[Libreoffice-commits] core.git: 2 commits - package/inc package/source vcl/headless
Michael Stahl
mstahl at redhat.com
Thu Jun 23 09:43:16 UTC 2016
package/inc/ZipOutputStream.hxx | 1 +
package/source/zipapi/ZipOutputStream.cxx | 12 +++++++++++-
package/source/zippackage/ZipPackageStream.cxx | 11 +++++++++++
vcl/headless/svpbmp.cxx | 12 +++++++++++-
4 files changed, 34 insertions(+), 2 deletions(-)
New commits:
commit 8d8b9b80b114b94b20b0bf1438d80e925b49e3bf
Author: Michael Stahl <mstahl at redhat.com>
Date: Thu Jun 23 11:24:55 2016 +0200
package: fix exception handling in DeflateThread (related tdf#91807)
In the bugdoc of tdf#91807 there are at least 49 corrupt zip streams
that raise exceptions in the DeflateThreads. Because the maximum
allowed number of threads happens to be 48, this results in an infinite
loop in ZipOutputStream::reduceScheduledThreadsToGivenNumberOrLess().
(regression from 7e2ea27e5d56f5cf767a6718a0f5edc28e24af14)
In case an exception is thrown, don't re-throw it immediately, which
might cause trouble such as leaking all of the ZipOutputEntry instances
in m_aEntries.
Change-Id: Ia74ab8e46fa1349c049d05dbec3454bfbe7d61d9
diff --git a/package/inc/ZipOutputStream.hxx b/package/inc/ZipOutputStream.hxx
index 26d7715..136bc72 100644
--- a/package/inc/ZipOutputStream.hxx
+++ b/package/inc/ZipOutputStream.hxx
@@ -40,6 +40,7 @@ class ZipOutputStream
ZipEntry *m_pCurrentEntry;
comphelper::ThreadPool &m_rSharedThreadPool;
std::vector< ZipOutputEntry* > m_aEntries;
+ ::css::uno::Any m_aDeflateException;
public:
ZipOutputStream(
diff --git a/package/source/zipapi/ZipOutputStream.cxx b/package/source/zipapi/ZipOutputStream.cxx
index 9213ed7..2daff01 100644
--- a/package/source/zipapi/ZipOutputStream.cxx
+++ b/package/source/zipapi/ZipOutputStream.cxx
@@ -98,7 +98,12 @@ void ZipOutputStream::consumeScheduledThreadEntry(ZipOutputEntry* pCandidate)
//Any exceptions thrown in the threads were caught and stored for now
::css::uno::Any aCaughtException(pCandidate->getParallelDeflateException());
if (aCaughtException.hasValue())
- ::cppu::throwException(aCaughtException);
+ {
+ m_aDeflateException = aCaughtException; // store it for later throwing
+ // the exception handler in DeflateThread should have cleaned temp file
+ delete pCandidate;
+ return;
+ }
writeLOC(pCandidate->getZipEntry(), pCandidate->isEncrypt());
@@ -178,6 +183,11 @@ void ZipOutputStream::finish()
// consume all processed entries
consumeAllScheduledThreadEntries();
+ if (m_aDeflateException.hasValue())
+ { // throw once all threads are finished and m_aEntries can be released
+ ::cppu::throwException(m_aDeflateException);
+ }
+
sal_Int32 nOffset= static_cast < sal_Int32 > (m_aChucker.GetPosition());
for (ZipEntry* p : m_aZipList)
{
diff --git a/package/source/zippackage/ZipPackageStream.cxx b/package/source/zippackage/ZipPackageStream.cxx
index 43a9b85..5efb145 100644
--- a/package/source/zippackage/ZipPackageStream.cxx
+++ b/package/source/zippackage/ZipPackageStream.cxx
@@ -486,6 +486,17 @@ private:
catch (const uno::Exception&)
{
mpEntry->setParallelDeflateException(::cppu::getCaughtException());
+ try
+ {
+ if (mpEntry->m_xOutStream.is())
+ mpEntry->closeBufferFile();
+ if (!mpEntry->m_aTempURL.isEmpty())
+ mpEntry->deleteBufferFile();
+ }
+ catch (uno::Exception const&)
+ {
+ }
+ mpEntry->setFinished();
}
}
};
commit cd292ba17c62a90f3530326f7fc87036da16a353
Author: Michael Stahl <mstahl at redhat.com>
Date: Wed Jun 22 15:41:11 2016 +0200
vcl: avoid vcl_filters_test crash with ASAN 32-bit
ASAN usually aborts on operator new[] allocation failure but with
allocator_may_return_null=1 in ASAN_OPTIONS it returns null instead; it
doesn't throw std::bad_alloc though.
Change-Id: I28d67a787e90604c12ad06fd97d265664bd62ef2
diff --git a/vcl/headless/svpbmp.cxx b/vcl/headless/svpbmp.cxx
index cb8c771..f5dabae 100644
--- a/vcl/headless/svpbmp.cxx
+++ b/vcl/headless/svpbmp.cxx
@@ -125,7 +125,17 @@ BitmapBuffer* ImplCreateDIB(
{
size_t size = pDIB->mnScanlineSize * pDIB->mnHeight;
pDIB->mpBits = new sal_uInt8[size];
- std::memset(pDIB->mpBits, 0, size);
+#ifdef __SANITIZE_ADDRESS__
+ if (!pDIB->mpBits)
+ { // can only happen with ASAN allocator_may_return_null=1
+ delete pDIB;
+ pDIB = nullptr;
+ }
+ else
+#endif
+ {
+ std::memset(pDIB->mpBits, 0, size);
+ }
}
catch (const std::bad_alloc&)
{
More information about the Libreoffice-commits
mailing list