[Libreoffice-commits] core.git: include/vcl vcl/source
Stephan Bergmann (via logerrit)
logerrit at kemper.freedesktop.org
Thu Oct 3 17:58:18 UTC 2019
include/vcl/transfer.hxx | 2 ++
vcl/source/treelist/transfer.cxx | 14 +++++++++++++-
2 files changed, 15 insertions(+), 1 deletion(-)
New commits:
commit dfe5ca213443415cbbcbe8968a4a872cc003c5be
Author: Stephan Bergmann <sbergman at redhat.com>
AuthorDate: Thu Oct 3 17:30:01 2019 +0200
Commit: Stephan Bergmann <sbergman at redhat.com>
CommitDate: Thu Oct 3 19:56:48 2019 +0200
Make sure TerminateListener doesn't outlive TransferableHelper
With <https://gerrit.libreoffice.org/#/c/80147/> "Propagate soffice process
failure from OfficeConnection's tearDown" included, UITest_calc_tests2 would
start to fail with
> ==1492559==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110009d26a8 at pc 0x7f38d09d1eda bp 0x7f3814e617f0 sp 0x7f3814e617e8
> READ of size 8 at 0x6110009d26a8 thread T44 (cppu_threadpool)
> #0 in com::sun::star::uno::BaseReference::is() const at include/com/sun/star/uno/Reference.h:94:27
> #1 in TransferableHelper::ImplFlush() at vcl/source/treelist/transfer.cxx:518:22
> #2 in TransferableHelper::TerminateListener::notifyTermination(com::sun::star::lang::EventObject const&) at vcl/source/treelist/transfer.cxx:254:14
> #3 in framework::Desktop::impl_sendTerminateToClipboard() at framework/source/services/desktop.cxx:1655:24
> #4 in framework::Desktop::terminate() at framework/source/services/desktop.cxx:332:13
> #5 in gcc3::callVirtualMethod(void*, unsigned int, void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int, unsigned long*, double*) at bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx:77:5
> #6 in cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*, bridges::cpp_uno::shared::VtableSlot, _typelib_TypeDescriptionReference*, int, _typelib_MethodParameter*, void*, void**, _uno_Any**) at bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:233:13
> #7 in unoInterfaceProxyDispatch at bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:413:13
> #8 in binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny*, std::__debug::vector<binaryurp::BinaryAny, std::allocator<binaryurp::BinaryAny> >*) const at binaryurp/source/incomingrequest.cxx:236:13
> #9 in binaryurp::IncomingRequest::execute() const at binaryurp/source/incomingrequest.cxx:79:26
> #10 in request at binaryurp/source/reader.cxx:85:9
> #11 in cppu_threadpool::JobQueue::enter(long, bool) at cppu/source/threadpool/jobqueue.cxx:107:17
> #12 in cppu_threadpool::ORequestThread::run() at cppu/source/threadpool/thread.cxx:165:31
> 0x6110009d26a8 is located 104 bytes inside of 216-byte region [0x6110009d2640,0x6110009d2718)
> freed by thread T0 here:
> #0 in free at /home/sbergman/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:123:3
> #1 in rtl_freeMemory at sal/rtl/alloc_global.cxx:51:5
> #2 in cppu::OWeakObject::operator delete(void*) at include/cppuhelper/weak.hxx:87:11
> #3 in ScSelectionTransferObj::~ScSelectionTransferObj() at sc/source/ui/app/seltrans.cxx:149:1
> #4 in cppu::OWeakObject::release() at cppuhelper/source/weak.cxx:233:9
> #5 in cppu::WeakImplHelper<com::sun::star::datatransfer::XTransferable2, com::sun::star::datatransfer::clipboard::XClipboardOwner, com::sun::star::datatransfer::dnd::XDragSourceListener, com::sun::star::lang::XUnoTunnel>::release() at include/cppuhelper/implbase.hxx:115:62
> #6 in com::sun::star::uno::Reference<com::sun::star::datatransfer::XTransferable>::~Reference() at include/com/sun/star/uno/Reference.hxx:110:22
> #7 in vcl::GenericClipboard::~GenericClipboard() at vcl/source/components/dtranscomp.cxx:49:7
> #8 in cppu::OWeakObject::release() at cppuhelper/source/weak.cxx:233:9
> #9 in cppu::WeakComponentImplHelperBase::release() at cppuhelper/source/implbase.cxx:84:22
> #10 in cppu::PartialWeakComponentImplHelper<com::sun::star::datatransfer::clipboard::XSystemClipboard, com::sun::star::lang::XServiceInfo>::release() at include/cppuhelper/compbase.hxx:86:36
> #11 in com::sun::star::uno::Reference<com::sun::star::datatransfer::clipboard::XClipboard>::~Reference() at include/com/sun/star/uno/Reference.hxx:110:22
> #12 in ImplFrameData::~ImplFrameData() at vcl/inc/window.h:126:8
> #13 in vcl::Window::dispose() at vcl/source/window/window.cxx:550:9
> #14 in ImplBorderWindow::dispose() at vcl/source/window/brdwin.cxx:1664:18
> #15 in VclReferenceBase::disposeOnce() at vcl/source/outdev/vclreferencebase.cxx:38:5
> #16 in VclPtr<vcl::Window>::disposeAndClear() at include/vcl/vclptr.hxx:206:19
> #17 in vcl::Window::dispose() at vcl/source/window/window.cxx:517:34
> #18 in SystemWindow::dispose() at vcl/source/window/syswin.cxx:108:13
> #19 in WorkWindow::dispose() at vcl/source/window/wrkwin.cxx:128:19
> #20 in VclReferenceBase::disposeOnce() at vcl/source/outdev/vclreferencebase.cxx:38:5
> #21 in VclPtr<OutputDevice>::disposeAndClear() at include/vcl/vclptr.hxx:206:19
> #22 in VCLXWindow::dispose() at toolkit/source/awt/vclxwindow.cxx:939:21
> #23 in (anonymous namespace)::XFrameImpl::disposing() at framework/source/services/frame.cxx:2183:18
> #24 in cppu::WeakComponentImplHelperBase::dispose() at cppuhelper/source/implbase.cxx:102:17
> #25 in cppu::PartialWeakComponentImplHelper<com::sun::star::lang::XServiceInfo, com::sun::star::frame::XFrame2, com::sun::star::awt::XWindowListener, com::sun::star::awt::XTopWindowListener, com::sun::star::awt::XFocusListener, com::sun::star::document::XActionLockable, com::sun::star::util::XCloseable, com::sun::star::frame::XComponentLoader, com::sun::star::frame::XTitle, com::sun::star::frame::XTitleChangeBroadcaster, com::sun::star::beans::XPropertySet, com::sun::star::beans::XPropertySetInfo>::dispose() at include/cppuhelper/compbase.hxx:90:36
> #26 in (anonymous namespace)::XFrameImpl::close(unsigned char) at framework/source/services/frame.cxx:1728:5
> #27 in framework::pattern::frame::closeIt(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const&) at framework/source/inc/pattern/frame.hxx:62:21
> #28 in framework::CloseDispatcher::implts_closeFrame() at framework/source/dispatch/closedispatcher.cxx:492:10
> #29 in framework::CloseDispatcher::impl_asyncCallback(LinkParamNone*) at framework/source/dispatch/closedispatcher.cxx:371:20
> #30 in framework::CloseDispatcher::LinkStubimpl_asyncCallback(void*, LinkParamNone*) at framework/source/dispatch/closedispatcher.cxx:246:1
> #31 in Link<LinkParamNone*, void>::Call(LinkParamNone*) const at include/tools/link.hxx:112:45
> #32 in vcl::EventPoster::DoEvent_Impl(void*) at vcl/source/helper/evntpost.cxx:52:13
> #33 in vcl::EventPoster::LinkStubDoEvent_Impl(void*, void*) at vcl/source/helper/evntpost.cxx:48:1
> #34 in Link<void*, void>::Call(void*) const at include/tools/link.hxx:112:45
> #35 in ImplHandleUserEvent(ImplSVEvent*) at vcl/source/window/winproc.cxx:1960:30
> #36 in ImplWindowFrameProc(vcl::Window*, SalEvent, void const*) at vcl/source/window/winproc.cxx:2513:13
> #37 in SalFrame::CallCallback(SalEvent, void const*) const at vcl/inc/salframe.hxx:299:29
> #38 in SvpSalInstance::ProcessEvent(SalUserEventList::SalUserEvent) at vcl/headless/svpinst.cxx:283:22
> #39 in non-virtual thunk to SvpSalInstance::ProcessEvent(SalUserEventList::SalUserEvent) at vcl/headless/svpinst.cxx
> #40 in SalUserEventList::DispatchUserEvents(bool) at vcl/source/app/salusereventlist.cxx:108:17
> #41 in SvpSalInstance::DoYield(bool, bool) at vcl/headless/svpinst.cxx:428:19
> #42 in ImplYield(bool, bool) at vcl/source/app/svapp.cxx:446:48
> #43 in Application::Yield() at vcl/source/app/svapp.cxx:510:5
> #44 in Application::Execute() at vcl/source/app/svapp.cxx:427:9
> #45 in desktop::Desktop::Main() at desktop/source/app/app.cxx:1620:17
> #46 in ImplSVMain() at vcl/source/app/svmain.cxx:190:35
Not sure if there is a better fix that would guarantee that mxTerminateListener
can never be non-null in ~TransferableHelper. (It is cleared in
TransferableHelper::lostOwnership, so maybe a call to that is missing somewhere,
or there is a race here?)
Change-Id: I6d190b9565a352c1d454fd66ba598bf1b9e8d875
Reviewed-on: https://gerrit.libreoffice.org/80149
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
diff --git a/include/vcl/transfer.hxx b/include/vcl/transfer.hxx
index 8d5e47548592..646b85fb61a2 100644
--- a/include/vcl/transfer.hxx
+++ b/include/vcl/transfer.hxx
@@ -171,6 +171,8 @@ private:
std::unique_ptr<TransferableObjectDescriptor> mxObjDesc;
protected:
+ ~TransferableHelper();
+
const css::uno::Reference< css::datatransfer::clipboard::XClipboard >&
getOwnClipboard() const { return mxClipboard; }
diff --git a/vcl/source/treelist/transfer.cxx b/vcl/source/treelist/transfer.cxx
index 4415dc6fcf01..2afa7d4950a1 100644
--- a/vcl/source/treelist/transfer.cxx
+++ b/vcl/source/treelist/transfer.cxx
@@ -64,7 +64,7 @@
#include <vcl/pngwrite.hxx>
#include <vcl/graphicfilter.hxx>
#include <memory>
-
+#include <utility>
using namespace ::com::sun::star::uno;
using namespace ::com::sun::star::lang;
@@ -269,6 +269,18 @@ css::uno::Sequence<OUString> TransferableHelper::TerminateListener::getSupported
return css::uno::Sequence<OUString>();
}
+TransferableHelper::~TransferableHelper()
+{
+ css::uno::Reference<css::frame::XTerminateListener> listener;
+ {
+ const SolarMutexGuard aGuard;
+ std::swap(listener, mxTerminateListener);
+ }
+ if (listener.is()) {
+ Desktop::create(comphelper::getProcessComponentContext())->removeTerminateListener(
+ listener);
+ }
+}
Any SAL_CALL TransferableHelper::getTransferData( const DataFlavor& rFlavor )
{
More information about the Libreoffice-commits
mailing list