[Libreoffice-commits] core.git: vcl/unx

Stephan Bergmann sbergman at redhat.com
Thu Jun 7 07:41:06 UTC 2018 

 vcl/unx/generic/glyphs/glyphcache.cxx |    7 -------
 1 file changed, 7 deletions(-)

New commits:
commit 0083269c3cbdb3de2ec92dafaecae5911c30fa04
Author: Stephan Bergmann <sbergman at redhat.com>
Date:   Thu Jun 7 08:27:17 2018 +0200

    Revert "Revert "Blind attempt to fix UBSAN error in FreetypeFont""
    
    This reverts commit 3220ada5159307be8a93da3a57d2bfec0c826bf5.  The ASan heap-
    use-after-free came back, as seen (seemingly reliably, this time) during
    CppunitTest_sw_ooxmlimport:
    
    > ==4510==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000c72ea8 at pc 0x7f9e4d9b567e bp 0x7ffcb2648770 sp 0x7ffcb2648768
    > READ of size 8 at 0x611000c72ea8 thread T0
    >  #0 in FreetypeFont::Release() const at vcl/unx/generic/glyphs/glyphcache.cxx:311:5 (instdir/program/libvcllo.so +0x68ec67d)
    >  #1 in FreetypeFontInstance::~FreetypeFontInstance() at vcl/unx/generic/glyphs/glyphcache.cxx:371:25 (instdir/program/libvcllo.so +0x68efdc7)
    >  #2 in FreetypeFontInstance::~FreetypeFontInstance() at vcl/unx/generic/glyphs/glyphcache.cxx:368:1 (instdir/program/libvcllo.so +0x68efe6e)
    >  #3 in LogicalFontInstance::Release() at vcl/source/font/fontinstance.cxx:136:13 (instdir/program/libvcllo.so +0x6376ceb)
    >  #4 in FreetypeFont::~FreetypeFont() at vcl/unx/generic/glyphs/freetype_glyphcache.cxx:488:21 (instdir/program/libvcllo.so +0x68ab549)
    >  #5 in GlyphCache::InvalidateAllGlyphs() at vcl/unx/generic/glyphs/glyphcache.cxx:57:9 (instdir/program/libvcllo.so +0x68e6c6c)
    >  #6 in GlyphCache::~GlyphCache() at vcl/unx/generic/glyphs/glyphcache.cxx:47:5 (instdir/program/libvcllo.so +0x68e664c)
    >  #7 in GlyphCache::~GlyphCache() at vcl/unx/generic/glyphs/glyphcache.cxx:46:1 (instdir/program/libvcllo.so +0x68e6fde)
    >  #8 in std::default_delete<GlyphCache>::operator()(GlyphCache*) const at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:81:2 (instdir/program/libvcllo.so +0x68679d9)
    >  #9 in std::unique_ptr<GlyphCache, std::default_delete<GlyphCache> >::~unique_ptr() at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:274:4 (instdir/program/libvcllo.so +0x6867739)
    >  #10 in std::unique_ptr<GlyphCache, std::default_delete<GlyphCache> >::~unique_ptr() at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:271:7 (instdir/program/libvcllo.so +0x68675ce)
    >  #11 in (anonymous namespace)::GlyphCacheHolder::~GlyphCacheHolder() at vcl/headless/svpglyphcache.cxx:33:12 (instdir/program/libvcllo.so +0x686667e)
    >  #12 in __run_exit_handlers at /usr/src/debug/glibc-2.27-56-g50df56ca86/stdlib/exit.c:108:8 (/lib64/libc.so.6 +0x3966b)
    >  #13 in __GI_exit at /usr/src/debug/glibc-2.27-56-g50df56ca86/stdlib/exit.c:139:3 (/lib64/libc.so.6 +0x3979b)
    >  #14 in __libc_start_main at /usr/src/debug/glibc-2.27-56-g50df56ca86/csu/../csu/libc-start.c:342:3 (/lib64/libc.so.6 +0x23191)
    >  #15 in _start at <null> (workdir/LinkTarget/Executable/cppunittester +0x42f349)
    >
    > 0x611000c72ea8 is located 104 bytes inside of 216-byte region [0x611000c72e40,0x611000c72f18)
    > freed by thread T0 here:
    >  #0 in operator delete(void*, unsigned long) at /data/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_new_delete.cc:162:3 (workdir/LinkTarget/Executable/cppunittester +0x53a060)
    >  #1 in GlyphCache::InvalidateAllGlyphs() at vcl/unx/generic/glyphs/glyphcache.cxx:57:9 (instdir/program/libvcllo.so +0x68e6c7c)
    >  #2 in GlyphCache::~GlyphCache() at vcl/unx/generic/glyphs/glyphcache.cxx:47:5 (instdir/program/libvcllo.so +0x68e664c)
    >  #3 in GlyphCache::~GlyphCache() at vcl/unx/generic/glyphs/glyphcache.cxx:46:1 (instdir/program/libvcllo.so +0x68e6fde)
    >  #4 in std::default_delete<GlyphCache>::operator()(GlyphCache*) const at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:81:2 (instdir/program/libvcllo.so +0x68679d9)
    >  #5 in std::unique_ptr<GlyphCache, std::default_delete<GlyphCache> >::~unique_ptr() at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:274:4 (instdir/program/libvcllo.so +0x6867739)
    >  #6 in std::unique_ptr<GlyphCache, std::default_delete<GlyphCache> >::~unique_ptr() at /usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:271:7 (instdir/program/libvcllo.so +0x68675ce)
    >  #7 in (anonymous namespace)::GlyphCacheHolder::~GlyphCacheHolder() at vcl/headless/svpglyphcache.cxx:33:12 (instdir/program/libvcllo.so +0x686667e)
    >  #8 in __run_exit_handlers at /usr/src/debug/glibc-2.27-56-g50df56ca86/stdlib/exit.c:108:8 (/lib64/libc.so.6 +0x3966b)
    >
    > previously allocated by thread T0 here:
    >  #0 in operator new(unsigned long) at /data/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_new_delete.cc:93:3 (workdir/LinkTarget/Executable/cppunittester +0x538c20)
    >  #1 in FreetypeManager::CreateFont(FontSelectPattern const&) at vcl/unx/generic/glyphs/freetype_glyphcache.cxx:351:12 (instdir/program/libvcllo.so +0x68a7b34)
    >  #2 in GlyphCache::CacheFont(FontSelectPattern const&) at vcl/unx/generic/glyphs/glyphcache.cxx:194:29 (instdir/program/libvcllo.so +0x68eb345)
    >  #3 in CairoTextRender::setFont(FontSelectPattern const*, int) at vcl/unx/generic/gdi/cairotextrender.cxx:104:61 (instdir/program/libvcllo.so +0x686889e)
    >  #4 in CairoTextRender::SetFont(FontSelectPattern const*, int) at vcl/unx/generic/gdi/cairotextrender.cxx:355:5 (instdir/program/libvcllo.so +0x686db63)
    >  #5 in SvpSalGraphics::SetFont(FontSelectPattern const*, int) at vcl/headless/svptext.cxx:30:23 (instdir/program/libvcllo.so +0x6863c53)
    >  #6 in OutputDevice::getFallbackFont(FontSelectPattern&, int, ImplLayoutArgs&) const at vcl/source/outdev/font.cxx:1297:17 (instdir/program/libvcllo.so +0x4ae1a8d)
    >  #7 in OutputDevice::ImplGlyphFallbackLayout(std::unique_ptr<SalLayout, std::default_delete<SalLayout> >, ImplLayoutArgs&) const at vcl/source/outdev/font.cxx:1373:48 (instdir/program/libvcllo.so +0x4ae3854)
    >  #8 in OutputDevice::ImplLayout(rtl::OUString const&, int, int, Point const&, long, long const*, SalLayoutFlags, vcl::TextLayoutCache const*) const at vcl/source/outdev/text.cxx:1363:22 (instdir/program/libvcllo.so +0x4b32af9)
    >  #9 in OutputDevice::GetTextBreak(rtl::OUString const&, long, int, int, long, vcl::TextLayoutCache const*) const at vcl/source/outdev/text.cxx:1417:45 (instdir/program/libvcllo.so +0x4b3e4a0)
    
    Change-Id: I2fe5d7cdef010c268f89385ec147585816d605a6
    Reviewed-on: https://gerrit.libreoffice.org/55397
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Stephan Bergmann <sbergman at redhat.com>

diff --git a/vcl/unx/generic/glyphs/glyphcache.cxx b/vcl/unx/generic/glyphs/glyphcache.cxx
index ac2eaf5498e3..cff473c9036c 100644
--- a/vcl/unx/generic/glyphs/glyphcache.cxx
+++ b/vcl/unx/generic/glyphs/glyphcache.cxx
@@ -357,18 +357,11 @@ void FreetypeFontInstance::SetFreetypeFont(FreetypeFont* p)
 {
     if (p == mpFreetypeFont)
         return;
-    if (mpFreetypeFont)
-        mpFreetypeFont->Release();
     mpFreetypeFont = p;
-    if (mpFreetypeFont)
-        mpFreetypeFont->AddRef();
 }
 
 FreetypeFontInstance::~FreetypeFontInstance()
 {
-    // TODO: remove the FreetypeFont here instead of in the GlyphCache
-    if (mpFreetypeFont)
-        mpFreetypeFont->Release();
 }
 
 static hb_blob_t* getFontTable(hb_face_t* /*face*/, hb_tag_t nTableTag, void* pUserData)

More information about the Libreoffice-commits mailing list