[Libreoffice-commits] core.git: vcl/source

Mon Jun 12 14:46:52 UTC 2017

vcl/source/uitest/uno/uiobject_uno.cxx |   26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

New commits:
commit 12e322e2732bdb904eac1615f96ad9318450cb59
Author: Stephan Bergmann <sbergman at redhat.com>
Date:   Mon Jun 12 16:45:45 2017 +0200

    Avoid use-after-free
    
    ...as seen in UITest_calc_demo:
    
    > ==1010== Invalid read of size 4
    > ==1010==    at 0x58DA550: __pthread_mutex_unlock_usercnt (/usr/src/debug/glibc-2.24-33-ge9e69e4/nptl/pthread_mutex_unlock.c:39)
    > ==1010==    by 0x58DA550: pthread_mutex_unlock (/usr/src/debug/glibc-2.24-33-ge9e69e4/nptl/pthread_mutex_unlock.c:324)
    > ==1010==    by 0x1085FB42: __gthread_mutex_unlock(pthread_mutex_t*) (/usr/lib/gcc/x86_64-redhat-linux/6.3.1/../../../../include/c++/6.3.1/x86_64-redhat-linux/bits/gthr-default.h:778)
    > ==1010==    by 0x10861414: std::mutex::unlock() (/usr/lib/gcc/x86_64-redhat-linux/6.3.1/../../../../include/c++/6.3.1/bits/std_mutex.h:121)
    > ==1010==    by 0x10861901: std::unique_lock<std::mutex>::unlock() (/usr/lib/gcc/x86_64-redhat-linux/6.3.1/../../../../include/c++/6.3.1/bits/std_mutex.h:323)
    > ==1010==    by 0x108604C6: std::unique_lock<std::mutex>::~unique_lock() (/usr/lib/gcc/x86_64-redhat-linux/6.3.1/../../../../include/c++/6.3.1/bits/std_mutex.h:232)
    > ==1010==    by 0x1085FA5E: (anonymous namespace)::ExecuteWrapper::ExecuteActionHdl(Timer*) (/vcl/source/uitest/uno/uiobject_uno.cxx:103)
    > ==1010==    by 0x1085EDE7: (anonymous namespace)::ExecuteWrapper::LinkStubExecuteActionHdl(void*, Timer*) (/vcl/source/uitest/uno/uiobject_uno.cxx:85)
    > ==1010==    by 0x10715647: Link<Timer*, void>::Call(Timer*) const (/include/tools/link.hxx:84)
    > ==1010==    by 0x107154A6: Timer::Invoke() (/vcl/source/app/timer.cxx:89)
    > ==1010==    by 0x106D3841: ImplSchedulerData::Invoke() (/vcl/source/app/scheduler.cxx:46)
    > ==1010==    by 0x106D3D28: Scheduler::ProcessTaskScheduling(bool) (/vcl/source/app/scheduler.cxx:159)
    > ==1010==    by 0x107040EF: ImplYield(bool, bool, unsigned long) (/vcl/source/app/svapp.cxx:508)
    > ==1010==    by 0x106FE9A7: Application::Yield() (/vcl/source/app/svapp.cxx:558)
    > ==1010==    by 0x106FE92A: Application::Execute() (/vcl/source/app/svapp.cxx:458)
    > ==1010==    by 0x513F498: desktop::Desktop::DoExecute() (/desktop/source/app/app.cxx:1354)
    > ==1010==    by 0x5141660: desktop::Desktop::Main() (/desktop/source/app/app.cxx:1698)
    > ==1010==    by 0x10711884: ImplSVMain() (/vcl/source/app/svmain.cxx:192)
    > ==1010==    by 0x10713197: SVMain() (/vcl/source/app/svmain.cxx:230)
    > ==1010==    by 0x51AEDF7: soffice_main (/desktop/source/app/sofficemain.cxx:166)
    > ==1010==    by 0x40091C: sal_main (/desktop/source/app/main.c:48)
    > ==1010==    by 0x4008F6: main (/desktop/source/app/main.c:47)
    > ==1010==  Address 0x2ccca4e8 is 72 bytes inside a block of size 96 free'd
    > ==1010==    at 0x4C2F21A: operator delete(void*) (/builddir/build/BUILD/valgrind-3.12.0/coregrind/m_replacemalloc/vg_replace_malloc.c:576)
    > ==1010==    by 0x1085FA55: (anonymous namespace)::ExecuteWrapper::ExecuteActionHdl(Timer*) (/vcl/source/uitest/uno/uiobject_uno.cxx:102)
    > ==1010==    by 0x1085EDE7: (anonymous namespace)::ExecuteWrapper::LinkStubExecuteActionHdl(void*, Timer*) (/vcl/source/uitest/uno/uiobject_uno.cxx:85)
    > ==1010==    by 0x10715647: Link<Timer*, void>::Call(Timer*) const (/include/tools/link.hxx:84)
    > ==1010==    by 0x107154A6: Timer::Invoke() (/vcl/source/app/timer.cxx:89)
    > ==1010==    by 0x106D3841: ImplSchedulerData::Invoke() (/vcl/source/app/scheduler.cxx:46)
    > ==1010==    by 0x106D3D28: Scheduler::ProcessTaskScheduling(bool) (/vcl/source/app/scheduler.cxx:159)
    > ==1010==    by 0x107040EF: ImplYield(bool, bool, unsigned long) (/vcl/source/app/svapp.cxx:508)
    > ==1010==    by 0x106FE9A7: Application::Yield() (/vcl/source/app/svapp.cxx:558)
    > ==1010==    by 0x106FE92A: Application::Execute() (/vcl/source/app/svapp.cxx:458)
    > ==1010==    by 0x513F498: desktop::Desktop::DoExecute() (/desktop/source/app/app.cxx:1354)
    > ==1010==    by 0x5141660: desktop::Desktop::Main() (/desktop/source/app/app.cxx:1698)
    > ==1010==    by 0x10711884: ImplSVMain() (/vcl/source/app/svmain.cxx:192)
    > ==1010==    by 0x10713197: SVMain() (/vcl/source/app/svmain.cxx:230)
    > ==1010==    by 0x51AEDF7: soffice_main (/desktop/source/app/sofficemain.cxx:166)
    > ==1010==    by 0x40091C: sal_main (/desktop/source/app/main.c:48)
    > ==1010==    by 0x4008F6: main (/desktop/source/app/main.c:47)
    
    Change-Id: Ie95bf07f2fcd9420c9c24e6829272430895957a6

diff --git a/vcl/source/uitest/uno/uiobject_uno.cxx b/vcl/source/uitest/uno/uiobject_uno.cxx
index 997fade9cc2a..c69988154653 100644
--- a/vcl/source/uitest/uno/uiobject_uno.cxx
+++ b/vcl/source/uitest/uno/uiobject_uno.cxx
@@ -84,20 +84,22 @@ public:
 
 IMPL_LINK_NOARG(ExecuteWrapper, ExecuteActionHdl, Timer*, void)
 {
-    Idle aIdle;
     {
-        mFunc();
-        aIdle.SetDebugName("UI Test Idle Handler2");
-        aIdle.SetPriority(TaskPriority::LOWEST);
-        aIdle.SetInvokeHandler(mHandler);
-        aIdle.Start();
-    }
+        Idle aIdle;
+        {
+            mFunc();
+            aIdle.SetDebugName("UI Test Idle Handler2");
+            aIdle.SetPriority(TaskPriority::LOWEST);
+            aIdle.SetInvokeHandler(mHandler);
+            aIdle.Start();
+        }
 
-    Scheduler::ProcessEventsToSignal(mbSignal);
-    std::unique_lock<std::mutex> lock(mMutex);
-    while (!mbSignal)
-    {
-        std::this_thread::sleep_for(std::chrono::milliseconds(5));
+        Scheduler::ProcessEventsToSignal(mbSignal);
+        std::unique_lock<std::mutex> lock(mMutex);
+        while (!mbSignal)
+        {
+            std::this_thread::sleep_for(std::chrono::milliseconds(5));
+        }
     }
     delete this;
 }
