[Libreoffice-bugs] [Bug 45303] New: python corrupting memory on print ?

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Jan 27 04:48:30 PST 2012 

https://bugs.freedesktop.org/show_bug.cgi?id=45303

             Bug #: 45303
           Summary: python corrupting memory on print ?
    Classification: Unclassified
           Product: LibreOffice
           Version: LibO Master
          Platform: Other
        OS/Version: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: medium
         Component: Libreoffice
        AssignedTo: libreoffice-bugs at lists.freedesktop.org
        ReportedBy: michael.meeks at novell.com


I run libreoffice writer (master) on the attached document, I print both pages,
and three copies of them (collated).

When I do that, I get this in valgrind:

==28051== Invalid read of size 4
==28051==    at 0x140D0AC1: PyObject_Free (obmalloc.c:969)
==28051==    by 0x1414D417: PyObject_GC_Del (gcmodule.c:1507)
==28051==    by 0x140A48A4: code_dealloc (codeobject.c:317)
==28051==    by 0x14132EF0: load_source_module (import.c:1022)
==28051==    by 0x14133C18: import_submodule (import.c:2596)
==28051==    by 0x14133EDC: load_next (import.c:2416)
==28051==    by 0x14134821: import_module_level.isra.3 (import.c:2137)
==28051==    by 0x14134AD0: PyImport_ImportModuleLevel (import.c:2189)
==28051==    by 0x1411C20E: builtin___import__ (bltinmodule.c:49)
==28051==    by 0x140CCD74: PyCFunction_Call (methodobject.c:85)
==28051==    by 0x140950F3: PyObject_Call (abstract.c:2529)
==28051==    by 0x1411D619: PyEval_CallObjectWithKeywords (ceval.c:3882)
==28051==  Address 0xe178010 is 8 bytes after a block of size 40 alloc'd
==28051==    at 0x4029C24: malloc (vg_replace_malloc.c:236)
==28051==    by 0x512E704: rtl_allocateMemory_SYSTEM(unsigned long)
(alloc_global.cxx:278)
==28051==    by 0x512E819: rtl_allocateMemory (alloc_global.cxx:311)
==28051==    by 0x64A829C: ??? (in
/data/opt/libreoffice/master/solver/unxlngi6.pro/lib/libtllo.so)
==28051==    by 0x64A8B49: String::Erase(unsigned short, unsigned short) (in
/data/opt/libreoffice/master/solver/unxlngi6.pro/lib/libtllo.so)
==28051==    by 0x65D1C7D: GetEnglishSearchFontName(String&) (in
/data/opt/libreoffice/master/solver/unxlngi6.pro/lib/libutllo.so)
==28051==    by 0x6A28EE2: ImplDevFontList::Add(ImplFontData*)
(outdev3.cxx:1495)
==28051==    by 0x6C68265: GenPspGraphics::AnnounceFonts(ImplDevFontList*,
psp::FastPrintFontInfo const&) (genpspgraphics.cxx:1230)
==28051==    by 0x6C67519: GenPspGraphics::GetDevFontList(ImplDevFontList*)
(genpspgraphics.cxx:904)
==28051==    by 0x6B2B9DC: Printer::ImplInit(SalPrinterQueueInfo*)
(print.cxx:538)
==28051==    by 0x6B2C430: Printer::Printer(rtl::OUString const&)
(print.cxx:685)
==28051==    by 0x5B43821: SfxPrinter::SfxPrinter(SfxItemSet*, JobSetup const&)
(in /data/opt/libreoffice/master/solver/unxlngi6.pro/lib/libsfxlo.so)
==28051== 
==28051== Conditional jump or move depends on uninitialised value(s)
==28051==    at 0x140D0ACA: PyObject_Free (obmalloc.c:969)
==28051==    by 0x1408B3A6: string_dealloc (stringobject.c:597)
==28051==    by 0x140A47C1: code_dealloc (codeobject.c:307)
==28051==    by 0x14132EF0: load_source_module (import.c:1022)
==28051==    by 0x14133C18: import_submodule (import.c:2596)
==28051==    by 0x14133EDC: load_next (import.c:2416)
==28051==    by 0x14134821: import_module_level.isra.3 (import.c:2137)
==28051==    by 0x14134AD0: PyImport_ImportModuleLevel (import.c:2189)
==28051==    by 0x1411C20E: builtin___import__ (bltinmodule.c:49)
==28051==    by 0x140CCD74: PyCFunction_Call (methodobject.c:85)
==28051==    by 0x140950F3: PyObject_Call (abstract.c:2529)
==28051==    by 0x1411D619: PyEval_CallObjectWithKeywords (ceval.c:3882)
==28051== 
==28051== Invalid read of size 4
==28051==    at 0x140D0AC1: PyObject_Free (obmalloc.c:969)
==28051==    by 0x1414D417: PyObject_GC_Del (gcmodule.c:1507)
==28051==    by 0x140A48A4: code_dealloc (codeobject.c:317)
==28051==    by 0x140E0633: tupledealloc (tupleobject.c:220)
==28051==    by 0x140A47DF: code_dealloc (codeobject.c:308)
==28051==    by 0x14132EF0: load_source_module (import.c:1022)
==28051==    by 0x14133C18: import_submodule (import.c:2596)
==28051==    by 0x14133EDC: load_next (import.c:2416)
==28051==    by 0x14134821: import_module_level.isra.3 (import.c:2137)
==28051==    by 0x14134AD0: PyImport_ImportModuleLevel (import.c:2189)
==28051==    by 0x1411C20E: builtin___import__ (bltinmodule.c:49)
==28051==    by 0x140CCD74: PyCFunction_Call (methodobject.c:85)
==28051==  Address 0xf89f010 is not stack'd, malloc'd or (recently) free'd
==28051== 

And much more badness. Looks pretty scary to me :-)

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Libreoffice-bugs mailing list