vcl: fix UB in Window::ImplGetFirstOverlapWindow()

mpWindowImpl can be nullptr here, see online.git's unit-load-torture test: vcl/source/window/window2.cxx:882:24: runtime error: member access within null pointer of type 'WindowImpl' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior vcl/source/window/window2.cxx:882:24 in Surrouding code already checks for nullptr mpWindowImpl, so fix it directly where the problem is reported, not a caller. (Also fix a similar case in Window::ImplCallFocusChangeActivate().) Change-Id: I34dee0fd49483c428a78fd48b54c00b2f0a26417 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/88474 Tested-by: Jenkins Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2020-02-11 21:06:06 +01:00 · 2020-02-11 21:06:06 +01:00 · d1378b92c6
commit d1378b92c6
parent 2ce99d1277
2 changed files with 15 additions and 0 deletions
--- a/vcl/source/window/event.cxx
+++ b/vcl/source/window/event.cxx
@ -588,7 +588,17 @@ void Window::ImplCallFocusChangeActivate( vcl::Window* pNewOverlapWindow,
    bool bCallActivate = true;
    bool bCallDeactivate = true;

+    if (!pOldOverlapWindow)
+    {
+        return;
+    }
+
    pOldRealWindow = pOldOverlapWindow->ImplGetWindow();
+    if (!pNewOverlapWindow)
+    {
+        return;
+    }
+
    pNewRealWindow = pNewOverlapWindow->ImplGetWindow();
    if ( (pOldRealWindow->GetType() != WindowType::FLOATINGWINDOW) ||
         pOldRealWindow->GetActivateMode() != ActivateModeFlags::NONE )
--- a/vcl/source/window/window2.cxx
+++ b/vcl/source/window/window2.cxx
@ -879,6 +879,11 @@ vcl::Window* Window::ImplGetBorderWindow() const

 vcl::Window* Window::ImplGetFirstOverlapWindow()
 {
+    if (!mpWindowImpl)
+    {
+        return nullptr;
+    }
+
    if ( mpWindowImpl->mbOverlapWin )
        return this;
    else