[Libreoffice] [PUSHED] Re: [PATCH] writer AnchoredObjects accessed after deletion under some circumstances
Michael Stahl
mstahl at redhat.com
Fri Nov 18 13:40:45 PST 2011
On 10/11/11 17:44, Caolán McNamara wrote:
> So, I have a document which triggers the attached traces.txt if I close
> the document before the layout completes.
>
> Here's what I think I see. The SwView goes away first, and the writer
> layout hierarchy goes away with it. Then the SwDoc goes away. The
> "SwLayouter" basically belongs to the SwDoc (for some good reason ?).
>
> During layout SwLayouter::InsertObjForTmpConsiderWrapInfluence can be
> called to add some pointers to AnchoredObjects into it temporarily.
> AnchoredObjects belong to the layout, and go away when the layout
> hierarchy is destroyed. If the layout process completes these get
> cleared out from the SwLayouter along the way.
>
> However, if you close the document before layout is complete,
> AnchoredObjects remain registered in SwLayouter, then the SwDoc
> destruction calls SwLayouter::ClearObjsTmpConsiderWrapInfluence which
> can try to access AnchoredObjects which were destroyed by the earlier
> destruction, ka-boom.
hmmm... before CWS swlayoutrefactoring the layout would be destroyed in
~SwDoc, so i guess destroying it earlier introduced this problem...
not knowing much about how the layout works, this all sounds quite
reasonable :)
> traces attached in traces.txt
>
> Attached is what I think is a plausible fix. Anyone got any alternative
> ideas or horrified (more than usual) by the suggested fix.
have just pushed it:
http://cgit.freedesktop.org/libreoffice/core/commit/?id=6c1ac01a4ac425456cb14e4ba34a3a2d9286453b
the layout move refactoring is in libreoffice-3-4, right?
so this is probably a regression in 3.4, and i would suggest fixing it
there too.
More information about the LibreOffice
mailing list