[Libreoffice-commits] core.git: 2 commits - package/inc package/source vcl/headless

Michael Stahl mstahl at redhat.com
Thu Jun 23 09:43:16 UTC 2016 

 package/inc/ZipOutputStream.hxx                |    1 +
 package/source/zipapi/ZipOutputStream.cxx      |   12 +++++++++++-
 package/source/zippackage/ZipPackageStream.cxx |   11 +++++++++++
 vcl/headless/svpbmp.cxx                        |   12 +++++++++++-
 4 files changed, 34 insertions(+), 2 deletions(-)

New commits:
commit 8d8b9b80b114b94b20b0bf1438d80e925b49e3bf
Author: Michael Stahl <mstahl at redhat.com>
Date:   Thu Jun 23 11:24:55 2016 +0200

    package: fix exception handling in DeflateThread (related tdf#91807)
    
    In the bugdoc of tdf#91807 there are at least 49 corrupt zip streams
    that raise exceptions in the DeflateThreads.  Because the maximum
    allowed number of threads happens to be 48, this results in an infinite
    loop in ZipOutputStream::reduceScheduledThreadsToGivenNumberOrLess().
    
    (regression from 7e2ea27e5d56f5cf767a6718a0f5edc28e24af14)
    
    In case an exception is thrown, don't re-throw it immediately, which
    might cause trouble such as leaking all of the ZipOutputEntry instances
    in m_aEntries.
    
    Change-Id: Ia74ab8e46fa1349c049d05dbec3454bfbe7d61d9

diff --git a/package/inc/ZipOutputStream.hxx b/package/inc/ZipOutputStream.hxx
index 26d7715..136bc72 100644
--- a/package/inc/ZipOutputStream.hxx
+++ b/package/inc/ZipOutputStream.hxx
@@ -40,6 +40,7 @@ class ZipOutputStream
     ZipEntry            *m_pCurrentEntry;
     comphelper::ThreadPool &m_rSharedThreadPool;
     std::vector< ZipOutputEntry* > m_aEntries;
+    ::css::uno::Any m_aDeflateException;
 
 public:
     ZipOutputStream(
diff --git a/package/source/zipapi/ZipOutputStream.cxx b/package/source/zipapi/ZipOutputStream.cxx
index 9213ed7..2daff01 100644
--- a/package/source/zipapi/ZipOutputStream.cxx
+++ b/package/source/zipapi/ZipOutputStream.cxx
@@ -98,7 +98,12 @@ void ZipOutputStream::consumeScheduledThreadEntry(ZipOutputEntry* pCandidate)
     //Any exceptions thrown in the threads were caught and stored for now
     ::css::uno::Any aCaughtException(pCandidate->getParallelDeflateException());
     if (aCaughtException.hasValue())
-        ::cppu::throwException(aCaughtException);
+    {
+        m_aDeflateException = aCaughtException; // store it for later throwing
+        // the exception handler in DeflateThread should have cleaned temp file
+        delete pCandidate;
+        return;
+    }
 
     writeLOC(pCandidate->getZipEntry(), pCandidate->isEncrypt());
 
@@ -178,6 +183,11 @@ void ZipOutputStream::finish()
     // consume all processed entries
     consumeAllScheduledThreadEntries();
 
+    if (m_aDeflateException.hasValue())
+    {   // throw once all threads are finished and m_aEntries can be released
+        ::cppu::throwException(m_aDeflateException);
+    }
+
     sal_Int32 nOffset= static_cast < sal_Int32 > (m_aChucker.GetPosition());
     for (ZipEntry* p : m_aZipList)
     {
diff --git a/package/source/zippackage/ZipPackageStream.cxx b/package/source/zippackage/ZipPackageStream.cxx
index 43a9b85..5efb145 100644
--- a/package/source/zippackage/ZipPackageStream.cxx
+++ b/package/source/zippackage/ZipPackageStream.cxx
@@ -486,6 +486,17 @@ private:
         catch (const uno::Exception&)
         {
             mpEntry->setParallelDeflateException(::cppu::getCaughtException());
+            try
+            {
+                if (mpEntry->m_xOutStream.is())
+                    mpEntry->closeBufferFile();
+                if (!mpEntry->m_aTempURL.isEmpty())
+                    mpEntry->deleteBufferFile();
+            }
+            catch (uno::Exception const&)
+            {
+            }
+            mpEntry->setFinished();
         }
     }
 };
commit cd292ba17c62a90f3530326f7fc87036da16a353
Author: Michael Stahl <mstahl at redhat.com>
Date:   Wed Jun 22 15:41:11 2016 +0200

    vcl: avoid vcl_filters_test crash with ASAN 32-bit
    
    ASAN usually aborts on operator new[] allocation failure but with
    allocator_may_return_null=1 in ASAN_OPTIONS it returns null instead; it
    doesn't throw std::bad_alloc though.
    
    Change-Id: I28d67a787e90604c12ad06fd97d265664bd62ef2

diff --git a/vcl/headless/svpbmp.cxx b/vcl/headless/svpbmp.cxx
index cb8c771..f5dabae 100644
--- a/vcl/headless/svpbmp.cxx
+++ b/vcl/headless/svpbmp.cxx
@@ -125,7 +125,17 @@ BitmapBuffer* ImplCreateDIB(
             {
                 size_t size = pDIB->mnScanlineSize * pDIB->mnHeight;
                 pDIB->mpBits = new sal_uInt8[size];
-                std::memset(pDIB->mpBits, 0, size);
+#ifdef __SANITIZE_ADDRESS__
+                if (!pDIB->mpBits)
+                {   // can only happen with ASAN allocator_may_return_null=1
+                    delete pDIB;
+                    pDIB = nullptr;
+                }
+                else
+#endif
+                {
+                    std::memset(pDIB->mpBits, 0, size);
+                }
             }
             catch (const std::bad_alloc&)
             {

More information about the Libreoffice-commits mailing list