https://bugs.documentfoundation.org/show_bug.cgi?id=97699
Bug ID: 97699
Summary: extraordinary memory corruption ...
Product: LibreOffice
Version: 5.1.0.1 rc
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: graphics stack
Assignee: [email protected]
Reporter: [email protected]
Running the slide-show; interestingly we continue to paint the (no longer
visible) main-window [ which seems particularly pointless ] - but anyhow - it
triggers an interesting crash:
(gdb) bt
#0 0x00007ffff745b187 in __GI_raise (sig=sig@entry=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff745c538 in __GI_abort () at abort.c:78
#2 0x00007ffff7454126 in __assert_fail_base (fmt=0x7ffff7589858 "%s%s%s:%u:
%s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7fffefe24608
"mnWidth == maTexture.GetWidth() && mnHeight == maTexture.GetHeight()",
file=file@entry=0x7fffefe24400
"/data/opt/libreoffice/master/vcl/opengl/salbmp.cxx", line=line@entry=552,
function=function@entry=0x7fffefe25560
<OpenGLSalBitmap::ReadTexture()::__PRETTY_FUNCTION__> "bool
OpenGLSalBitmap::ReadTexture()") at assert.c:92
#3 0x00007ffff74541d2 in __GI___assert_fail (assertion=0x7fffefe24608 "mnWidth
== maTexture.GetWidth() && mnHeight == maTexture.GetHeight()",
file=0x7fffefe24400 "/data/opt/libreoffice/master/vcl/opengl/salbmp.cxx",
line=552, function=0x7fffefe25560
<OpenGLSalBitmap::ReadTexture()::__PRETTY_FUNCTION__> "bool
OpenGLSalBitmap::ReadTexture()") at assert.c:101
#4 0x00007fffef5b1b68 in OpenGLSalBitmap::ReadTexture() (this=0x3029bd0) at
/data/opt/libreoffice/master/vcl/opengl/salbmp.cxx:551
#5 0x00007fffef5b2bac in OpenGLSalBitmap::AcquireBuffer(BitmapAccessMode)
(this=0x3029bd0, nMode=BITMAP_READ_ACCESS) at
/data/opt/libreoffice/master/vcl/opengl/salbmp.cxx:754
#6 0x00007fffef5b4ab3 in SalBitmap::updateChecksum() const (this=0x3029bd0) at
/data/opt/libreoffice/master/vcl/inc/salbmp.hxx:103
#7 0x00007fffef5b2a61 in OpenGLSalBitmap::updateChecksum() const
(this=0x3029bd0) at /data/opt/libreoffice/master/vcl/opengl/salbmp.cxx:730
#8 0x00007fffef9d2b63 in SalBitmap::GetChecksum(unsigned long&) const
(this=0x3029bd0, rChecksum=@0x7fffffffbf98: 140737213028057) at
/data/opt/libreoffice/master/vcl/inc/salbmp.hxx:79
#9 0x00007fffef9d2a57 in ImpBitmap::ImplGetChecksum() const (this=0x3020ee0)
at /data/opt/libreoffice/master/vcl/source/gdi/impbmp.cxx:99
#10 0x00007fffef95d167 in Bitmap::GetChecksum() const (this=0x3033880) at
/data/opt/libreoffice/master/vcl/source/gdi/bitmap.cxx:293
#11 0x00007fffef96761c in BitmapEx::GetChecksum() const (this=0x3033880) at
/data/opt/libreoffice/master/vcl/source/gdi/bitmapex.cxx:311
#12 0x00007fffefb4ef9d in Image::Draw(OutputDevice*, Point const&,
DrawImageFlags, Size const*) (this=0x2fd2ab0, pOutDev=0x2fa62c0, rPos=Point =
{...}, nStyle=DrawImageFlags::Disable, pSize=0x0) at
/data/opt/libreoffice/master/vcl/source/image/Image.cxx:241
#13 0x00007fffef8fd17e in OutputDevice::DrawImage(Point const&, Size const&,
Image const&, DrawImageFlags) (this=0x2fa62c0, rPos=Point = {...}, rSize=Size =
{...}, rImage=..., nStyle=DrawImageFlags::Disable) at
/data/opt/libreoffice/master/vcl/source/outdev/bitmap.cxx:1325
#14 0x00007fffef8fd09c in OutputDevice::DrawImage(Point const&, Image const&,
DrawImageFlags) (this=0x2fa62c0, rPos=Point = {...}, rImage=...,
nStyle=DrawImageFlags::Disable) at
/data/opt/libreoffice/master/vcl/source/outdev/bitmap.cxx:1309
#15 0x00007fffef7709f2 in ToolBox::ImplDrawItem(OutputDevice&, unsigned short,
unsigned short, bool, bool) (this=0x2fa62c0, rRenderContext=..., nPos=44,
nHighlight=0, bPaint=false, bLayout=false) at
/data/opt/libreoffice/master/vcl/source/window/toolbox.cxx:3211
Comparing the salbmp data to the maTexture inside that bitmap:
(gdb) p maTexture
$1 = (OpenGLTexture) {_vptr.OpenGLTexture = 0x7ffff04e6750 <vtable for
OpenGLTexture+16>, maRect = Rectangle = {left = 0, top = 0, right = 67, bottom
= 53}, mpImpl = 0x2148190, mnSlotNumber = -1}
(gdb) p *this
$2 = (OpenGLSalBitmap) {<SalBitmap> = {_vptr.SalBitmap = 0x7ffff04e5fb0 <vtable
for OpenGLSalBitmap+16>, mnChecksum = 0, mbChecksumValid = false}, maTexture =
{_vptr.OpenGLTexture = 0x7ffff04e6750 <vtable for OpenGLTexture+16>, maRect =
Rectangle = {left = 0, top = 0, right = 67, bottom = 53}, mpImpl = 0x2148190,
mnSlotNumber = -1}, mbDirtyTexture = false, maPalette = {mpBitmapColor = 0x0,
mnCount = 0}, mpUserBuffer = std::shared_ptr (count 1, weak 0) 0x3dc2f40 "",
mnBits = 24, mnBytesPerRow = 96, mnWidth = 32, mnHeight = 25, mnBufWidth = 68,
mnBufHeight = 54, maPendingOps = std::__debug::deque with 0 elements}
(gdb) p *maTexture->mpImpl
$3 = {mnRefCount = 1, mnTexture = 174, mnWidth = 68, mnHeight = 54, mnFilter =
9728, mnOptStencil = 0, mpSlotReferences =
std::unique_ptr<std::__debug::vector<int, std::allocator<int> >> containing
0x0, mnFreeSlots = -1}
We get a mis-match in size which causes the readtexture to over-write its
buffer and corrupt memory; nasty ...
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
