ofz#409354664 Heap-use-after-free

there is no DeInitVCL in fuzzing, so if the BufferedDecompositionFlusher thread is started nothing causes it to exit before _exit. Change-Id: I62463ce8126a0cf0c67f4218bdf66a140f3a021d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/184731 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
2025-04-28 21:29:09 +01:00 · 2025-04-28 21:29:09 +01:00 · ac6c7b4f82
commit ac6c7b4f82
parent b9054fed37
4 changed files with 18 additions and 2 deletions
--- a/drawinglayer/source/primitive2d/BufferedDecompositionGroupPrimitive2D.cxx
+++ b/drawinglayer/source/primitive2d/BufferedDecompositionGroupPrimitive2D.cxx
@ -19,6 +19,7 @@

 #include <sal/config.h>

+#include <comphelper/configuration.hxx>
 #include <drawinglayer/primitive2d/BufferedDecompositionGroupPrimitive2D.hxx>
 #include <drawinglayer/geometry/viewinformation2d.hxx>
 #include <drawinglayer/primitive2d/BufferedDecompositionFlusher.hxx>
@ -97,6 +98,13 @@ void BufferedDecompositionGroupPrimitive2D::get2DDecomposition(
    }
 }

+void BufferedDecompositionGroupPrimitive2D::activateFlushOnTimer()
+{
+    if (comphelper::IsFuzzing())
+        return;
+    mbFlushOnTimer = true;
+}
+
 } // end of namespace drawinglayer::primitive2d

 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
--- a/drawinglayer/source/primitive2d/BufferedDecompositionPrimitive2D.cxx
+++ b/drawinglayer/source/primitive2d/BufferedDecompositionPrimitive2D.cxx
@ -19,6 +19,7 @@

 #include <sal/config.h>

+#include <comphelper/configuration.hxx>
 #include <drawinglayer/primitive2d/BufferedDecompositionPrimitive2D.hxx>
 #include <drawinglayer/geometry/viewinformation2d.hxx>
 #include <drawinglayer/primitive2d/BufferedDecompositionFlusher.hxx>
@ -96,6 +97,13 @@ void BufferedDecompositionPrimitive2D::get2DDecomposition(
    }
 }

+void BufferedDecompositionPrimitive2D::activateFlushOnTimer()
+{
+    if (comphelper::IsFuzzing())
+        return;
+    mbFlushOnTimer = true;
+}
+
 } // end of namespace drawinglayer::primitive2d

 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
--- a/include/drawinglayer/primitive2d/BufferedDecompositionGroupPrimitive2D.hxx
+++ b/include/drawinglayer/primitive2d/BufferedDecompositionGroupPrimitive2D.hxx
@ -64,7 +64,7 @@ protected:
    // callback mechanism to flush buffered content timer-based will be activated.
    // it is protected since the idea is that this gets called in the constructor
    // of derived classes.
-    void activateFlushOnTimer() { mbFlushOnTimer = true; }
+    void activateFlushOnTimer();

 public:
    /// constructor/destructor. For GroupPrimitive2D we need the child parameter, too.
--- a/include/drawinglayer/primitive2d/BufferedDecompositionPrimitive2D.hxx
+++ b/include/drawinglayer/primitive2d/BufferedDecompositionPrimitive2D.hxx
@ -92,7 +92,7 @@ protected:
    // callback mechanism to flush buffered content timer-based will be activated.
    // it is protected since the idea is that this gets called in the constructor
    // of derived classes.
-    void activateFlushOnTimer() { mbFlushOnTimer = true; }
+    void activateFlushOnTimer();

 public:
    // constructor/destructor