https://bugs.freedesktop.org/show_bug.cgi?id=68064
Priority: medium
Bug ID: 68064
Assignee: [email protected]
Summary: CppunitTest_sw_rtfimport: recursive
SwNodes::RemoveNode, valgrind reports invalid
read/write
Severity: normal
Classification: Unclassified
OS: All
Reporter: [email protected]
Hardware: Other
Status: UNCONFIRMED
Version: 4.2.0.0.alpha0+ Master
Component: Writer
Product: LibreOffice
With a recent master (but also with a recent libreoffice-4-0 build),
valgrind'ing CppunitTest_sw_rtfimport gives
> Invalid read of size 2
> at 0x103D3334: BigPtrArray::Remove(unsigned long, unsigned long)
> (/sw/source/core/bastyp/bparr.cxx:366)
> by 0x106B5DDD: SwNodes::RemoveNode(unsigned long, unsigned long, unsigned
> char) (/sw/source/core/docnode/nodes.cxx:2401)
> by 0x106B2F35: SwNodes::DelNodes(SwNodeIndex const&, unsigned long)
> (/sw/source/core/docnode/nodes.cxx:1528)
> by 0x104EEFD9: SwDoc::DeleteSection(SwNode*)
> (/sw/source/core/doc/docedt.cxx:696)
> by 0x105527DD: SwDoc::DelLayoutFmt(SwFrmFmt*)
> (/sw/source/core/doc/doclay.cxx:295)
> by 0x10A5E576: SwTxtNode::DestroyAttr(SwTxtAttr*)
> (/sw/source/core/txtnode/thints.cxx:1101)
> by 0x10A3D2B8: SwTxtNode::~SwTxtNode()
> (/sw/source/core/txtnode/ndtxt.cxx:248)
> by 0x10A3D47B: SwTxtNode::~SwTxtNode()
> (/sw/source/core/txtnode/ndtxt.cxx:262)
> by 0x106B5D24: SwNodes::RemoveNode(unsigned long, unsigned long, unsigned
> char) (/sw/source/core/docnode/nodes.cxx:2391)
> by 0x106B2F35: SwNodes::DelNodes(SwNodeIndex const&, unsigned long)
> (/sw/source/core/docnode/nodes.cxx:1528)
> by 0x104EEFD9: SwDoc::DeleteSection(SwNode*)
> (/sw/source/core/doc/docedt.cxx:696)
> by 0x107CA9C2: DelHFFormat(SwClient*, SwFrmFmt*)
> (/sw/source/core/layout/atrfrm.cxx:164)
> by 0x107CBB43: SwFmtHeader::~SwFmtHeader()
> (/sw/source/core/layout/atrfrm.cxx:438)
> by 0x107CBBD1: SwFmtHeader::~SwFmtHeader()
> (/sw/source/core/layout/atrfrm.cxx:439)
> by 0x163F3E6E: SfxItemPool::Remove(SfxPoolItem const&)
> (/svl/source/items/itempool.cxx:831)
> by 0x1640878B: SfxItemSet::~SfxItemSet()
> (/svl/source/items/itemset.cxx:317)
> by 0x103CF3DD: SwAttrSet::~SwAttrSet() (in /solver/unxlngx6/lib/libswlo.so)
> by 0x103CD75D: SwFmt::~SwFmt() (/sw/source/core/attr/format.cxx:213)
> by 0x105357F8: SwFrmFmt::~SwFrmFmt() (in /solver/unxlngx6/lib/libswlo.so)
> by 0x10859A54: SwPageDesc::~SwPageDesc()
> (/sw/source/core/layout/pagedesc.cxx:102)
> by 0x10859B57: SwPageDesc::~SwPageDesc()
> (/sw/source/core/layout/pagedesc.cxx:104)
> by 0x10E22B04: SwDocStyleSheet::SetItemSet(SfxItemSet const&, bool)
> (/sw/source/ui/app/docstyle.cxx:1388)
> by 0x10C15D16:
> SwXPageStyle::SetPropertyValues_Impl(com::sun::star::uno::Sequence<rtl::OUString>
> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&)
> (/sw/source/core/unocore/unostyle.cxx:3193)
> by 0x10C16065:
> SwXPageStyle::setPropertyValues(com::sun::star::uno::Sequence<rtl::OUString>
> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&)
> (/sw/source/core/unocore/unostyle.cxx:3207)
> by 0x22672868:
> writerfilter::dmapper::SectionPropertyMap::_ApplyProperties(com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>)
> (/writerfilter/source/dmapper/PropertyMap.cxx:1153)
> by 0x22670E3A:
> writerfilter::dmapper::SectionPropertyMap::CloseSectionGroup(writerfilter::dmapper::DomainMapper_Impl&)
> (/writerfilter/source/dmapper/PropertyMap.cxx:1042)
> by 0x225CAABD: writerfilter::dmapper::DomainMapper::lcl_endSectionGroup()
> (/writerfilter/source/dmapper/DomainMapper.cxx:3488)
> by 0x22759BE2: writerfilter::LoggedStream::endSectionGroup()
> (/writerfilter/source/resourcemodel/LoggedResources.cxx:101)
> by 0x22545D0C: writerfilter::rtftok::RTFDocumentImpl::sectBreak(bool)
> (/writerfilter/source/rtftok/rtfdocumentimpl.cxx:558)
> by 0x225629D4: writerfilter::rtftok::RTFDocumentImpl::popState()
> (/writerfilter/source/rtftok/rtfdocumentimpl.cxx:4479)
> by 0x225ADD48: writerfilter::rtftok::RTFTokenizer::resolveParse()
> (/writerfilter/source/rtftok/rtftokenizer.cxx:106)
> by 0x22546348:
> writerfilter::rtftok::RTFDocumentImpl::resolve(writerfilter::Stream&)
> (/writerfilter/source/rtftok/rtfdocumentimpl.cxx:622)
> by 0x226FB41F:
> RtfFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
> const&) (/writerfilter/source/filter/RtfFilter.cxx:126)
> by 0x15983C20: SfxObjectShell::ImportFrom(SfxMedium&, bool)
> (/sfx2/source/doc/objstor.cxx:2255)
> by 0x1597BDFA: SfxObjectShell::DoLoad(SfxMedium*)
> (/sfx2/source/doc/objstor.cxx:752)
> by 0x159C1057:
> SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
> const&) (/sfx2/source/doc/sfxbasemodel.cxx:1886)
> by 0x15AA4C60:
> SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame>
> const&) (/sfx2/source/view/frmload.cxx:597)
> by 0x1BC8277A: framework::LoadEnv::impl_loadContent()
> (/framework/source/loadenv/loadenv.cxx:1166)
> by 0x1BC7EED6: framework::LoadEnv::startLoading()
> (/framework/source/loadenv/loadenv.cxx:400)
> by 0x1BC7DF9E:
> framework::LoadEnv::loadComponentFromURL(com::sun::star::uno::Reference<com::sun::star::frame::XComponentLoader>
> const&,
> com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>
> const&, rtl::OUString const&, rtl::OUString const&, int,
> com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
> (/framework/source/loadenv/loadenv.cxx:171)
> by 0x1BCB981A: framework::Desktop::loadComponentFromURL(rtl::OUString
> const&, rtl::OUString const&, int,
> com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
> (/framework/source/services/desktop.cxx:627)
> by 0x11E8065A: unotest::MacrosTest::loadFromDesktop(rtl::OUString const&,
> char const*) (/unotest/source/cpp/macros_test.cxx:41)
> by 0xFCCECBA: SwModelTestBase::load(char const*, char const*, bool)
> (/sw/qa/extras/inc/swmodeltestbase.hxx:272)
> by 0xFCAB353: Test::run() (/sw/qa/extras/rtfimport/rtfimport.cxx:333)
> by 0xFCE1E8D: CppUnit::TestCaller<Test>::runTest()
> (/workdir/unxlngx6/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:166)
> by 0x4F484E7: CppUnit::TestCaseMethodFunctor::operator()() const
> (/workdir/unxlngx6/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32)
> by 0xCD2BA86: (anonymous namespace)::Prot::protect(CppUnit::Functor
> const&, CppUnit::ProtectorContext const&)
> (/unotest/source/cpp/unobootstrapprotector/unobootstrapprotector.cxx:88)
> by 0x4F40586: CppUnit::ProtectorChain::ProtectFunctor::operator()() const
> (/workdir/unxlngx6/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20)
> by 0xB9CF51B: (anonymous namespace)::Prot::protect(CppUnit::Functor
> const&, CppUnit::ProtectorContext const&)
> (/unotest/source/cpp/unoexceptionprotector/unoexceptionprotector.cxx:64)
> by 0x4F40586: CppUnit::ProtectorChain::ProtectFunctor::operator()() const
> (/workdir/unxlngx6/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20)
> Address 0x545bec0 is 16 bytes inside a block of size 56 free'd
> at 0x4A077E6: free
> (/builddir/build/BUILD/valgrind-3.8.1/coregrind/m_replacemalloc/vg_replace_malloc.c:446)
> by 0x4C3E140: rtl_freeMemory_SYSTEM(void*) (/sal/rtl/alloc_global.cxx:276)
> by 0x4C3E3FB: rtl_freeMemory (/sal/rtl/alloc_global.cxx:346)
> by 0x4C3CF05: rtl_cache_free (/sal/rtl/alloc_cache.cxx:1245)
> by 0x130F723F: FixedMemPool::Free(void*)
> (/tools/source/memtools/mempool.cxx:48)
> by 0x106615C8: SwStartNode::operator delete(void*, unsigned long) (in
> /solver/unxlngx6/lib/libswlo.so)
> by 0x10672460: SwStartNode::~SwStartNode() (/sw/inc/node.hxx:298)
> by 0x106B5D24: SwNodes::RemoveNode(unsigned long, unsigned long, unsigned
> char) (/sw/source/core/docnode/nodes.cxx:2391)
> by 0x106B2F35: SwNodes::DelNodes(SwNodeIndex const&, unsigned long)
> (/sw/source/core/docnode/nodes.cxx:1528)
> by 0x104EEFD9: SwDoc::DeleteSection(SwNode*)
> (/sw/source/core/doc/docedt.cxx:696)
> by 0x105527DD: SwDoc::DelLayoutFmt(SwFrmFmt*)
> (/sw/source/core/doc/doclay.cxx:295)
> by 0x10A5E576: SwTxtNode::DestroyAttr(SwTxtAttr*)
> (/sw/source/core/txtnode/thints.cxx:1101)
> by 0x10A3D2B8: SwTxtNode::~SwTxtNode()
> (/sw/source/core/txtnode/ndtxt.cxx:248)
> by 0x10A3D47B: SwTxtNode::~SwTxtNode()
> (/sw/source/core/txtnode/ndtxt.cxx:262)
> by 0x106B5D24: SwNodes::RemoveNode(unsigned long, unsigned long, unsigned
> char) (/sw/source/core/docnode/nodes.cxx:2391)
> by 0x106B2F35: SwNodes::DelNodes(SwNodeIndex const&, unsigned long)
> (/sw/source/core/docnode/nodes.cxx:1528)
> by 0x104EEFD9: SwDoc::DeleteSection(SwNode*)
> (/sw/source/core/doc/docedt.cxx:696)
> by 0x107CA9C2: DelHFFormat(SwClient*, SwFrmFmt*)
> (/sw/source/core/layout/atrfrm.cxx:164)
> by 0x107CBB43: SwFmtHeader::~SwFmtHeader()
> (/sw/source/core/layout/atrfrm.cxx:438)
> by 0x107CBBD1: SwFmtHeader::~SwFmtHeader()
> (/sw/source/core/layout/atrfrm.cxx:439)
> by 0x163F3E6E: SfxItemPool::Remove(SfxPoolItem const&)
> (/svl/source/items/itempool.cxx:831)
> by 0x1640878B: SfxItemSet::~SfxItemSet()
> (/svl/source/items/itemset.cxx:317)
> by 0x103CF3DD: SwAttrSet::~SwAttrSet() (in /solver/unxlngx6/lib/libswlo.so)
> by 0x103CD75D: SwFmt::~SwFmt() (/sw/source/core/attr/format.cxx:213)
> by 0x105357F8: SwFrmFmt::~SwFrmFmt() (in /solver/unxlngx6/lib/libswlo.so)
> by 0x10859A54: SwPageDesc::~SwPageDesc()
> (/sw/source/core/layout/pagedesc.cxx:102)
> by 0x10859B57: SwPageDesc::~SwPageDesc()
> (/sw/source/core/layout/pagedesc.cxx:104)
> by 0x10E22B04: SwDocStyleSheet::SetItemSet(SfxItemSet const&, bool)
> (/sw/source/ui/app/docstyle.cxx:1388)
> by 0x10C15D16:
> SwXPageStyle::SetPropertyValues_Impl(com::sun::star::uno::Sequence<rtl::OUString>
> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&)
> (/sw/source/core/unocore/unostyle.cxx:3193)
> by 0x10C16065:
> SwXPageStyle::setPropertyValues(com::sun::star::uno::Sequence<rtl::OUString>
> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&)
> (/sw/source/core/unocore/unostyle.cxx:3207)
> by 0x22672868:
> writerfilter::dmapper::SectionPropertyMap::_ApplyProperties(com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>)
> (/writerfilter/source/dmapper/PropertyMap.cxx:1153)
> by 0x22670E3A:
> writerfilter::dmapper::SectionPropertyMap::CloseSectionGroup(writerfilter::dmapper::DomainMapper_Impl&)
> (/writerfilter/source/dmapper/PropertyMap.cxx:1042)
> by 0x225CAABD: writerfilter::dmapper::DomainMapper::lcl_endSectionGroup()
> (/writerfilter/source/dmapper/DomainMapper.cxx:3488)
> by 0x22759BE2: writerfilter::LoggedStream::endSectionGroup()
> (/writerfilter/source/resourcemodel/LoggedResources.cxx:101)
> by 0x22545D0C: writerfilter::rtftok::RTFDocumentImpl::sectBreak(bool)
> (/writerfilter/source/rtftok/rtfdocumentimpl.cxx:558)
> by 0x225629D4: writerfilter::rtftok::RTFDocumentImpl::popState()
> (/writerfilter/source/rtftok/rtfdocumentimpl.cxx:4479)
> by 0x225ADD48: writerfilter::rtftok::RTFTokenizer::resolveParse()
> (/writerfilter/source/rtftok/rtftokenizer.cxx:106)
> by 0x22546348:
> writerfilter::rtftok::RTFDocumentImpl::resolve(writerfilter::Stream&)
> (/writerfilter/source/rtftok/rtfdocumentimpl.cxx:622)
> by 0x226FB41F:
> RtfFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
> const&) (/writerfilter/source/filter/RtfFilter.cxx:126)
> by 0x15983C20: SfxObjectShell::ImportFrom(SfxMedium&, bool)
> (/sfx2/source/doc/objstor.cxx:2255)
> by 0x1597BDFA: SfxObjectShell::DoLoad(SfxMedium*)
> (/sfx2/source/doc/objstor.cxx:752)
> by 0x159C1057:
> SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
> const&) (/sfx2/source/doc/sfxbasemodel.cxx:1886)
> by 0x15AA4C60:
> SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame>
> const&) (/sfx2/source/view/frmload.cxx:597)
> by 0x1BC8277A: framework::LoadEnv::impl_loadContent()
> (/framework/source/loadenv/loadenv.cxx:1166)
> by 0x1BC7EED6: framework::LoadEnv::startLoading()
> (/framework/source/loadenv/loadenv.cxx:400)
> by 0x1BC7DF9E:
> framework::LoadEnv::loadComponentFromURL(com::sun::star::uno::Reference<com::sun::star::frame::XComponentLoader>
> const&,
> com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext>
> const&, rtl::OUString const&, rtl::OUString const&, int,
> com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
> (/framework/source/loadenv/loadenv.cxx:171)
> by 0x1BCB981A: framework::Desktop::loadComponentFromURL(rtl::OUString
> const&, rtl::OUString const&, int,
> com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
> (/framework/source/services/desktop.cxx:627)
> by 0x11E8065A: unotest::MacrosTest::loadFromDesktop(rtl::OUString const&,
> char const*) (/unotest/source/cpp/macros_test.cxx:41)
> by 0xFCCECBA: SwModelTestBase::load(char const*, char const*, bool)
> (/sw/qa/extras/inc/swmodeltestbase.hxx:272)
> by 0xFCAB353: Test::run() (/sw/qa/extras/rtfimport/rtfimport.cxx:333)
The invalid read is then immediately followed by an invalid write.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
