https://bugs.documentfoundation.org/show_bug.cgi?id=126138
Bug ID: 126138
Summary: -fsanitize=dynamic-type-mismatch in
SwTabFrame::FindLastContent (SwTabFrame vs.
SwContentFrame) during --convert-to pdf
Product: LibreOffice
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: Writer
Assignee: libreoffice-bugs@lists.freedesktop.org
Reporter: sberg...@redhat.com
CC: michael.st...@cib.de, vmik...@collabora.com
At least on recent master built with UBSan, `--headless --convert-to pdf
doc/fdo53816-2.doc` as obtained by bin/get-bugzilla-attachments-by-mimetype
(i.e., attachment 65809 at bug 53816 comment 1) fails with
> sw/source/core/layout/tabfrm.cxx:3429:12: runtime error: downcast of address
> 0x612000459640 which does not point to an object of type 'SwContentFrame'
> 0x612000459640: note: object is of type 'SwTabFrame'
> 43 01 80 13 b0 50 5c b7 a5 7f 00 00 bd 18 00 00 00 00 00 00 0d 18 1b 00
> 00 00 00 00 40 11 00 00
> ^~~~~~~~~~~~~~~~~~~~~~~
> vptr for 'SwTabFrame'
> #0 in SwTabFrame::FindLastContent() at
> sw/source/core/layout/tabfrm.cxx:3429:12
> (instdir/program/../program/libswlo.so +0xe0a351a)
> #1 in SwFrame::GetNextLeaf(MakePageType) at
> sw/source/core/layout/flowfrm.cxx:918:64
> (instdir/program/../program/libswlo.so +0xd9d8eb4)
> #2 in SwFrame::GetLeaf(MakePageType, bool) at
> sw/source/core/layout/flowfrm.cxx:821:19
> (instdir/program/../program/libswlo.so +0xd9d88b8)
> #3 in SwFlowFrame::MoveBwd(bool&) at
> sw/source/core/layout/flowfrm.cxx:2363:37
> (instdir/program/../program/libswlo.so +0xda0e4c3)
> #4 in SwTabFrame::MakeAll(OutputDevice*) at
> sw/source/core/layout/tabfrm.cxx:2086:18
> (instdir/program/../program/libswlo.so +0xe07380c)
> #5 in SwFrame::PrepareMake(OutputDevice*) at
> sw/source/core/layout/calcmove.cxx:364:5
> (instdir/program/../program/libswlo.so +0xd8f72fc)
> #6 in SwFrame::Calc(OutputDevice*) const at
> sw/source/core/layout/trvlfrm.cxx:1791:37
> (instdir/program/../program/libswlo.so +0xe131abe)
> #7 in SwFrame::PrepareMake(OutputDevice*) at
> sw/source/core/layout/calcmove.cxx:248:25
> (instdir/program/../program/libswlo.so +0xd8f30ac)
> #8 in SwFrame::Calc(OutputDevice*) const at
> sw/source/core/layout/trvlfrm.cxx:1791:37
> (instdir/program/../program/libswlo.so +0xe131abe)
> #9 in SwFrame::PrepareMake(OutputDevice*) at
> sw/source/core/layout/calcmove.cxx:248:25
> (instdir/program/../program/libswlo.so +0xd8f30ac)
> #10 in SwFrame::Calc(OutputDevice*) const at
> sw/source/core/layout/trvlfrm.cxx:1791:37
> (instdir/program/../program/libswlo.so +0xe131abe)
> #11 in SwFrame::PrepareMake(OutputDevice*) at
> sw/source/core/layout/calcmove.cxx:248:25
> (instdir/program/../program/libswlo.so +0xd8f30ac)
> #12 in SwFrame::Calc(OutputDevice*) const at
> sw/source/core/layout/trvlfrm.cxx:1791:37
> (instdir/program/../program/libswlo.so +0xe131abe)
> #13 in SwTabFrame::MakeAll(OutputDevice*) at
> sw/source/core/layout/tabfrm.cxx:2579:47
> (instdir/program/../program/libswlo.so +0xe081647)
> #14 in SwFrame::PrepareMake(OutputDevice*) at
> sw/source/core/layout/calcmove.cxx:364:5
> (instdir/program/../program/libswlo.so +0xd8f72fc)
> #15 in SwFrame::Calc(OutputDevice*) const at
> sw/source/core/layout/trvlfrm.cxx:1791:37
> (instdir/program/../program/libswlo.so +0xe131abe)
> #16 in lcl_InnerCalcLayout(SwFrame*, long, bool) at
> sw/source/core/layout/tabfrm.cxx:1583:21
> (instdir/program/../program/libswlo.so +0xe05a672)
> #17 in lcl_InnerCalcLayout(SwFrame*, long, bool) at
> sw/source/core/layout/tabfrm.cxx:1585:25
> (instdir/program/../program/libswlo.so +0xe05aa57)
> #18 in lcl_InnerCalcLayout(SwFrame*, long, bool) at
> sw/source/core/layout/tabfrm.cxx:1585:25
> (instdir/program/../program/libswlo.so +0xe05aa57)
> #19 in lcl_RecalcRow(SwRowFrame*, long) at
> sw/source/core/layout/tabfrm.cxx:1620:16
> (instdir/program/../program/libswlo.so +0xe089530)
> #20 in lcl_RecalcTable(SwTabFrame&, SwLayoutFrame*, SwLayNotify&) at
> sw/source/core/layout/tabfrm.cxx:1724:9
> (instdir/program/../program/libswlo.so +0xe087c61)
> #21 in SwTabFrame::MakeAll(OutputDevice*) at
> sw/source/core/layout/tabfrm.cxx:2114:21
> (instdir/program/../program/libswlo.so +0xe074a1e)
> #22 in SwTabFrame::MakeAll(OutputDevice*) at
> sw/source/core/layout/tabfrm.cxx:2536:42
> (instdir/program/../program/libswlo.so +0xe07f7b0)
> #23 in SwFrame::PrepareMake(OutputDevice*) at
> sw/source/core/layout/calcmove.cxx:364:5
> (instdir/program/../program/libswlo.so +0xd8f72fc)
> #24 in SwFrame::Calc(OutputDevice*) const at
> sw/source/core/layout/trvlfrm.cxx:1791:37
> (instdir/program/../program/libswlo.so +0xe131abe)
> #25 in SwLayAction::IsShortCut(SwPageFrame*&) at
> sw/source/core/layout/layact.cxx:1088:31
> (instdir/program/../program/libswlo.so +0xdc501e6)
> #26 in SwLayAction::InternalAction(OutputDevice*) at
> sw/source/core/layout/layact.cxx:482:44
> (instdir/program/../program/libswlo.so +0xdc3eec0)
> #27 in SwLayAction::Action(OutputDevice*) at
> sw/source/core/layout/layact.cxx:349:5 (instdir/program/../program/libswlo.so
> +0xdc3b6f0)
> #28 in SwRootFrame::PaintSwFrame(OutputDevice&, SwRect const&, SwPrintData
> const*) const at sw/source/core/layout/paintfrm.cxx:2965:17
> (instdir/program/../program/libswlo.so +0xde3a4c3)
> #29 in SwViewShell::PrintOrPDFExport(OutputDevice*, SwPrintData const&, int,
> bool) at sw/source/core/view/vprint.cxx:542:30
> (instdir/program/../program/libswlo.so +0x103bb673)
> #30 in SwXTextDocument::render(int, com::sun::star::uno::Any const&,
> com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
> at sw/source/uibase/uno/unotxdoc.cxx:3051:32
> (instdir/program/../program/libswlo.so +0x1277e95a)
> #31 in PDFExport::ExportSelection(vcl::PDFWriter&,
> com::sun::star::uno::Reference<com::sun::star::view::XRenderable> const&,
> com::sun::star::uno::Any const&, StringRangeEnumerator const&,
> com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&, int) at
> filter/source/pdf/pdfexport.cxx:227:34
> (instdir/program/../program/libpdffilterlo.so +0x2db226)
> #32 in PDFExport::Export(rtl::OUString const&,
> com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
> at filter/source/pdf/pdfexport.cxx:939:28
> (instdir/program/../program/libpdffilterlo.so +0x2f35d5)
> #33 in
> PDFFilter::implExport(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
> const&) at filter/source/pdf/pdffilter.cxx:155:24
> (instdir/program/../program/libpdffilterlo.so +0x33dc9f)
> #34 in
> PDFFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
> const&) at filter/source/pdf/pdffilter.cxx:216:23
> (instdir/program/../program/libpdffilterlo.so +0x33eb1f)
> #35 in SfxObjectShell::ExportTo(SfxMedium&) at
> sfx2/source/doc/objstor.cxx:2422:25 (instdir/program/libsfxlo.so +0x4ba8653)
> #36 in SfxObjectShell::SaveTo_Impl(SfxMedium&, SfxItemSet const*) at
> sfx2/source/doc/objstor.cxx:1513:19 (instdir/program/libsfxlo.so +0x4b986d2)
> #37 in SfxObjectShell::PreDoSaveAs_Impl(rtl::OUString const&, rtl::OUString
> const&, SfxItemSet const&) at sfx2/source/doc/objstor.cxx:2828:39
> (instdir/program/libsfxlo.so +0x4bc7b1c)
> #38 in SfxObjectShell::CommonSaveAs_Impl(INetURLObject const&, rtl::OUString
> const&, SfxItemSet&) at sfx2/source/doc/objstor.cxx:2685:9
> (instdir/program/libsfxlo.so +0x4bc15b3)
> #39 in SfxObjectShell::APISaveAs_Impl(rtl::OUString const&, SfxItemSet&) at
> sfx2/source/doc/objserv.cxx:330:19 (instdir/program/libsfxlo.so +0x4b37598)
> #40 in SfxBaseModel::impl_store(rtl::OUString const&,
> com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&,
> bool) at sfx2/source/doc/sfxbasemodel.cxx:3026:42
> (instdir/program/libsfxlo.so +0x4d242b6)
> #41 in SfxBaseModel::storeToURL(rtl::OUString const&,
> com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)
> at sfx2/source/doc/sfxbasemodel.cxx:1697:13 (instdir/program/libsfxlo.so
> +0x4d2a9ab)
> #42 in
> desktop::DispatchWatcher::executeDispatchRequests(std::__debug::vector<desktop::DispatchWatcher::DispatchRequest,
> std::allocator<desktop::DispatchWatcher::DispatchRequest> > const&, bool) at
> desktop/source/app/dispatchwatcher.cxx:655:48
> (instdir/program/libsofficeapp.so +0x9060f8)
> #43 in
> desktop::RequestHandler::ExecuteCmdLineRequests(desktop::ProcessDocumentsRequest&,
> bool) at desktop/source/app/officeipcthread.cxx:1360:38
> (instdir/program/libsofficeapp.so +0x972cb0)
> #44 in desktop::Desktop::OpenClients() at desktop/source/app/app.cxx:2148:14
> (instdir/program/libsofficeapp.so +0x7e4739)
> #45 in desktop::Desktop::OpenClients_Impl(void*) at
> desktop/source/app/app.cxx:1935:9 (instdir/program/libsofficeapp.so +0x7de8c1)
> #46 in desktop::Desktop::LinkStubOpenClients_Impl(void*, void*) at
> desktop/source/app/app.cxx:1918:1 (instdir/program/libsofficeapp.so +0x7d9d7a)
> #47 in Link<void*, void>::Call(void*) const at include/tools/link.hxx:112:45
> (instdir/program/libvcllo.so +0x6acdbc1)
> #48 in ImplHandleUserEvent(ImplSVEvent*) at
> vcl/source/window/winproc.cxx:1964:30 (instdir/program/libvcllo.so +0x6abb56f)
> #49 in ImplWindowFrameProc(vcl::Window*, SalEvent, void const*) at
> vcl/source/window/winproc.cxx:2517:13 (instdir/program/libvcllo.so +0x6aa4645)
> #50 in SalFrame::CallCallback(SalEvent, void const*) const at
> vcl/inc/salframe.hxx:299:29 (instdir/program/libvcllo.so +0x9bb7fa8)
> #51 in SvpSalInstance::ProcessEvent(SalUserEventList::SalUserEvent) at
> vcl/headless/svpinst.cxx:282:22 (instdir/program/libvcllo.so +0x9c3d8b2)
> #52 in non-virtual thunk to
> SvpSalInstance::ProcessEvent(SalUserEventList::SalUserEvent) at
> vcl/headless/svpinst.cxx (instdir/program/libvcllo.so +0x9c3e2e2)
> #53 in SalUserEventList::DispatchUserEvents(bool) at
> vcl/source/app/salusereventlist.cxx:109:17 (instdir/program/libvcllo.so
> +0x8e746e8)
> #54 in SvpSalInstance::DoYield(bool, bool) at
> vcl/headless/svpinst.cxx:427:19 (instdir/program/libvcllo.so +0x9c424f4)
> #55 in ImplYield(bool, bool) at vcl/source/app/svapp.cxx:457:48
> (instdir/program/libvcllo.so +0x91af8b3)
> #56 in Application::Yield() at vcl/source/app/svapp.cxx:521:5
> (instdir/program/libvcllo.so +0x91aee37)
> #57 in Application::Execute() at vcl/source/app/svapp.cxx:438:9
> (instdir/program/libvcllo.so +0x91aebac)
> #58 in desktop::Desktop::Main() at desktop/source/app/app.cxx:1620:17
> (instdir/program/libsofficeapp.so +0x7d3700)
> #59 in ImplSVMain() at vcl/source/app/svmain.cxx:202:35
> (instdir/program/libvcllo.so +0x92569bc)
> #60 in SVMain() at vcl/source/app/svmain.cxx:236:12
> (instdir/program/libvcllo.so +0x925ff30)
> #61 in soffice_main at desktop/source/app/sofficemain.cxx:170:12
> (instdir/program/libsofficeapp.so +0x9b47b1)
> #62 in sal_main at desktop/source/app/main.c:48:15
> (instdir/program/soffice.bin +0x323dcc)
> #63 in main at desktop/source/app/main.c:47:1 (instdir/program/soffice.bin
> +0x323da6)
> #64 in __libc_start_main at
> /usr/src/debug/glibc-2.29-24-g2ec0b166bf/csu/../csu/libc-start.c:308:16
> (/lib64/libc.so.6 +0x23f32)
> #65 in _start at <null> (instdir/program/soffice.bin +0x24e02d)
>
> SUMMARY: UndefinedBehaviorSanitizer: dynamic-type-mismatch
> sw/source/core/layout/tabfrm.cxx:3429:12 in
--
You are receiving this mail because:
You are the assignee for the bug._______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs
