tdf#134101, tdf#134626 sw: fix UBSan warning about deleted SwTextFormatColl
sw/source/core/txtnode/ndtxt.cxx:5254:17: runtime error: downcast of address 0x612000a321c0 which does not point to an object of type 'const SwTextFormatColl'
0x612000a321c0: note: object is of type 'SwFormat'
00 00 00 00 50 4c 3c fa bb 7f 00 00 80 b8 ba 05 50 61 00 00 c0 81 5f 02 20 61 00 00 c0 b6 b0 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'SwFormat'
0 in SwTextNode::TriggerNodeUpdate(sw::LegacyModifyHint const&) at sw/source/core/txtnode/ndtxt.cxx:5254:17
1 in SwTextNode::SwClientNotify(SwModify const&, SfxHint const&) at sw/source/core/txtnode/ndtxt.cxx:5306:9
2 in SwClient::SwClientNotifyCall(SwModify const&, SfxHint const&) at sw/inc/calbck.hxx:161:80
3 in SwFormat::~SwFormat() at sw/source/core/attr/format.cxx:240:22
4 in SwFormatColl::~SwFormatColl() at sw/inc/fmtcol.hxx:35:26
5 in SwTextFormatColl::~SwTextFormatColl() at sw/inc/fmtcol.hxx:56:20
6 in SwTextFormatColl::~SwTextFormatColl() at sw/inc/fmtcol.hxx:56:20
7 in SwDoc::DelTextFormatColl(unsigned long, bool) at sw/source/core/doc/docfmt.cxx:983:5
8 in SwDoc::DelTextFormatColl(SwTextFormatColl const*, bool) at sw/source/core/doc/docfmt.cxx:991:5
9 in SwUndoTextFormatCollCreate::Delete() at sw/source/core/undo/SwUndoFmt.cxx:203:12
10 in SwUndoFormatCreate::UndoImpl(sw::UndoRedoContext&) at sw/source/core/undo/SwUndoFmt.cxx:61:9
11 in SwUndo::UndoWithContext(SfxUndoContext&) at sw/source/core/undo/undobj.cxx:235:5
Any SwUndoFormatCreate that is added during CopyImplImpl() must go before
SwUndoCopyDoc on the undo stack.
SwNodes::CopyNodes() is pretty much the only thing of substance there
that runs with Undo enabled; CopyBookmarks() and lcl_DeleteRedlines()
and CopyFlyInFlyImpl() have it disabled.
Let's see if the fix is really this simple...
Change-Id: I4d586923f91a02861e9a4bd40d22701ceb0a0499
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/107522
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
(cherry picked from commit b4365b985178e1866c74afd757a104aad1d405a9)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109333
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
diff --git a/sw/source/core/doc/DocumentContentOperationsManager.cxx b/sw/source/core/doc/DocumentContentOperationsManager.cxx
index c103d48..9329356 100644
--- a/sw/source/core/doc/DocumentContentOperationsManager.cxx
+++ b/sw/source/core/doc/DocumentContentOperationsManager.cxx
@@ -4724,7 +4724,6 @@ bool DocumentContentOperationsManager::CopyImplImpl(SwPaM& rPam, SwPosition& rPo
if (rDoc.GetIDocumentUndoRedo().DoesUndo())
{
pUndo = new SwUndoCpyDoc(*pCopyPam);
rDoc.GetIDocumentUndoRedo().AppendUndo( std::unique_ptr<SwUndo>(pUndo) );
pFlysAtInsPos = pUndo->GetFlysAnchoredAt();
}
else
@@ -5151,6 +5150,8 @@ bool DocumentContentOperationsManager::CopyImplImpl(SwPaM& rPam, SwPosition& rPo
// If Undo is enabled, store the inserted area
if (rDoc.GetIDocumentUndoRedo().DoesUndo())
{
// append it after styles have been copied when copying nodes
rDoc.GetIDocumentUndoRedo().AppendUndo( std::unique_ptr<SwUndo>(pUndo) );
pUndo->SetInsertRange(*pCopyPam, true, nDeleteTextNodes);
}
diff --git a/sw/source/core/txtnode/ndtxt.cxx b/sw/source/core/txtnode/ndtxt.cxx
index ec6a008..1c45742 100644
--- a/sw/source/core/txtnode/ndtxt.cxx
+++ b/sw/source/core/txtnode/ndtxt.cxx
@@ -5251,6 +5251,8 @@ void SwTextNode::TriggerNodeUpdate(const sw::LegacyModifyHint& rHint)
&& GetRegisteredIn() == static_cast<const SwFormatChg*>(pNewValue)->pChangedFormat
&& GetNodes().IsDocNodes() )
{
assert(dynamic_cast<SwTextFormatColl const*>(static_cast<const SwFormatChg*>(pOldValue)->pChangedFormat));
assert(dynamic_cast<SwTextFormatColl const*>(static_cast<const SwFormatChg*>(pNewValue)->pChangedFormat));
ChgTextCollUpdateNum(
static_cast<const SwTextFormatColl*>(static_cast<const SwFormatChg*>(pOldValue)->pChangedFormat),
static_cast<const SwTextFormatColl*>(static_cast<const SwFormatChg*>(pNewValue)->pChangedFormat) );
