[Libreoffice-bugs] [Bug 39822] New: Valgrind errors loading jpeg

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Aug 3 22:22:54 PDT 2011 

https://bugs.freedesktop.org/show_bug.cgi?id=39822

           Summary: Valgrind errors loading jpeg
           Product: LibreOffice
           Version: LibO Master
          Platform: x86 (IA32)
        OS/Version: Linux (All)
            Status: NEW
          Severity: major
          Priority: medium
         Component: Writer
        AssignedTo: libreoffice-bugs at lists.freedesktop.org
        ReportedBy: marc-andre at atc.tcs.com


Created an attachment (id=49899)
 --> (https://bugs.freedesktop.org/attachment.cgi?id=49899)
Image which creates the problem

ODF editing is freezing. Valgrinding is showing errors loading one of the
images.

Unzipping and loading the pictures independently yielded the following valgrind
trace. I removed some of the crud at the top.

==31875== For counts of detected and suppressed errors, rerun with: -v
==31875== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 15 from 8)
==31835== Invalid read of size 8
==31835==    at 0x422F86CA: ??? (in /usr/lib/libjpeg.so.62.0.0)
==31835==  Address 0x17e43e10 is 37,496 bytes inside a block of size 37,500
alloc'd
==31835==    at 0x4006D69: malloc (vg_replace_malloc.c:236)
==31835==    by 0x403C3CD: rtl_allocateMemory_SYSTEM (alloc_global.c:294)
==31835==    by 0x403C44A: rtl_allocateMemory (alloc_global.c:324)
==31835==    by 0x4A5AD9A: JPEGReader::CreateBitmap(void*) (jpeg.cxx:403)
==31835==    by 0x495E047: ReadJPEG (jpegc.c:158)
==31835==    by 0x4A5B3D9: JPEGReader::Read(Graphic&) (jpeg.cxx:545)
==31835==    by 0x4A5B69D: ImportJPEG(SvStream&, Graphic&, void*, long)
(jpeg.cxx:752)
==31835==    by 0x4A47EA3: GraphicFilter::ImportGraphic(Graphic&, String
const&, SvStream&, unsigned short, unsigned short*, unsigned long,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>*,
WMF_APMFILEHEADER*) (filter.cxx:1481)
==31835==    by 0x4A48A5E: GraphicFilter::ImportGraphic(Graphic&, String
const&, SvStream&, unsigned short, unsigned short*, unsigned long,
WMF_APMFILEHEADER*) (filter.cxx:1309)
==31835==    by 0x4A48AD9: GraphicFilter::ImportGraphic(Graphic&, INetURLObject
const&, unsigned short, unsigned short*, unsigned long) (filter.cxx:1300)
==31835==    by 0x4A48C28: GraphicFilter::LoadGraphic(String const&, String
const&, Graphic&, GraphicFilter*, unsigned short*) (filter.cxx:2240)
==31835==    by 0xF656F7A: SwView::InsertGraphic(String const&, String const&,
unsigned char, GraphicFilter*, Graphic*, unsigned char) (view2.cxx:226)
==31835==    by 0xF65AA1C: SwView::InsertGraphicDlg(SfxRequest&)
(view2.cxx:423)
==31835==    by 0xF65CCC0: SwView::Execute(SfxRequest&) (view2.cxx:1150)
==31835==    by 0xF655163: SfxStubSwViewExecute(SfxShell*, SfxRequest&)
(swslots.hxx:11714)
==31835==    by 0x4510F98: SfxDispatcher::Call_Impl(SfxShell&, SfxSlot const&,
SfxRequest&, unsigned char) (shell.hxx:202)
==31835==    by 0x4511351: SfxDispatcher::PostMsgHandler(SfxRequest*)
(dispatch.cxx:1521)
==31835==    by 0x461D31A: SfxHintPoster::Event(SfxHint*) (link.hxx:140)
==31835==    by 0x461D26E: SfxHintPoster::LinkStubDoEvent_Impl(void*, void*)
(hintpost.cxx:78)
==31835==    by 0x53EA15E: ImplWindowFrameProc(Window*, SalFrame*, unsigned
short, void const*) (link.hxx:140)
==31835==    by 0x7F8B34F: SalDisplay::DispatchInternalEvent()
(salframe.hxx:294)
==31835==    by 0x7EFE718: GtkXLib::userEventFn(void*) (gtkdata.cxx:883)
==31835==    by 0x4DCF85D0: g_idle_dispatch (gmain.c:4558)
==31835==    by 0x4DCFC5BE: g_main_context_dispatch (gmain.c:2441)
==31835==    by 0x4DCFCD2F: g_main_context_iterate (gmain.c:3092)
==31835==    by 0x4DCFD06E: g_main_context_iteration (gmain.c:3155)
==31835==    by 0x7EFCF48: GtkXLib::Yield(bool, bool) (gtkdata.cxx:935)
==31835==    by 0x7F8E2BE: X11SalInstance::Yield(bool, bool) (salinst.cxx:280)
==31835==    by 0x52174CA: ImplYield(bool, bool) (svapp.cxx:447)
==31835==    by 0x521516D: Application::Yield(bool) (svapp.cxx:481)
==31835==    by 0x521519E: Application::Execute() (svapp.cxx:424)
==31835==    by 0x407E13F: desktop::Desktop::Main() (app.cxx:1912)
==31835==    by 0x521AB90: ImplSVMain() (svmain.cxx:181)
==31835==    by 0x521ACE1: SVMain() (svmain.cxx:218)
==31835==    by 0x4093FDA: soffice_main (sofficemain.cxx:68)
==31835==    by 0x8048ADF: main (main.c:36)
==31835== 
==31835== Conditional jump or move depends on uninitialised value(s)
==31835==    at 0x4118FF11: XcursorImageHash (xlib.c:292)
==31835==    by 0x41190098: XcursorNoticePutBitmap (xlib.c:363)
==31835==    by 0x41437E23: _XNoticePutBitmap (CrGlCur.c:204)
==31835==    by 0x41450019: XPutImage (PutImage.c:1040)
==31835==    by 0x7FAD7F8: ImplSalDDB::ImplSalDDB(_XImage*, unsigned long, int,
SalTwoRect const&) (salbmp.cxx:1006)
==31835==    by 0x7FAE524: X11SalBitmap::ImplGetDDB(unsigned long, int, long,
SalTwoRect const&) const (salbmp.cxx:751)
==31835==    by 0x7FAE5D9: X11SalBitmap::ImplDraw(unsigned long, int, long,
SalTwoRect const&, _XGC* const&) const (salbmp.cxx:773)
==31835==    by 0x7FB0623: X11SalGraphics::drawMaskedBitmap(SalTwoRect const*,
SalBitmap const&, SalBitmap const&) (salgdi2.cxx:727)
==31835==    by 0x7FB0873: X11SalGraphics::drawBitmap(SalTwoRect const*,
SalBitmap const&, SalBitmap const&) (salgdi2.cxx:677)
==31835==    by 0x535CDF2: SalGraphics::DrawBitmap(SalTwoRect const*, SalBitmap
const&, SalBitmap const&, OutputDevice const*) (salgdilayout.cxx:629)
==31835==    by 0x52D6887: OutputDevice::ImplDrawBitmapEx(Point const&, Size
const&, Point const&, Size const&, BitmapEx const&, unsigned long)
(outdev2.cxx:976)
==31835==    by 0x52D6C43: OutputDevice::DrawBitmapEx(Point const&, Size
const&, BitmapEx const&) (outdev2.cxx:768)
==31835==    by 0x4A7FFEB: GraphicManager::ImplCreateOutput(OutputDevice*,
Point const&, Size const&, BitmapEx const&, GraphicAttr const&, unsigned long,
BitmapEx*) (grfmgr2.cxx:623)
==31835==    by 0x4A80CCA: GraphicManager::ImplDraw(OutputDevice*, Point
const&, Size const&, GraphicObject&, GraphicAttr const&, unsigned long,
unsigned char&) (grfmgr2.cxx:343)
==31835==    by 0x4A81119: GraphicManager::DrawObj(OutputDevice*, Point const&,
Size const&, GraphicObject&, GraphicAttr const&, unsigned long, unsigned char&)
(grfmgr2.cxx:260)
==31835==    by 0x4A7B0D9: GraphicObject::Draw(OutputDevice*, Point const&,
Size const&, GraphicAttr const*, unsigned long) (grfmgr.cxx:607)
==31835==    by 0xFBA05A2:
drawinglayer::RenderBitmapPrimitive2D_GraphicManager(OutputDevice&, BitmapEx
const&, basegfx::B2DHomMatrix const&) (vclhelperbitmaprender.cxx:99)
==31835==    by 0xFBAA4C7:
drawinglayer::processor2d::VclProcessor2D::RenderBitmapPrimitive2D(drawinglayer::primitive2d::BitmapPrimitive2D
const&) (vclprocessor2d.cxx:437)
==31835==    by 0xFBA94FD:
drawinglayer::processor2d::VclPixelProcessor2D::processBasePrimitive2D(drawinglayer::primitive2d::BasePrimitive2D
const&) (vclpixelprocessor2d.cxx:195)
==31835==    by 0xFB9774F:
drawinglayer::processor2d::BaseProcessor2D::process(com::sun::star::uno::Sequence<com::sun::star::uno::Reference<com::sun::star::graphic::XPrimitive2D>
> const&) (baseprocessor2d.cxx:76)
==31835==    by 0xFBA9FC1:
drawinglayer::processor2d::VclPixelProcessor2D::processBasePrimitive2D(drawinglayer::primitive2d::BasePrimitive2D
const&) (vclpixelprocessor2d.cxx:614)
==31835==    by 0xFB9774F:
drawinglayer::processor2d::BaseProcessor2D::process(com::sun::star::uno::Sequence<com::sun::star::uno::Reference<com::sun::star::graphic::XPrimitive2D>
> const&) (baseprocessor2d.cxx:76)
==31835==    by 0x1038EA24:
sdr::overlay::OverlayManager::ImpDrawMembers(basegfx::B2DRange const&,
OutputDevice&) const (overlaymanager.cxx:91)
==31835==    by 0x1038EB82: sdr::overlay::OverlayManager::completeRedraw(Region
const&, OutputDevice*) const (overlaymanager.cxx:281)
==31835==    by 0x1038A56A:
sdr::overlay::OverlayManagerBuffered::completeRedraw(Region const&,
OutputDevice*) const (overlaymanagerbuffered.cxx:438)
==31835==    by 0x103A6FC3: SdrPaintWindow::DrawOverlay(Region const&, bool)
(sdrpaintwindow.cxx:286)
==31835==    by 0x1044D06D: SdrPaintView::EndCompleteRedraw(SdrPaintWindow&,
bool) (svdpntv.cxx:943)
==31835==    by 0x10319AFB: FmFormView::EndCompleteRedraw(SdrPaintWindow&,
bool) (fmview.cxx:500)
==31835==    by 0x1044CC99: SdrPaintView::EndDrawLayers(SdrPaintWindow&, bool)
(svdpntv.cxx:981)
==31835==    by 0xF4B4F62: ViewShell::DLPostPaint2(bool) (viewsh.cxx:181)
==31835==    by 0xF4B56B8: ViewShell::Paint(Rectangle const&) (viewsh.cxx:1670)
==31835==    by 0xF1822CE: SwCrsrShell::Paint(Rectangle const&)
(crsrsh.cxx:1169)
==31835==    by 0xF5DBDD2: SwEditWin::Paint(Rectangle const&) (edtwin2.cxx:536)
==31835==    by 0x53DCA23: Window::ImplCallPaint(Region const*, unsigned short)
(window.cxx:2422)
==31835==    by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short)
(window.cxx:2446)
==31835==    by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short)
(window.cxx:2446)
==31835==    by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short)
(window.cxx:2446)
==31835==    by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short)
(window.cxx:2446)
==31835==    by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short)
(window.cxx:2446)
==31835==    by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short)
(window.cxx:2446)
==31835==    by 0x53DD8F1: Window::ImplCallOverlapPaint() (window.cxx:2483)
==31835==    by 0x53DD93A: Window::ImplHandlePaintHdl(void*) (window.cxx:2503)
==31835==    by 0x521B149: Timer::Timeout() (link.hxx:140)
==31835==    by 0x521B1F8: Timer::ImplTimerCallbackProc() (timer.cxx:146)
==31835==    by 0x7F8FBF7: X11SalData::Timeout() const (saltimer.hxx:66)
==31835==    by 0x7EFE63E: GtkXLib::timeoutFn(void*) (gtkdata.cxx:811)
==31835==    by 0x4DCFDEAF: g_timeout_dispatch (gmain.c:3895)
==31835==    by 0x4DCFC5BE: g_main_context_dispatch (gmain.c:2441)
==31835==    by 0x4DCFCD2F: g_main_context_iterate (gmain.c:3092)
==31835==    by 0x4DCFD06E: g_main_context_iteration (gmain.c:3155)
==31835== 
==31835== 
==31835== HEAP SUMMARY:
==31835==     in use at exit: 2,351,368 bytes in 36,985 blocks
==31835==   total heap usage: 1,314,047 allocs, 1,277,062 frees, 114,403,313
bytes allocated
==31835== 
==31835== LEAK SUMMARY:
==31835==    definitely lost: 6,101 bytes in 81 blocks
==31835==    indirectly lost: 57,400 bytes in 2,114 blocks
==31835==      possibly lost: 69,962 bytes in 939 blocks
==31835==    still reachable: 2,217,905 bytes in 33,851 blocks
==31835==         suppressed: 0 bytes in 0 blocks
==31835== Rerun with --leak-check=full to see details of leaked memory
==31835== 
==31835== For counts of detected and suppressed errors, rerun with: -v
==31835== Use --track-origins=yes to see where uninitialised values come from
==31835== ERROR SUMMARY: 1865 errors from 10 contexts (suppressed: 418 from 15)
==31810== 
==31810== HEAP SUMMARY:
==31810==     in use at exit: 2,234 bytes in 57 blocks
==31810==   total heap usage: 970 allocs, 913 frees, 1,584,546 bytes allocated
==31810== 
==31810== LEAK SUMMARY:
==31810==    definitely lost: 124 bytes in 1 blocks
==31810==    indirectly lost: 0 bytes in 0 blocks
==31810==      possibly lost: 0 bytes in 0 blocks
==31810==    still reachable: 2,110 bytes in 56 blocks
==31810==         suppressed: 0 bytes in 0 blocks
==31810== Rerun with --leak-check=full to see details of leaked memory
==31810== 
==31810== For counts of detected and suppressed errors, rerun with: -v
==31810== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 31 from 11)

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Libreoffice-bugs mailing list