[Libreoffice-commits] online.git: wsd/DocumentBroker.cpp wsd/DocumentBroker.hpp

[Libreoffice Gerrit user]

 wsd/DocumentBroker.cpp |    3 +++
 wsd/DocumentBroker.hpp |    1 +
 2 files changed, 4 insertions(+)

New commits:
commit 1a41e368add6d95ecd866cba1f2262fdfb329fe5
Author:     Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Fri May 24 09:04:07 2019 +0200
Commit:     Miklos Vajna <vmiklos at collabora.com>
CommitDate: Fri May 24 09:04:16 2019 +0200

    wsd: avoid UB in DocumentBroker::cancelTileRequests()
    
    With this, it's possible to open a document and type keys with
    sanitizers enabled.
    
    /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:323:9: runtime error: reference binding to null pointer of type 'TileCache'
        #0 0x911996 in std::unique_ptr<TileCache, std::default_delete<TileCache> >::operator*() const /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:323:2
        #1 0x8ecb2a in DocumentBroker::tileCache() /home/vmiklos/lode/dev/online/./wsd/DocumentBroker.hpp:265:37
        #2 0x8c6a63 in DocumentBroker::cancelTileRequests(std::shared_ptr<ClientSession> const&) /home/vmiklos/lode/dev/online/wsd/DocumentBroker.cpp:1586:37
        #3 0xb32b0e in ClientSession::_handleInput(char const*, int) /home/vmiklos/lode/dev/online/wsd/ClientSession.cpp:194:20
        #4 0xd45d3c in Session::handleMessage(bool, WSOpCode, std::vector<char, std::allocator<char> >&) /home/vmiklos/lode/dev/online/common/Session.cpp:219:13
        #5 0x768080 in WebSocketHandler::handleTCPStream(std::shared_ptr<StreamSocket> const&) /home/vmiklos/lode/dev/online/./net/WebSocketHandler.hpp:368:13
        #6 0x6f800d in WebSocketHandler::handleIncomingMessage(SocketDisposition&) /home/vmiklos/lode/dev/online/./net/WebSocketHandler.hpp:419:20
        #7 0xb2c644 in ClientSession::handleIncomingMessage(SocketDisposition&) /home/vmiklos/lode/dev/online/wsd/ClientSession.cpp:74:14
        #8 0xa6f641 in StreamSocket::handlePoll(SocketDisposition&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >, int) /home/vmiklos/lode/dev/online/./net/Socket.hpp:1037:29
        #9 0x6ec63d in SocketPoll::poll(int) /home/vmiklos/lode/dev/online/./net/Socket.hpp:570:34
        #10 0x83af99 in DocumentBroker::pollThread() /home/vmiklos/lode/dev/online/wsd/DocumentBroker.cpp:387:16
        #11 0x8fc778 in DocumentBroker::DocumentBrokerPoll::pollingThread() /home/vmiklos/lode/dev/online/wsd/DocumentBroker.cpp:165:20
        #12 0xdff935 in SocketPoll::pollingThreadEntry() /home/vmiklos/lode/dev/online/net/Socket.cpp:184:9
        #13 0xe487bd in void std::__invoke_impl<void, void (SocketPoll::*)(), SocketPoll*>(std::__invoke_memfun_deref, void (SocketPoll::*&&)(), SocketPoll*&&) /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:73:14
        #14 0xe482ca in std::__invoke_result<void (SocketPoll::*)(), SocketPoll*>::type std::__invoke<void (SocketPoll::*)(), SocketPoll*>(void (SocketPoll::*&&)(), SocketPoll*&&) /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:95:14
        #15 0xe4817d in decltype(std::__invoke(_S_declval<0ul>(), _S_declval<1ul>())) std::thread::_Invoker<std::tuple<void (SocketPoll::*)(), SocketPoll*> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/thread:234:13
        #16 0xe47f87 in std::thread::_Invoker<std::tuple<void (SocketPoll::*)(), SocketPoll*> >::operator()() /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/thread:243:11
        #17 0xe4734a in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (SocketPoll::*)(), SocketPoll*> > >::_M_run() /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/thread:186:13
        #18 0x7f5c2ce55e2e in execute_native_thread_routine /home/vmiklos/lode/packages/gccbuild/x86_64-pc-linux-gnu/libstdc++-v3/src/c++11/../../../../../gcc-7.3.0/libstdc++-v3/src/c++11/thread.cc:83
        #19 0x7f5c2c832558 in start_thread (/lib64/libpthread.so.0+0x7558)
        #20 0x7f5c2bf4682e in clone (/lib64/libc.so.6+0xf882e)
    
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:323:9 in
    
    Change-Id: Ief574a11c838c77f7f159b1133beeef0deada201

diff --git a/wsd/DocumentBroker.cpp b/wsd/DocumentBroker.cpp
index 30f0619c6..51ca64927 100644
--- a/wsd/DocumentBroker.cpp
+++ b/wsd/DocumentBroker.cpp
@@ -1588,6 +1588,9 @@ void DocumentBroker::cancelTileRequests(const std::shared_ptr<ClientSession>& se
 
     session->resetWireIdMap();
 
+    if (!hasTileCache())
+        return;
+
     const std::string canceltiles = tileCache().cancelTiles(session);
     if (!canceltiles.empty())
     {
diff --git a/wsd/DocumentBroker.hpp b/wsd/DocumentBroker.hpp
index c56ced733..1923d3b93 100644
--- a/wsd/DocumentBroker.hpp
+++ b/wsd/DocumentBroker.hpp
@@ -263,6 +263,7 @@ public:
     const std::string& getDocKey() const { return _docKey; }
     const std::string& getFilename() const { return _filename; };
     TileCache& tileCache() { return *_tileCache; }
+    bool hasTileCache() { return _tileCache != nullptr; }
     bool isAlive() const;
 
     /// Are we running in either shutdown, or the polling thread.