Apache OpenOffice (AOO) Bugzilla – Issue 119008
Unititialized member bOneWay in typelib_typedescription_newEmpty
Last modified: 2018-11-11 15:21:00 UTC
In typelib_typedescription_newEmpty(), in the case typelib_TypeClass_INTERFACE_METHOD, the member variable bOneWay is not initialized. This might cause sporadic stack corruptions during synchronous IPC calls, since the urp_sendRequest_internal() call will not wait until the result has been stored but delete the object beforehand.
This needs review by someone knowledgeable with the code to verify whether this is a viable issue or can be closed.
The basic coding error, use of the uninitialized local variable, bOneWay, is present in both the trunk and 4.1.3. Assuming its value matters, the code is very fragile. A change in stack layout could make the difference between working and not working. Fixing it is probably relatively simple. We just need to find out the correct setting, and initialize bOneWay accordingly. It may be harder to test a fix - we need a test case that depends on the bad code.
Based on Patricia's analysis I am marking this confirmed.
Given the age and the difficulty of testing any fix should we consider setting this as Son't Fix?
I think we should fix the Issue, even if we are not able to test the abuse. It would strengthen the code in general. We are fine if we check for regressions.