[Libreoffice-commits] core.git: vcl/source

Caolán McNamara caolanm at redhat.com
Fri Jan 6 11:02:58 UTC 2017 

 vcl/source/filter/igif/gifread.cxx |   13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

New commits:
commit 22e1fc5402c17c8459873e621f7630674d2b98f1
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Jan 6 10:32:56 2017 +0000

    lsan+wmffuzzer shows a circular reference leading to a leak
    
    graphic gets a context set on it which has a shallow copy
    of the graphic in it.
    
    ==37==ERROR: LeakSanitizer: detected memory leaks
    
    Indirect leak of 1024 byte(s) in 1 object(s) allocated from:
        #0 0x6170b0 in operator new[](unsigned long) /src/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:84
        #1 0x91361b in BitmapPalette::BitmapPalette(unsigned short) /src/libreoffice/include/vcl/salbtype.hxx:467:56
        #2 0x9029f0 in GIFReader::GIFReader(SvStream&) /src/libreoffice/vcl/source/filter/igif/gifread.cxx:114:7
        #3 0x91648d in std::__1::__libcpp_compressed_pair_imp<std::__1::allocator<GIFReader>, GIFReader, 1u>::__libcpp_compressed_pair_imp<std::__1::allocator<GIFReader>&, SvStream&, 0ul, 0ul>(std::__1::piecewise_construct_t, std::__1::tuple<std::__1::allocator<GIFReader>&>, std::__1::tuple<SvStream&>, std::__1::__tuple_indices<0ul>, std::__1::__tuple_indices<0ul>) /usr/local/bin/../include/c++/v1/memory:2173:15
        #4 0x91648d in std::__1::__compressed_pair<std::__1::allocator<GIFReader>, GIFReader>::__compressed_pair<std::__1::allocator<GIFReader>&, SvStream&>(std::__1::piecewise_construct_t, std::__1::tuple<std::__1::allocator<GIFReader>&>, std::__1::tuple<SvStream&>) /usr/local/bin/../include/c++/v1/memory:2330
        #5 0x91648d in std::__1::__shared_ptr_emplace<GIFReader, std::__1::allocator<GIFReader> >::__shared_ptr_emplace<SvStream&>(std::__1::allocator<GIFReader>, SvStream&) /usr/local/bin/../include/c++/v1/memory:3827
        #6 0x91648d in std::__1::shared_ptr<GIFReader> std::__1::shared_ptr<GIFReader>::make_shared<SvStream&>(SvStream&) /usr/local/bin/../include/c++/v1/memory:4443
        #7 0x91284b in _ZNSt3__111make_sharedI9GIFReaderJR8SvStreamEEENS_9enable_ifIXntsr8is_arrayIT_EE5valueENS_10shared_ptrIS5_EEE4typeEDpOT0_ /usr/local/bin/../include/c++/v1/memory:4807:12
        #8 0x91284b in ImportGIF(SvStream&, Graphic&) /src/libreoffice/vcl/source/filter/igif/gifread.cxx:889
        #9 0x61c85c in LLVMFuzzerTestOneInput /src/libreoffice/vcl/workben/giffuzzer.cxx:18:11
        #10 0x575ef58 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:546:13
        #11 0x575fcb4 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:497:3
        #12 0x577e43a in fuzzer::Fuzzer::RunOne(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&) /src/libfuzzer/FuzzerInternal.h:119:41
        #13 0x575e5ad in fuzzer::Fuzzer::ShuffleAndMinimize(std::__1::vector<std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >, std::__1::allocator<std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > > >*) /src/libfuzzer/FuzzerLoop.cpp:476:30
        #14 0x5708588 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:534:6
        #15 0x56fb3c8 in main /src/libfuzzer/FuzzerMain.cpp:20:10
        #16 0x7fb5f13da82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    
    Change-Id: I1384f4ced094e79a27e7d15b569c88f129cd115a

diff --git a/vcl/source/filter/igif/gifread.cxx b/vcl/source/filter/igif/gifread.cxx
index 4cd2994..3789ebb 100644
--- a/vcl/source/filter/igif/gifread.cxx
+++ b/vcl/source/filter/igif/gifread.cxx
@@ -49,7 +49,6 @@ class SvStream;
 
 class GIFReader : public GraphicReader
 {
-    Graphic             aImGraphic;
     Animation           aAnimation;
     Bitmap              aBmp8;
     Bitmap              aBmp1;
@@ -103,10 +102,9 @@ class GIFReader : public GraphicReader
 public:
 
     ReadState           ReadGIF( Graphic& rGraphic );
-    const Graphic&      GetIntermediateGraphic();
+    Graphic             GetIntermediateGraphic();
 
     explicit            GIFReader( SvStream& rStm );
-    virtual             ~GIFReader() override;
 };
 
 GIFReader::GIFReader( SvStream& rStm )
@@ -145,11 +143,6 @@ GIFReader::GIFReader( SvStream& rStm )
     ClearImageExtensions();
 }
 
-GIFReader::~GIFReader()
-{
-    aImGraphic.SetContext( nullptr );
-}
-
 void GIFReader::ClearImageExtensions()
 {
     nGCDisposalMethod = 0;
@@ -651,8 +644,10 @@ void GIFReader::CreateNewBitmaps()
     }
 }
 
-const Graphic& GIFReader::GetIntermediateGraphic()
+Graphic GIFReader::GetIntermediateGraphic()
 {
+    Graphic aImGraphic;
+
     // only create intermediate graphic, if data is available
     // but graphic still not completely read
     if ( bImGraphicReady && !aAnimation.Count() )

More information about the Libreoffice-commits mailing list