https://bugs.freedesktop.org/show_bug.cgi?id=70703
--- Comment #36 from Michael Meeks <[email protected]> --- warn:sfx.control:21234:1:sfx2/source/control/dispatch.cxx:1469: Childwindow slot missing: 10365 ==21234== Invalid read of size 8 ==21234== at 0x7A1F2CF: SfxShell::DoActivate_Impl(SfxViewFrame*, unsigned char) (shell.cxx:554) ==21234== by 0x7D7FDA1: SfxDispatcher::FlushImpl() (dispatch.cxx:1638) ==21234== by 0x36011951: SfxDispatcher::Flush() (dispatch.hxx:237) ==21234== by 0x3600A1B8: SwView::SelectShell() (view.cxx:436) ==21234== by 0x3600A7C7: SwView::AttrChangedNotify(void*) (view.cxx:505) ... ==21234== Address 0x2d671420 is 0 bytes inside a block of size 176 free'd ==21234== at 0x4C299DC: operator delete(void*) (vg_replace_malloc.c:457) ==21234== by 0x35FB9499: SwNavigationShell::~SwNavigationShell() (navsh.hxx:16) ==21234== by 0x7D7FEAE: SfxDispatcher::FlushImpl() (dispatch.cxx:1647) ==21234== by 0x36011951: SfxDispatcher::Flush() (dispatch.hxx:237) ==21234== by 0x3600A1B8: SwView::SelectShell() (view.cxx:436) ==21234== by 0x3600A7C7: SwView::AttrChangedNotify(void*) (view.cxx:505) Looks a bit painful; clearly the 'delete' in FlushUmpl() occurs after the DoActivate_Impl() call but yet a pointer to that deleted thing is left malingering around unpleasantly =) Of course a nearly ideal fix would be to convert all SfxShell sub-classes to be reference counted with rtl::Reference<> or a boost intrusive ptr or somesuch. There are 500 hits of SfxShell and ~30 sub-classes, so that's quite a big cleanup job. We would swap 'Delete' for a new 'Dispose' method in that case I guess. -- You are receiving this mail because: You are the assignee for the bug.
_______________________________________________ Libreoffice-bugs mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
