package/inc/ZipOutputStream.hxx | 1 + package/source/zipapi/ZipOutputStream.cxx | 12 +++++++++++- package/source/zippackage/ZipPackageStream.cxx | 11 +++++++++++ vcl/headless/svpbmp.cxx | 12 +++++++++++- 4 files changed, 34 insertions(+), 2 deletions(-)
New commits: commit 8d8b9b80b114b94b20b0bf1438d80e925b49e3bf Author: Michael Stahl <mst...@redhat.com> Date: Thu Jun 23 11:24:55 2016 +0200 package: fix exception handling in DeflateThread (related tdf#91807) In the bugdoc of tdf#91807 there are at least 49 corrupt zip streams that raise exceptions in the DeflateThreads. Because the maximum allowed number of threads happens to be 48, this results in an infinite loop in ZipOutputStream::reduceScheduledThreadsToGivenNumberOrLess(). (regression from 7e2ea27e5d56f5cf767a6718a0f5edc28e24af14) In case an exception is thrown, don't re-throw it immediately, which might cause trouble such as leaking all of the ZipOutputEntry instances in m_aEntries. Change-Id: Ia74ab8e46fa1349c049d05dbec3454bfbe7d61d9 diff --git a/package/inc/ZipOutputStream.hxx b/package/inc/ZipOutputStream.hxx index 26d7715..136bc72 100644 --- a/package/inc/ZipOutputStream.hxx +++ b/package/inc/ZipOutputStream.hxx @@ -40,6 +40,7 @@ class ZipOutputStream ZipEntry *m_pCurrentEntry; comphelper::ThreadPool &m_rSharedThreadPool; std::vector< ZipOutputEntry* > m_aEntries; + ::css::uno::Any m_aDeflateException; public: ZipOutputStream( diff --git a/package/source/zipapi/ZipOutputStream.cxx b/package/source/zipapi/ZipOutputStream.cxx index 9213ed7..2daff01 100644 --- a/package/source/zipapi/ZipOutputStream.cxx +++ b/package/source/zipapi/ZipOutputStream.cxx @@ -98,7 +98,12 @@ void ZipOutputStream::consumeScheduledThreadEntry(ZipOutputEntry* pCandidate) //Any exceptions thrown in the threads were caught and stored for now ::css::uno::Any aCaughtException(pCandidate->getParallelDeflateException()); if (aCaughtException.hasValue()) - ::cppu::throwException(aCaughtException); + { + m_aDeflateException = aCaughtException; // store it for later throwing + // the exception handler in DeflateThread should have cleaned temp file + delete pCandidate; + return; + } writeLOC(pCandidate->getZipEntry(), pCandidate->isEncrypt()); @@ -178,6 +183,11 @@ void ZipOutputStream::finish() // consume all processed entries consumeAllScheduledThreadEntries(); + if (m_aDeflateException.hasValue()) + { // throw once all threads are finished and m_aEntries can be released + ::cppu::throwException(m_aDeflateException); + } + sal_Int32 nOffset= static_cast < sal_Int32 > (m_aChucker.GetPosition()); for (ZipEntry* p : m_aZipList) { diff --git a/package/source/zippackage/ZipPackageStream.cxx b/package/source/zippackage/ZipPackageStream.cxx index 43a9b85..5efb145 100644 --- a/package/source/zippackage/ZipPackageStream.cxx +++ b/package/source/zippackage/ZipPackageStream.cxx @@ -486,6 +486,17 @@ private: catch (const uno::Exception&) { mpEntry->setParallelDeflateException(::cppu::getCaughtException()); + try + { + if (mpEntry->m_xOutStream.is()) + mpEntry->closeBufferFile(); + if (!mpEntry->m_aTempURL.isEmpty()) + mpEntry->deleteBufferFile(); + } + catch (uno::Exception const&) + { + } + mpEntry->setFinished(); } } }; commit cd292ba17c62a90f3530326f7fc87036da16a353 Author: Michael Stahl <mst...@redhat.com> Date: Wed Jun 22 15:41:11 2016 +0200 vcl: avoid vcl_filters_test crash with ASAN 32-bit ASAN usually aborts on operator new[] allocation failure but with allocator_may_return_null=1 in ASAN_OPTIONS it returns null instead; it doesn't throw std::bad_alloc though. Change-Id: I28d67a787e90604c12ad06fd97d265664bd62ef2 diff --git a/vcl/headless/svpbmp.cxx b/vcl/headless/svpbmp.cxx index cb8c771..f5dabae 100644 --- a/vcl/headless/svpbmp.cxx +++ b/vcl/headless/svpbmp.cxx @@ -125,7 +125,17 @@ BitmapBuffer* ImplCreateDIB( { size_t size = pDIB->mnScanlineSize * pDIB->mnHeight; pDIB->mpBits = new sal_uInt8[size]; - std::memset(pDIB->mpBits, 0, size); +#ifdef __SANITIZE_ADDRESS__ + if (!pDIB->mpBits) + { // can only happen with ASAN allocator_may_return_null=1 + delete pDIB; + pDIB = nullptr; + } + else +#endif + { + std::memset(pDIB->mpBits, 0, size); + } } catch (const std::bad_alloc&) { _______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits