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx b/sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx Binary files differnew file mode 100644 index 000000000000..c0cda280d447 --- /dev/null +++ b/sw/qa/extras/ooxmlimport/data/tdf119039_bad_embedded_compound.docx diff --git a/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx b/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx index fd148cd8db49..62ae3250af73 100644 --- a/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx +++ b/sw/qa/extras/ooxmlimport/ooxmlimport2.cxx @@ -934,6 +934,13 @@ CPPUNIT_TEST_FIXTURE(Test, testTdf126426) CPPUNIT_ASSERT_EQUAL(sal_Int32(-1), getProperty<sal_Int32>(xRun, "CharColor")); } } + +CPPUNIT_TEST_FIXTURE(Test, testTdf119039) +{ + load(mpTestDocumentPath, "tdf119039_bad_embedded_compound.docx"); + // Should not crash/hang because of problematic embedded compound +} + // tests should only be added to ooxmlIMPORT *if* they fail round-tripping in ooxmlEXPORT CPPUNIT_PLUGIN_IMPLEMENT(); |