https://bugs.documentfoundation.org/show_bug.cgi?id=124962
--- Comment #3 from Stephan Bergmann <[email protected]> ---
With an ASan+UBSan build, it eventually crashes with
> =================================================================
> ==29882==ERROR: AddressSanitizer: heap-use-after-free on address
> 0x6140004d7328 at pc 0x7fe51dcb283a bp 0x7fe246cb10d0 sp 0x7fe246cb10c8
> READ of size 8 at 0x6140004d7328 thread T66 (SwAsyncRetrieve)
> #0 in std::__shared_ptr<ImpGraphic, (__gnu_cxx::_Lock_policy)2>::get() const
> at
> /usr/lib/gcc/x86_64-redhat-linux/9/../../../../include/c++/9/bits/shared_ptr_base.h:1310:16
> (instdir/program/libvcllo.so +0x7c37839)
> #1 in std::__shared_ptr_access<ImpGraphic, (__gnu_cxx::_Lock_policy)2,
> false, false>::_M_get() const at
> /usr/lib/gcc/x86_64-redhat-linux/9/../../../../include/c++/9/bits/shared_ptr_base.h:1021:66
> (instdir/program/libvcllo.so +0x7c377c7)
> #2 in std::__shared_ptr_access<ImpGraphic, (__gnu_cxx::_Lock_policy)2,
> false, false>::operator->() const at
> /usr/lib/gcc/x86_64-redhat-linux/9/../../../../include/c++/9/bits/shared_ptr_base.h:1015:9
> (instdir/program/libvcllo.so +0x7c34539)
> #3 in Graphic::GetType() const at vcl/source/gdi/graph.cxx:312:12
> (instdir/program/libvcllo.so +0x7c29bc0)
> #4 in GraphicObject::GetType() const at
> vcl/source/graphic/GraphicObject.cxx:327:22 (instdir/program/libvcllo.so
> +0x86f671a)
> #5 in SwBaseLink::DataChanged(rtl::OUString const&, com::sun::star::uno::Any
> const&) at sw/source/core/docnode/swbaslnk.cxx:158:47
> (instdir/program/../program/libswlo.so +0xcd4f40a)
> #6 in SwBaseLink::SwapIn(bool, bool) at
> sw/source/core/docnode/swbaslnk.cxx:299:17
> (instdir/program/../program/libswlo.so +0xcd5466f)
> #7 in SwGrfNode::SwapIn(bool) at sw/source/core/graphic/ndgrf.cxx:456:24
> (instdir/program/../program/libswlo.so +0xd730bdb)
> #8 in SwGrfNode::GetGrfObj(bool) const at
> sw/source/core/graphic/ndgrf.cxx:376:35
> (instdir/program/../program/libswlo.so +0xd731967)
> #9 in SwNoTextFrame::PaintPicture(OutputDevice*, SwRect const&) const at
> sw/source/core/doc/notxtfrm.cxx:1095:48
> (instdir/program/../program/libswlo.so +0xc567598)
> #10 in SwNoTextFrame::PaintSwFrame(OutputDevice&, SwRect const&, SwPrintData
> const*) const at sw/source/core/doc/notxtfrm.cxx:317:9
> (instdir/program/../program/libswlo.so +0xc561939)
> #11 in SwLayoutFrame::PaintSwFrame(OutputDevice&, SwRect const&, SwPrintData
> const*) const at sw/source/core/layout/paintfrm.cxx:3398:21
> (instdir/program/../program/libswlo.so +0xddb8f02)
> #12 in SwFlyFrame::PaintSwFrame(OutputDevice&, SwRect const&, SwPrintData
> const*) const at sw/source/core/layout/paintfrm.cxx:4090:20
> (instdir/program/../program/libswlo.so +0xddd570e)
> #13 in
> SwVirtFlyDrawObj::wrap_DoPaintObject(drawinglayer::geometry::ViewInformation2D
> const&) const at sw/source/core/draw/dflyobj.cxx:530:30
> (instdir/program/../program/libswlo.so +0xce2eebb)
> #14 in
> drawinglayer::primitive2d::SwVirtFlyDrawObjPrimitive::get2DDecomposition(drawinglayer::primitive2d::Primitive2DDecompositionVisitor&,
> drawinglayer::geometry::ViewInformation2D const&) const at
> sw/source/core/draw/dflyobj.cxx:234:35 (instdir/program/../program/libswlo.so
> +0xce2df15)
> #15 in
> drawinglayer::processor2d::BaseProcessor2D::process(drawinglayer::primitive2d::BasePrimitive2D
> const&) at drawinglayer/source/processor2d/baseprocessor2d.cxx:47:24
> (instdir/program/libdrawinglayerlo.so +0x13473c0)
> #16 in
> drawinglayer::processor2d::VclPixelProcessor2D::processBasePrimitive2D(drawinglayer::primitive2d::BasePrimitive2D
> const&) at drawinglayer/source/processor2d/vclpixelprocessor2d.cxx:418:21
> (instdir/program/libdrawinglayerlo.so +0x143b6ae)
> #17 in
> drawinglayer::processor2d::BaseProcessor2D::process(drawinglayer::primitive2d::Primitive2DContainer
> const&) at drawinglayer/source/processor2d/baseprocessor2d.cxx:70:29
> (instdir/program/libdrawinglayerlo.so +0x1347d55)
> #18 in
> sdr::contact::ObjectContactOfPageView::DoProcessDisplay(sdr::contact::DisplayInfo&)
> at svx/source/sdr/contact/objectcontactofpageview.cxx:293:35
> (instdir/program/libsvxcorelo.so +0x514dc8e)
> #19 in
> sdr::contact::ObjectContactOfPageView::ProcessDisplay(sdr::contact::DisplayInfo&)
> at svx/source/sdr/contact/objectcontactofpageview.cxx:120:21
> (instdir/program/libsvxcorelo.so +0x514b118)
> #20 in SdrPageWindow::RedrawLayer(o3tl::strong_int<unsigned char,
> SdrLayerIDTag> const*, sdr::contact::ViewObjectContactRedirector*,
> basegfx::B2IRange const*) at svx/source/svdraw/sdrpagewindow.cxx:402:28
> (instdir/program/libsvxcorelo.so +0x543cbcf)
> #21 in SdrPageView::DrawLayer(o3tl::strong_int<unsigned char,
> SdrLayerIDTag>, OutputDevice*, sdr::contact::ViewObjectContactRedirector*,
> tools::Rectangle const&, basegfx::B2IRange const*) at
> svx/source/svdraw/svdpagv.cxx:313:38 (instdir/program/libsvxcorelo.so
> +0x6260b93)
> #22 in SwViewShellImp::PaintLayer(o3tl::strong_int<unsigned char,
> SdrLayerIDTag>, SwPrintData const*, SwPageFrame const&, SwRect const&, Color
> const*, bool, sdr::contact::ViewObjectContactRedirector*) at
> sw/source/core/view/vdraw.cxx:148:20 (instdir/program/../program/libswlo.so
> +0x1021ca14)
> #23 in SwRootFrame::PaintSwFrame(OutputDevice&, SwRect const&, SwPrintData
> const*) const at sw/source/core/layout/paintfrm.cxx:3138:33
> (instdir/program/../program/libswlo.so +0xdd93fb1)
> #24 in SwViewShell::Paint(OutputDevice&, tools::Rectangle const&) at
> sw/source/core/view/viewsh.cxx:1840:34 (instdir/program/../program/libswlo.so
> +0x1028365e)
> #25 in SwCursorShell::Paint(OutputDevice&, tools::Rectangle const&) at
> sw/source/core/crsr/crsrsh.cxx:1411:18 (instdir/program/../program/libswlo.so
> +0xb18497c)
> #26 in SwEditWin::Paint(OutputDevice&, tools::Rectangle const&) at
> sw/source/uibase/docvw/edtwin2.cxx:448:20
> (instdir/program/../program/libswlo.so +0x118f77ee)
> #27 in PaintHelper::DoPaint(vcl::Region const*) at
> vcl/source/window/paint.cxx:301:24 (instdir/program/libvcllo.so +0x57de9de)
> #28 in vcl::Window::ImplCallPaint(vcl::Region const*, ImplPaintFlags) at
> vcl/source/window/paint.cxx:605:17 (instdir/program/libvcllo.so +0x57eb200)
> #29 in PaintHelper::~PaintHelper() at vcl/source/window/paint.cxx:541:30
> (instdir/program/libvcllo.so +0x57e75c3)
> #30 in vcl::Window::ImplCallPaint(vcl::Region const*, ImplPaintFlags) at
> vcl/source/window/paint.cxx:611:1 (instdir/program/libvcllo.so +0x57eb547)
> #31 in PaintHelper::~PaintHelper() at vcl/source/window/paint.cxx:541:30
> (instdir/program/libvcllo.so +0x57e75c3)
> #32 in vcl::Window::ImplCallPaint(vcl::Region const*, ImplPaintFlags) at
> vcl/source/window/paint.cxx:611:1 (instdir/program/libvcllo.so +0x57eb547)
> #33 in PaintHelper::~PaintHelper() at vcl/source/window/paint.cxx:541:30
> (instdir/program/libvcllo.so +0x57e75c3)
> #34 in vcl::Window::ImplCallPaint(vcl::Region const*, ImplPaintFlags) at
> vcl/source/window/paint.cxx:611:1 (instdir/program/libvcllo.so +0x57eb547)
> #35 in PaintHelper::~PaintHelper() at vcl/source/window/paint.cxx:541:30
> (instdir/program/libvcllo.so +0x57e75c3)
> #36 in vcl::Window::ImplCallPaint(vcl::Region const*, ImplPaintFlags) at
> vcl/source/window/paint.cxx:611:1 (instdir/program/libvcllo.so +0x57eb547)
> #37 in PaintHelper::~PaintHelper() at vcl/source/window/paint.cxx:541:30
> (instdir/program/libvcllo.so +0x57e75c3)
> #38 in vcl::Window::ImplCallPaint(vcl::Region const*, ImplPaintFlags) at
> vcl/source/window/paint.cxx:611:1 (instdir/program/libvcllo.so +0x57eb547)
> #39 in vcl::Window::ImplCallOverlapPaint() at
> vcl/source/window/paint.cxx:629:9 (instdir/program/libvcllo.so +0x57ec559)
> #40 in vcl::Window::ImplHandlePaintHdl(Timer*) at
> vcl/source/window/paint.cxx:652:9 (instdir/program/libvcllo.so +0x57ed7ff)
> #41 in vcl::Window::LinkStubImplHandlePaintHdl(void*, Timer*) at
> vcl/source/window/paint.cxx:633:1 (instdir/program/libvcllo.so +0x57ec6da)
> #42 in Link<Timer*, void>::Call(Timer*) const at
> include/tools/link.hxx:84:45 (instdir/program/libvcllo.so +0x8e60171)
> #43 in Timer::Invoke() at vcl/source/app/timer.cxx:77:21
> (instdir/program/libvcllo.so +0x8e5f788)
> #44 in Scheduler::ProcessTaskScheduling() at
> vcl/source/app/scheduler.cxx:477:20 (instdir/program/libvcllo.so +0x8cb7665)
> #45 in Scheduler::CallbackTaskScheduling() at
> vcl/source/app/scheduler.cxx:285:5 (instdir/program/libvcllo.so +0x8cb3060)
> #46 in SalTimer::CallCallback() at vcl/inc/saltimer.hxx:55:13
> (instdir/program/libvclplug_gtk3lo.so +0xca9dd0)
> #47 in sal_gtk_timeout_dispatch(_GSource*, int (*)(void*), void*) at
> vcl/unx/gtk3/gtk3gtkdata.cxx:761:45 (instdir/program/libvclplug_gtk3lo.so
> +0xca4a9d)
> #48 in g_main_context_dispatch at <null> (/lib64/libglib-2.0.so.0 +0x4ffcf)
> #49 at <null> (/lib64/libglib-2.0.so.0 +0x50367)
> #50 in g_main_loop_run at <null> (/lib64/libglib-2.0.so.0 +0x506b2)
> #51 in gio::MountOperation::Mount(_GFile*) at
> ucb/source/ucp/gio/gio_content.cxx:359:13
> (instdir/program/../program/libucpgio1lo.so +0xceb73)
> #52 in
> gio::Content::getGFileInfo(com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment>
> const&, _GError**) at ucb/source/ucp/gio/gio_content.cxx:390:40
> (instdir/program/../program/libucpgio1lo.so +0xcfa8a)
> #53 in
> gio::Content::getFileInfo(com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment>
> const&, _GFileInfo**, bool) at ucb/source/ucp/gio/gio_content.cxx:653:17
> (instdir/program/../program/libucpgio1lo.so +0xd4f77)
> #54 in
> gio::Content::getPropertyValues(com::sun::star::uno::Sequence<com::sun::star::beans::Property>
> const&,
> com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment>
> const&) at ucb/source/ucp/gio/gio_content.cxx:454:13
> (instdir/program/../program/libucpgio1lo.so +0xd0c80)
> #55 in gio::Content::execute(com::sun::star::ucb::Command const&, int,
> com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment>
> const&) at ucb/source/ucp/gio/gio_content.cxx:948:18
> (instdir/program/../program/libucpgio1lo.so +0xe248b)
> #56 in non-virtual thunk to
> gio::Content::execute(com::sun::star::ucb::Command const&, int,
> com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment>
> const&) at ucb/source/ucp/gio/gio_content.cxx
> (instdir/program/../program/libucpgio1lo.so +0xe7a43)
> #57 in ucbhelper::Content_Impl::executeCommand(com::sun::star::ucb::Command
> const&) at ucbhelper/source/client/content.cxx:1254:19
> (instdir/program/libucbhelper.so +0x346408)
> #58 in
> ucbhelper::Content::getPropertyValuesInterface(com::sun::star::uno::Sequence<rtl::OUString>
> const&) at ucbhelper/source/client/content.cxx:491:28
> (instdir/program/libucbhelper.so +0x349df1)
> #59 in
> ucbhelper::Content::getPropertyValues(com::sun::star::uno::Sequence<rtl::OUString>
> const&) at ucbhelper/source/client/content.cxx:450:30
> (instdir/program/libucbhelper.so +0x3474ca)
> #60 in ucbhelper::Content::getPropertyValue(rtl::OUString const&) at
> ucbhelper/source/client/content.cxx:429:28 (instdir/program/libucbhelper.so
> +0x346f8a)
> #61 in ucbhelper::Content::isDocument() at
> ucbhelper/source/client/content.cxx:1025:10 (instdir/program/libucbhelper.so
> +0x34e4e4)
> #62 in ucbhelper::Content::openWriteableStream() at
> ucbhelper/source/client/content.cxx:732:11 (instdir/program/libucbhelper.so
> +0x34f898)
> #63 in utl::MediaDescriptor::impl_openStreamWithURL(rtl::OUString const&,
> bool) at unotools/source/misc/mediadescriptor.cxx:671:32
> (instdir/program/libutllo.so +0x118b43a)
> #64 in utl::MediaDescriptor::impl_addInputStream(bool) at
> unotools/source/misc/mediadescriptor.cxx:526:16 (instdir/program/libutllo.so
> +0x118705f)
> #65 in utl::MediaDescriptor::addInputStream() at
> unotools/source/misc/mediadescriptor.cxx:487:12 (instdir/program/libutllo.so
> +0x1186479)
> #66 in SwAsyncRetrieveInputStreamThread::threadFunction() at
> sw/source/core/docnode/retrieveinputstream.cxx:64:13
> (instdir/program/../program/libswlo.so +0xccf020b)
> #67 in ObservableThread::run() at
> sw/source/core/docnode/observablethread.cxx:48:5
> (instdir/program/../program/libswlo.so +0xccd343d)
> #68 in threadFunc at include/osl/thread.hxx:185:15
> (instdir/program/../program/libswlo.so +0xc994d5f)
> #69 in osl_thread_start_Impl(void*) at sal/osl/unx/thread.cxx:235:9
> (instdir/program/libuno_sal.so.3 +0x4e04ad)
> #70 in start_thread at <null> (/lib64/libpthread.so.0 +0x85a1)
> #71 in clone at <null> (/lib64/libc.so.6 +0xfb162)
>
> 0x6140004d7328 is located 232 bytes inside of 416-byte region
> [0x6140004d7240,0x6140004d73e0)
> freed by thread T66 (SwAsyncRetrieve) here:
> #0 in operator delete(void*, unsigned long) at
> /data/sbergman/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cc:178:3
> (instdir/program/soffice.bin +0x326db7)
> #1 in SwGrfNode::~SwGrfNode() at sw/source/core/graphic/ndgrf.cxx:279:1
> (instdir/program/../program/libswlo.so +0xd72fcd5)
> #2 in SwNodes::RemoveNode(unsigned long, unsigned long, bool) at
> sw/source/core/docnode/nodes.cxx:2281:13
> (instdir/program/../program/libswlo.so +0xcc5f7e1)
> #3 in SwNodes::DelNodes(SwNodeIndex const&, unsigned long) at
> sw/source/core/docnode/nodes.cxx:1364:17
> (instdir/program/../program/libswlo.so +0xcc75cc1)
> #4 in SwDoc::~SwDoc() at sw/source/core/doc/docnew.cxx:494:15
> (instdir/program/../program/libswlo.so +0xbc3b91c)
> #5 in SwDoc::release() at sw/source/core/doc/doc.cxx:150:9
> (instdir/program/../program/libswlo.so +0xb67d7d3)
> #6 in rtl::Reference<SwDoc>::clear() at include/rtl/ref.hxx:159:19
> (instdir/program/../program/libswlo.so +0xcaea51e)
> #7 in SwDocShell::RemoveLink() at sw/source/uibase/app/docshini.cxx:460:16
> (instdir/program/../program/libswlo.so +0x1101b777)
> #8 in SwDocShell::~SwDocShell() at sw/source/uibase/app/docshini.cxx:388:5
> (instdir/program/../program/libswlo.so +0x1101a514)
> #9 in SwDocShell::~SwDocShell() at sw/source/uibase/app/docshini.cxx:378:1
> (instdir/program/../program/libswlo.so +0x1101b92b)
>
> previously allocated by thread T0 here:
> #0 in operator new(unsigned long) at
> /data/sbergman/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cc:105:3
> (instdir/program/soffice.bin +0x325f97)
> #1 in SwNodes::MakeGrfNode(SwNodeIndex const&, rtl::OUString const&,
> rtl::OUString const&, Graphic const*, SwGrfFormatColl*, SwAttrSet const*) at
> sw/source/core/graphic/ndgrf.cxx:415:17
> (instdir/program/../program/libswlo.so +0xd732c9f)
> #2 in sw::DocumentContentOperationsManager::InsertGraphic(SwPaM const&,
> rtl::OUString const&, rtl::OUString const&, Graphic const*, SfxItemSet
> const*, SfxItemSet const*, SwFrameFormat*) at
> sw/source/core/doc/DocumentContentOperationsManager.cxx:2758:29
> (instdir/program/../program/libswlo.so +0xc145a01)
> #3 in
> SwXFrame::attachToRange(com::sun::star::uno::Reference<com::sun::star::text::XTextRange>
> const&) at sw/source/core/unocore/unoframe.cxx:2804:57
> (instdir/program/../program/libswlo.so +0xf89cc8f)
> #4 in
> SwXFrame::attach(com::sun::star::uno::Reference<com::sun::star::text::XTextRange>
> const&) at sw/source/core/unocore/unoframe.cxx:3040:9
> (instdir/program/../program/libswlo.so +0xf8a7c49)
> #5 in
> SwXText::insertTextContent(com::sun::star::uno::Reference<com::sun::star::text::XTextRange>
> const&, com::sun::star::uno::Reference<com::sun::star::text::XTextContent>
> const&, unsigned char) at sw/source/core/unocore/unotext.cxx:618:15
> (instdir/program/../program/libswlo.so +0x1010d8db)
> #6 in
> XMLTextImportHelper::InsertTextContent(com::sun::star::uno::Reference<com::sun::star::text::XTextContent>
> const&) at xmloff/source/text/txtimp.cxx:1249:27 (instdir/program/libxolo.so
> +0x49d65cb)
> #7 in XMLTextFrameContext_Impl::Create() at
> xmloff/source/text/XMLTextFrameContext.cxx:700:32 (instdir/program/libxolo.so
> +0x48194ce)
> #8 in XMLTextFrameContext_Impl::XMLTextFrameContext_Impl(SvXMLImport&,
> unsigned short, rtl::OUString const&,
> com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList>
> const&, com::sun::star::text::TextContentAnchorType, unsigned short,
> com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList>
> const&, bool) at xmloff/source/text/XMLTextFrameContext.cxx:1096:5
> (instdir/program/libxolo.so +0x48266ff)
> #9 in XMLTextFrameContext::CreateChildContext(unsigned short, rtl::OUString
> const&,
> com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList>
> const&) at xmloff/source/text/XMLTextFrameContext.cxx:1517:36
> (instdir/program/libxolo.so +0x48381d0)
>
> Thread T66 (SwAsyncRetrieve) created by T0 here:
> #0 in pthread_create at
> /data/sbergman/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_interceptors.cc:209:3
> (instdir/program/soffice.bin +0x271e92)
> #1 in osl_thread_create_Impl(void (*)(void*), void*, short) at
> sal/osl/unx/thread.cxx:284:17 (instdir/program/libuno_sal.so.3 +0x4d94ae)
> #2 in osl_createSuspendedThread at sal/osl/unx/thread.cxx:334:12
> (instdir/program/libuno_sal.so.3 +0x4d9c69)
> #3 in osl::Thread::create() at include/osl/thread.hxx:73:21
> (instdir/program/../program/libswlo.so +0xc98a938)
> #4 in ThreadManager::StartThread(ThreadManager::tThreadData const&) at
> sw/source/core/docnode/threadmanager.cxx:178:31
> (instdir/program/../program/libswlo.so +0xcd66fc6)
> #5 in ThreadManager::AddThread(rtl::Reference<ObservableThread> const&) at
> sw/source/core/docnode/threadmanager.cxx:94:15
> (instdir/program/../program/libswlo.so +0xcd66875)
> #6 in SwThreadManager::AddThread(rtl::Reference<ObservableThread> const&) at
> sw/source/core/docnode/swthreadmanager.cxx:56:33
> (instdir/program/../program/libswlo.so +0xcd61927)
> #7 in SwAsyncRetrieveInputStreamThreadConsumer::CreateThread(rtl::OUString
> const&, rtl::OUString const&) at
> sw/source/core/docnode/retrieveinputstreamconsumer.cxx:53:54
> (instdir/program/../program/libswlo.so +0xccf65d1)
> #8 in SwGrfNode::TriggerAsyncRetrieveInputStream() at
> sw/source/core/graphic/ndgrf.cxx:821:27
> (instdir/program/../program/libswlo.so +0xd73d661)
> #9 in SwNoTextFrame::PaintPicture(OutputDevice*, SwRect const&) const at
> sw/source/core/doc/notxtfrm.cxx:1121:29
> (instdir/program/../program/libswlo.so +0xc5683df)
> #10 in SwNoTextFrame::PaintSwFrame(OutputDevice&, SwRect const&, SwPrintData
> const*) const at sw/source/core/doc/notxtfrm.cxx:317:9
> (instdir/program/../program/libswlo.so +0xc561939)
> #11 in SwLayoutFrame::PaintSwFrame(OutputDevice&, SwRect const&, SwPrintData
> const*) const at sw/source/core/layout/paintfrm.cxx:3398:21
> (instdir/program/../program/libswlo.so +0xddb8f02)
> #12 in SwFlyFrame::PaintSwFrame(OutputDevice&, SwRect const&, SwPrintData
> const*) const at sw/source/core/layout/paintfrm.cxx:4090:20
> (instdir/program/../program/libswlo.so +0xddd570e)
> #13 in
> SwVirtFlyDrawObj::wrap_DoPaintObject(drawinglayer::geometry::ViewInformation2D
> const&) const at sw/source/core/draw/dflyobj.cxx:530:30
> (instdir/program/../program/libswlo.so +0xce2eebb)
> #14 in
> drawinglayer::primitive2d::SwVirtFlyDrawObjPrimitive::get2DDecomposition(drawinglayer::primitive2d::Primitive2DDecompositionVisitor&,
> drawinglayer::geometry::ViewInformation2D const&) const at
> sw/source/core/draw/dflyobj.cxx:234:35 (instdir/program/../program/libswlo.so
> +0xce2df15)
> #15 in
> drawinglayer::processor2d::BaseProcessor2D::process(drawinglayer::primitive2d::BasePrimitive2D
> const&) at drawinglayer/source/processor2d/baseprocessor2d.cxx:47:24
> (instdir/program/libdrawinglayerlo.so +0x13473c0)
> #16 in
> drawinglayer::processor2d::VclPixelProcessor2D::processBasePrimitive2D(drawinglayer::primitive2d::BasePrimitive2D
> const&) at drawinglayer/source/processor2d/vclpixelprocessor2d.cxx:418:21
> (instdir/program/libdrawinglayerlo.so +0x143b6ae)
> #17 in
> drawinglayer::processor2d::BaseProcessor2D::process(drawinglayer::primitive2d::Primitive2DContainer
> const&) at drawinglayer/source/processor2d/baseprocessor2d.cxx:70:29
> (instdir/program/libdrawinglayerlo.so +0x1347d55)
> #18 in
> sdr::contact::ObjectContactOfPageView::DoProcessDisplay(sdr::contact::DisplayInfo&)
> at svx/source/sdr/contact/objectcontactofpageview.cxx:293:35
> (instdir/program/libsvxcorelo.so +0x514dc8e)
> #19 in
> sdr::contact::ObjectContactOfPageView::ProcessDisplay(sdr::contact::DisplayInfo&)
> at svx/source/sdr/contact/objectcontactofpageview.cxx:120:21
> (instdir/program/libsvxcorelo.so +0x514b118)
> #20 in SdrPageWindow::RedrawLayer(o3tl::strong_int<unsigned char,
> SdrLayerIDTag> const*, sdr::contact::ViewObjectContactRedirector*,
> basegfx::B2IRange const*) at svx/source/svdraw/sdrpagewindow.cxx:402:28
> (instdir/program/libsvxcorelo.so +0x543cbcf)
> #21 in SdrPageView::DrawLayer(o3tl::strong_int<unsigned char,
> SdrLayerIDTag>, OutputDevice*, sdr::contact::ViewObjectContactRedirector*,
> tools::Rectangle const&, basegfx::B2IRange const*) at
> svx/source/svdraw/svdpagv.cxx:279:31 (instdir/program/libsvxcorelo.so
> +0x6260413)
> #22 in SwViewShellImp::PaintLayer(o3tl::strong_int<unsigned char,
> SdrLayerIDTag>, SwPrintData const*, SwPageFrame const&, SwRect const&, Color
> const*, bool, sdr::contact::ViewObjectContactRedirector*) at
> sw/source/core/view/vdraw.cxx:148:20 (instdir/program/../program/libswlo.so
> +0x1021ca14)
> #23 in SwRootFrame::PaintSwFrame(OutputDevice&, SwRect const&, SwPrintData
> const*) const at sw/source/core/layout/paintfrm.cxx:3138:33
> (instdir/program/../program/libswlo.so +0xdd93fb1)
> #24 in SwViewShell::Paint(OutputDevice&, tools::Rectangle const&) at
> sw/source/core/view/viewsh.cxx:1840:34 (instdir/program/../program/libswlo.so
> +0x1028365e)
> #25 in SwCursorShell::Paint(OutputDevice&, tools::Rectangle const&) at
> sw/source/core/crsr/crsrsh.cxx:1411:18 (instdir/program/../program/libswlo.so
> +0xb18497c)
> #26 in SwViewShell::ImplUnlockPaint(bool) at
> sw/source/core/view/viewsh.cxx:506:17 (instdir/program/../program/libswlo.so
> +0x10253df7)
> #27 in SwViewShell::UnlockPaint(bool) at sw/inc/viewsh.hxx:612:9
> (instdir/program/../program/libswlo.so +0xd5c5dc9)
> #28 in SwView::OuterResizePixel(Point const&, Size const&) at
> sw/source/uibase/uiview/viewport.cxx:1141:18
> (instdir/program/../program/libswlo.so +0x12472e9f)
> #29 in SwView::DocSzChgd(Size const&) at
> sw/source/uibase/uiview/viewport.cxx:202:9
> (instdir/program/../program/libswlo.so +0x124451c5)
> #30 in SizeNotify(SwViewShell const*, Size const&) at
> sw/source/uibase/docvw/edtwin3.cxx:66:18
> (instdir/program/../program/libswlo.so +0x118f99ff)
> #31 in SwViewShell::UISizeNotify() at sw/source/core/view/viewsh.cxx:2364:9
> (instdir/program/../program/libswlo.so +0x1024c913)
> #32 in SwViewShell::ImplEndAction(bool) at
> sw/source/core/view/viewsh.cxx:458:5 (instdir/program/../program/libswlo.so
> +0x1024c0da)
> #33 in SwViewShell::EndAction(bool) at sw/inc/viewsh.hxx:600:9
> (instdir/program/../program/libswlo.so +0xb1c9269)
> #34 in SwCursorShell::EndAction(bool, bool) at
> sw/source/core/crsr/crsrsh.cxx:254:18 (instdir/program/../program/libswlo.so
> +0xb137c21)
> #35 in
> SwView::ReadUserDataSequence(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
> const&) at sw/source/uibase/uiview/view.cxx:1508:26
> (instdir/program/../program/libswlo.so +0x1232d7a3)
> #36 in
> SfxBaseController::ConnectSfxFrame_Impl(SfxBaseController::ConnectSfxFrame)
> at sfx2/source/view/sfxbasecontroller.cxx:1346:52
> (instdir/program/libsfxlo.so +0x5411e19)
> #37 in
> SfxBaseController::attachFrame(com::sun::star::uno::Reference<com::sun::star::frame::XFrame>
> const&) at sfx2/source/view/sfxbasecontroller.cxx:532:9
> (instdir/program/libsfxlo.so +0x5409241)
> #38 in (anonymous
> namespace)::SfxFrameLoader_Impl::impl_createDocumentView(com::sun::star::uno::Reference<com::sun::star::frame::XModel2>
> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame>
> const&, comphelper::NamedValueCollection const&, rtl::OUString const&) at
> sfx2/source/view/frmload.cxx:597:18 (instdir/program/libsfxlo.so +0x538a53a)
> #39 in (anonymous
> namespace)::SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame>
> const&) at sfx2/source/view/frmload.cxx:714:13 (instdir/program/libsfxlo.so
> +0x538322a)
> #40 in framework::LoadEnv::impl_loadContent() at
> framework/source/loadenv/loadenv.cxx:1152:37
> (instdir/program/../program/libfwklo.so +0x1e43c05)
> #41 in framework::LoadEnv::startLoading() at
> framework/source/loadenv/loadenv.cxx:385:20
> (instdir/program/../program/libfwklo.so +0x1e342d9)
> #42 in framework::LoadDispatcher::impl_dispatch(com::sun::star::util::URL
> const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
> const&,
> com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
> const&) at framework/source/dispatch/loaddispatcher.cxx:106:19
> (instdir/program/../program/libfwklo.so +0x1b36be4)
> #43 in framework::LoadDispatcher::dispatch(com::sun::star::util::URL const&,
> com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
> at framework/source/dispatch/loaddispatcher.cxx:52:5
> (instdir/program/../program/libfwklo.so +0x1b38874)
> #44 in sfx2::RecentDocsView::ExecuteHdl_Impl(sfx2::RecentDocsView*, void*)
> at sfx2/source/control/recentdocsview.cxx:400:37 (instdir/program/libsfxlo.so
> +0x3a6b86c)
> #45 in sfx2::RecentDocsView::LinkStubExecuteHdl_Impl(void*, void*) at
> sfx2/source/control/recentdocsview.cxx:392:1 (instdir/program/libsfxlo.so
> +0x3a6b577)
> #46 in Link<void*, void>::Call(void*) const at include/tools/link.hxx:84:45
> (instdir/program/libvcllo.so +0x6831731)
> #47 in ImplHandleUserEvent(ImplSVEvent*) at
> vcl/source/window/winproc.cxx:1958:30 (instdir/program/libvcllo.so +0x681f0f1)
> #48 in ImplWindowFrameProc(vcl::Window*, SalEvent, void const*) at
> vcl/source/window/winproc.cxx:2511:13 (instdir/program/libvcllo.so +0x68080c6)
> #49 in SalFrame::CallCallback(SalEvent, void const*) const at
> vcl/inc/salframe.hxx:294:29 (instdir/program/libvcllo.so +0x979f29a)
> #50 in SalGenericDisplay::ProcessEvent(SalUserEventList::SalUserEvent) at
> vcl/unx/generic/app/gendisp.cxx:67:22 (instdir/program/libvcllo.so +0x983c293)
> #51 in SalUserEventList::DispatchUserEvents(bool) at
> vcl/source/app/salusereventlist.cxx:109:17 (instdir/program/libvcllo.so
> +0x8a92905)
> #52 in SalGenericDisplay::DispatchInternalEvent(bool) at
> vcl/unx/generic/app/gendisp.cxx:52:12 (instdir/program/libvcllo.so +0x983bcd6)
> #53 in call_userEventFn(void*) at vcl/unx/gtk3/gtk3gtkdata.cxx:853:27
> (instdir/program/libvclplug_gtk3lo.so +0xca2627)
> #54 at <null> (/lib64/libglib-2.0.so.0 +0x4c8ea)
>
> SUMMARY: AddressSanitizer: heap-use-after-free
> /usr/lib/gcc/x86_64-redhat-linux/9/../../../../include/c++/9/bits/shared_ptr_base.h:1310:16
> in std::__shared_ptr<ImpGraphic, (__gnu_cxx::_Lock_policy)2>::get() const
> Shadow bytes around the buggy address:
> 0x0c2880092e10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 0x0c2880092e20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 0x0c2880092e30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
> 0x0c2880092e40: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
> 0x0c2880092e50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> =>0x0c2880092e60: fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd
> 0x0c2880092e70: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
> 0x0c2880092e80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
> 0x0c2880092e90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 0x0c2880092ea0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 0x0c2880092eb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
> Addressable: 00
> Partially addressable: 01 02 03 04 05 06 07
> Heap left redzone: fa
> Freed heap region: fd
> Stack left redzone: f1
> Stack mid redzone: f2
> Stack right redzone: f3
> Stack after return: f5
> Stack use after scope: f8
> Global redzone: f9
> Global init order: f6
> Poisoned by user: f7
> Container overflow: fc
> Array cookie: ac
> Intra object redzone: bb
> ASan internal: fe
> Left alloca redzone: ca
> Right alloca redzone: cb
> Shadow gap: cc
> ==29882==ABORTING
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Libreoffice-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
