https://bugs.documentfoundation.org/show_bug.cgi?id=147609
Bug ID: 147609
Summary: Advanced Diagram leak
Product: LibreOffice
Version: 7.4.0.0 alpha0+ Master
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: filters and storage
Assignee: [email protected]
Reporter: [email protected]
Description:
oss-fuzz detected a leak after: "Advanced Diagram support: first
additions/reorganizations" was merged
Steps to Reproduce:
1. LD_LIBRARY_PATH=`pwd`/instdir/program valgrind --leak-check=full
instdir/program/fftester
~/Downloads/clusterfuzz-testcase-minimized-docxfuzzer-5609226540548096 docx
Actual Results:
==1504038== 163,004 (64 direct, 162,940 indirect) bytes in 1 blocks are
definitely lost in loss record 2,580 of 2,581
==1504038== at 0x4844FF5: operator new(unsigned long)
(vg_replace_malloc.c:422)
==1504038== by 0x2B3913EF:
__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<int const,
com::sun::star::uno::Any> > >::allocate(unsigned long, void const*)
(new_allocator.h:127)
==1504038== by 0x2B391380:
std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<int const,
com::sun::star::uno::Any> > >
>::allocate(std::allocator<std::_Rb_tree_node<std::pair<int const,
com::sun::star::uno::Any> > >&, unsigned long) (alloc_traits.h:464)
==1504038== by 0x2B391271: std::_Rb_tree<int, std::pair<int const,
com::sun::star::uno::Any>, std::_Select1st<std::pair<int const,
com::sun::star::uno::Any> >, std::less<int>, std::allocator<std::pair<int
const, com::sun::star::uno::Any> > >::_M_get_node() (stl_tree.h:561)
==1504038== by 0x2B390D14: std::_Rb_tree_node<std::pair<int const,
com::sun::star::uno::Any> >* std::_Rb_tree<int, std::pair<int const,
com::sun::star::uno::Any>, std::_Select1st<std::pair<int const,
com::sun::star::uno::Any> >, std::less<int>, std::allocator<std::pair<int
const, com::sun::star::uno::Any> > >::_M_create_node<std::piecewise_construct_t
const&, std::tuple<int const&>, std::tuple<> >(std::piecewise_construct_t
const&, std::tuple<int const&>&&, std::tuple<>&&) (stl_tree.h:611)
==1504038== by 0x2B390900: std::_Rb_tree_iterator<std::pair<int const,
com::sun::star::uno::Any> > std::_Rb_tree<int, std::pair<int const,
com::sun::star::uno::Any>, std::_Select1st<std::pair<int const,
com::sun::star::uno::Any> >, std::less<int>, std::allocator<std::pair<int
const, com::sun::star::uno::Any> >
>::_M_emplace_hint_unique<std::piecewise_construct_t const&, std::tuple<int
const&>, std::tuple<> >(std::_Rb_tree_const_iterator<std::pair<int const,
com::sun::star::uno::Any> >, std::piecewise_construct_t const&, std::tuple<int
const&>&&, std::tuple<>&&) (stl_tree.h:2429)
==1504038== by 0x2B3900B1: std::__cxx1998::map<int,
com::sun::star::uno::Any, std::less<int>, std::allocator<std::pair<int const,
com::sun::star::uno::Any> > >::operator[](int const&) (stl_map.h:501)
==1504038== by 0x2B5DD51C: bool oox::PropertyMap::setProperty<float>(int,
float&&) (propertymap.hxx:74)
==1504038== by 0x2B5C49AE: oox::drawingml::Shape::setDefaults(bool)
(shape.cxx:256)
==1504038== by 0x2B5C473C: oox::drawingml::Shape::Shape(char const*, bool)
(shape.cxx:149)
==1504038== by 0x2B3674D1: void
__gnu_cxx::new_allocator<oox::drawingml::Shape>::construct<oox::drawingml::Shape>(oox::drawingml::Shape*)
(new_allocator.h:162)
==1504038== by 0x2B36729C: void
std::allocator_traits<std::allocator<oox::drawingml::Shape>
>::construct<oox::drawingml::Shape>(std::allocator<oox::drawingml::Shape>&,
oox::drawingml::Shape*) (alloc_traits.h:516)
Expected Results:
no leak
Reproducible: Always
User Profile Reset: Yes
Additional Info:
Version: 7.4.0.0.alpha0+ / LibreOffice Community
Build ID: dfff55fa2b81d42033461536b8705cb9e6cb673e
CPU threads: 8; OS: Linux 5.15; UI render: default; VCL: gtk3
Locale: en-GB (en_GB.UTF-8); UI: en-US
Calc: threaded
--
You are receiving this mail because:
You are the assignee for the bug.
