106575 – box-base.cxx: use of erased data

Issue 106575 - box-base.cxx: use of erased data

Summary: box-base.cxx: use of erased data

Status:	CLOSED FIXED

Alias:	None

Product:	Build Tools
Classification:	Code
Component:	code (show other issues)
Version:	DEV300m63
Hardware:	All Linux, all

Importance:	P3 Trivial (vote)
Target Milestone:	OOo 3.3
Assignee:	caolanm
QA Contact:	issues@tools

URL:
Keywords:

Depends on:
Blocks:	106602
	Show dependency tree

Reported:	2009-11-03 11:54 UTC by dcb314
Modified:	2010-05-22 17:30 UTC (History)
CC List:	2 users (show)

See Also:
Issue Type:	DEFECT
Latest Confirmation in:	---
Developer Difficulty:	---

Attachments
Fix as patch (699 bytes, patch) 2009-11-04 11:26 UTC, thb	no flags	Details \| Diff
updated patch (1.85 KB, patch) 2009-11-05 17:52 UTC, thb	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description dcb314 2009-11-03 11:54:25 UTC

For source code file toolkit/source/layout/core/box-base.cxx,
function Box_Base::removeChildData, is the following code

    for ( std::list< ChildData* >::iterator it = lst.begin();
          it != lst.end(); it++ )
    {
        if ( (*it)->mxChild == xChild )
        {
            lst.erase( it );
            return *it;
        }
    }

It seems to be most unwise to return data after it has been
erased. 

Suggest untested code like

    for ( std::list< ChildData* >::iterator it = lst.begin();
          it != lst.end(); it++ )
    {
        if ( (*it)->mxChild == xChild )
        {
            ChildData * tmp = *it;
            lst.erase( it );
            return tmp;
        }
    }

Comment 1 caolanm 2009-11-03 12:13:28 UTC

cmc->thb: Is this yours ?

Comment 2 thb 2009-11-04 11:26:20 UTC

Created attachment 65920 [details]
Fix as patch

Comment 3 thb 2009-11-04 11:28:01 UTC

@dcb314: thx for the catch, fix added as a patch -

@pl: any 3.2 fix cws I could piggy-back with this one? ;)

Comment 4 philipp.lohmann 2009-11-04 12:32:38 UTC

see also issue 106576 - BTW: you'll want to change lst to a reference instead of
a by value list (or you can save the erase wholesale).

As for a 3.2 CWS: if you get this on the stopper list, feel free to use
ooo32gsl03 - which is going ready for QA tomorrow or so.

Comment 5 thb 2009-11-05 17:51:40 UTC

@pl: thx for the hint, indeed. Updating patch, missed the deadline apparently ...

Comment 6 thb 2009-11-05 17:52:31 UTC

Created attachment 65966 [details]
updated patch

Comment 7 caolanm 2010-03-02 16:08:49 UTC

poke, this didn't get committed to anything right ?

Comment 8 philipp.lohmann 2010-03-02 16:36:11 UTC

I guess not, I'll put it into vcl110

Comment 9 philipp.lohmann 2010-03-02 16:46:23 UTC

committed in CWS vcl110

Comment 10 philipp.lohmann 2010-03-26 15:14:23 UTC

please verify in CWS vcl110, changeset at

http://hg.services.openoffice.org/hg/cws/vcl110/rev/792efe9a6612

Comment 11 caolanm 2010-04-01 11:16:57 UTC

looks good I guess

Comment 12 caolanm 2010-05-22 17:30:24 UTC

integrated DEV300_m78