https://bugs.documentfoundation.org/show_bug.cgi?id=100270
Bug ID: 100270
Summary: SfxModule destructor SfxInterface deletion references
invalid objects
Product: LibreOffice
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: LibreOffice
Assignee: [email protected]
Reporter: [email protected]
We have a problem with the destruction of SfxModule
With reference to:
core/include/sfx2/module.hxx, core/sfx2/source/appl/module.cxx (SfxModule)
core/include/sfx2/msgpool.hxx, core/sfx2/source/control/msgpool.cxx
(SfxSlotPool)
core/include/sfx2/objface.hxx, core/sfx2/source/control/objface.cxx
(SfxInterface)
Lets call the current pointer to SfxModule "this_SfxModule"
A) this_SfxModule->~SfxModule() calls "delete pImpl" (SfxModule_Impl)
B) pImpl->~SfxModule_Impl() calls "delete pSlotPool" (SfxSlotPool)
C) pSlotPool->~SfxSlotPool() calls "delete on all _pInterfaces" (SfxInterface)
D) _pInterfaces[x]->~SfxInterface() calls
"pMod->GetSlotPool()->ReleaseInterface(*this);"
Now "pMod == this_SfxModule" (demonstrated using the debugger)
So with (D), this is called:
this_SfxModule->pImpl->pSlotPool->ReleaseInterface(*this);
Issue #1) Notice that "pImpl" destruction has started in 'A'
Issue #2) Notice that "pSlotPool" destruction has started in 'B'
E) ReleaseInterface() calls erase on _pInterfaces"
Notice that "_pInterfaces" struct is being deleted in 'C'.
However, in this instance it probably is harmless call (and not required)
These issues was discovered when attempting to turn "pImpl" into a smart
pointer,
that causes undefined behaviour (reading pImpl during it's destruction), and
crashes
depending on which compiler is used.
This might be the reason for various random exit crashes, reported in Bugzilla?
--
You are receiving this mail because:
You are the assignee for the bug._______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
