Abort if type information is missing when creating sequences

When the typelib_TypeDescription is null, the following code would dereference a
null pointer anyway (but which doesn't necessarily cause an immediate crash on
some platforms like Wasm, so better be explicit).  (Also, leave those checks out
of functions like uno_type_sequence_realloc, which would have been preceded by a
call to one of the functions creating a sequence of the given type, and which
would thus already have detected failure to obtain the relevant type
information.)

Change-Id: I36193ea837edeca451fd09a866623cf40d3cdb4d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163813
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <stephan.bergmann@allotropia.de>

1 files changed, 16 insertions, 0 deletions

diff --git a/cppu/source/uno/sequence.cxx b/cppu/source/uno/sequence.cxx
index c467f2c38704..2d8b1da19f84 100644
--- a/cppu/source/uno/sequence.cxx
+++ b/cppu/source/uno/sequence.cxx
@@ -20,6 +20,7 @@
 #include <sal/config.h>
 
 #include <cassert>
+#include <cstdlib>
 #include <string.h>
 
 #include <osl/diagnose.h>
@@ -227,6 +228,9 @@ static bool idefaultConstructElements(
         {
             typelib_TypeDescription * pElementTypeDescr = nullptr;
             TYPELIB_DANGER_GET( &pElementTypeDescr, pElementType );
+            if (pElementTypeDescr == nullptr) {
+                std::abort();
+            }
             sal_Int32 eEnum =
                 reinterpret_cast<typelib_EnumTypeDescription *>(
                  pElementTypeDescr)->nDefaultEnumValue;
@@ -245,6 +249,9 @@ static bool idefaultConstructElements(
     {
         typelib_TypeDescription * pElementTypeDescr = nullptr;
         TYPELIB_DANGER_GET( &pElementTypeDescr, pElementType );
+        if (pElementTypeDescr == nullptr) {
+            std::abort();
+        }
         sal_Int32 nElementSize = pElementTypeDescr->nSize;
 
         if (nAlloc >= 0)
@@ -471,6 +478,9 @@ static bool icopyConstructFromElements(
     {
         typelib_TypeDescription * pElementTypeDescr = nullptr;
         TYPELIB_DANGER_GET( &pElementTypeDescr, pElementType );
+        if (pElementTypeDescr == nullptr) {
+            std::abort();
+        }
         sal_Int32 nElementSize = pElementTypeDescr->nSize;
 
         pSeq = reallocSeq( pSeq, nElementSize, nAlloc );
@@ -522,6 +532,9 @@ static bool icopyConstructFromElements(
         {
             typelib_TypeDescription * pElementTypeDescr = nullptr;
             TYPELIB_DANGER_GET( &pElementTypeDescr, pElementType );
+            if (pElementTypeDescr == nullptr) {
+                std::abort();
+            }
             typelib_TypeDescriptionReference * pSeqElementType =
                 reinterpret_cast<typelib_IndirectTypeDescription *>(pElementTypeDescr)->pType;
             uno_Sequence ** pDestElements = reinterpret_cast<uno_Sequence **>(pSeq->elements);
@@ -664,6 +677,9 @@ sal_Bool SAL_CALL uno_type_sequence_construct(
     {
         typelib_TypeDescription * pTypeDescr = nullptr;
         TYPELIB_DANGER_GET( &pTypeDescr, pType );
+        if (pTypeDescr == nullptr) {
+            std::abort();
+        }
 
         typelib_TypeDescriptionReference * pElementType =
             reinterpret_cast<typelib_IndirectTypeDescription *>(pTypeDescr)->pType;