ASan heap-use-after-free triggered by new CppunitTest_sw_uiwriter3 test case

Stephan Bergmann sbergman at redhat.com
Thu May 6 09:07:41 UTC 2021 

Since 
<https://git.libreoffice.org/core/+/4ade38b97f8c22061b612bac81f5dcd3cfb83547%5E!/> 
"tdf#141613: sw_uiwriter3: fix unittest" introduced that test case, 
<https://ci.libreoffice.org//job/lo_ubsan/2001/> fails with

> [_RUN_____] testTdf141613::TestBody
> =================================================================
> ==26995==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0002ac460 at pc 0x2b0f164291e9 bp 0x7fff7ed81ee0 sp 0x7fff7ed81ed8
> WRITE of size 8 at 0x60c0002ac460 thread T0
>     #0 0x2b0f164291e8 in SfxListUndoAction::UndoWithContext(SfxUndoContext&) /svl/source/undo/undo.cxx:1321:19
>     #1 0x2b0f164106cd in SfxUndoManager::ImplUndo(SfxUndoContext*) /svl/source/undo/undo.cxx:697:22
>     #2 0x2b0f16411666 in SfxUndoManager::UndoWithContext(SfxUndoContext&) /svl/source/undo/undo.cxx:665:12
>     #3 0x2b0f5329e1eb in sw::UndoManager::impl_DoUndoRedo(sw::UndoManager::UndoOrRedoType) /sw/source/core/undo/docundo.cxx:608:32
>     #4 0x2b0f5329f44b in sw::UndoManager::Undo() /sw/source/core/undo/docundo.cxx:641:16
>     #5 0x2b0f511e817a in SwEditShell::Undo(unsigned short) /sw/source/core/edit/edundo.cxx:131:57
>     #6 0x2b0f56da4728 in SwWrtShell::Do(SwWrtShell::DoType, unsigned short) /sw/source/uibase/wrtsh/wrtundo.cxx:45:26
>     #7 0x2b0f55f10998 in SwBaseShell::ExecUndo(SfxRequest&) /sw/source/uibase/shells/basesh.cxx:559:27
>     #8 0x2b0f55f0eb3f in SfxStubSwBaseShellExecUndo(SfxShell*, SfxRequest&) /workdir/SdiTarget/sw/sdi/swslots.hxx:2193:1
>     #9 0x2b0f35e44a6f in SfxDispatcher::Call_Impl(SfxShell&, SfxSlot const&, SfxRequest&, bool) /sfx2/source/control/dispatch.cxx:253:9
>     #10 0x2b0f35e5aa6f in SfxDispatcher::Execute_(SfxShell&, SfxSlot const&, SfxRequest&, SfxCallMode) /sfx2/source/control/dispatch.cxx:753:9
>     #11 0x2b0f35dd27e7 in SfxBindings::Execute_Impl(SfxRequest&, SfxSlot const*, SfxShell*) /sfx2/source/control/bindings.cxx:1060:22
>     #12 0x2b0f362d0bd2 in SfxDispatchController_Impl::dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) /sfx2/source/control/unoctitm.cxx:758:53
>     #13 0x2b0f362d3455 in SfxOfficeDispatch::dispatchWithNotification(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) /sfx2/source/control/unoctitm.cxx:243:16
>     #14 0x2b0f7f395377 in framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatch> const&, com::sun::star::util::URL const&, bool, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /framework/source/services/dispatchhelper.cxx:159:30
>     #15 0x2b0f7f3942d1 in framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatchProvider> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /framework/source/services/dispatchhelper.cxx:117:16
>     #16 0x2b0f7f395ab7 in non-virtual thunk to framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatchProvider> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /framework/source/services/dispatchhelper.cxx
>     #17 0x2b0f6048146f in unotest::MacrosTest::dispatchCommand(com::sun::star::uno::Reference<com::sun::star::lang::XComponent> const&, rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /unotest/source/cpp/macros_test.cxx:85:22
>     #18 0x2b0f2b6a07f1 in testTdf141613::TestBody() /sw/qa/extras/uiwriter/uiwriter3.cxx:1860:5
>     #19 0x2b0f2b89f1e4 in void std::__invoke_impl<void, void (testTdf141613::*&)(), testTdf141613*&>(std::__invoke_memfun_deref, void (testTdf141613::*&)(), testTdf141613*&) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:73:14
>     #20 0x2b0f2b89edbe in std::__invoke_result<void (testTdf141613::*&)(), testTdf141613*&>::type std::__invoke<void (testTdf141613::*&)(), testTdf141613*&>(void (testTdf141613::*&)(), testTdf141613*&) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:95:14
>     #21 0x2b0f2b89ec12 in void std::_Bind<void (testTdf141613::* (testTdf141613*))()>::__call<void, 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/functional:467:11
>     #22 0x2b0f2b89e872 in void std::_Bind<void (testTdf141613::* (testTdf141613*))()>::operator()<void>() /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/functional:549:17
>     #23 0x2b0f2b89d901 in std::_Function_handler<void (), std::_Bind<void (testTdf141613::* (testTdf141613*))()> >::_M_invoke(std::_Any_data const&) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/std_function.h:316:2
>     #24 0x2b0f2b77aba1 in std::function<void ()>::operator()() const /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/std_function.h:706:14
>     #25 0x2b0f2b89cbe4 in CppUnit::TestCaller<testTdf141613>::runTest() /workdir/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:175:7
>     #26 0x2b0edf89a5ba in CppUnit::TestCaseMethodFunctor::operator()() const /workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32:5
>     #27 0x2b0efa73a937 in (anonymous namespace)::Protector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) /test/source/vclbootstrapprotector.cxx:46:14
>     #28 0x2b0edf86bc47 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const /workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
>     #29 0x2b0eeed52fd7 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) /unotest/source/cpp/unobootstrapprotector/unobootstrapprotector.cxx:78:12
>     #30 0x2b0edf86bc47 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const /workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
>     #31 0x2b0eeb847962 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) /unotest/source/cpp/unoexceptionprotector/unoexceptionprotector.cxx:62:16
>     #32 0x2b0edf86bc47 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const /workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
>     #33 0x2b0edf802f84 in CppUnit::DefaultProtector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) /workdir/UnpackedTarball/cppunit/src/cppunit/DefaultProtector.cpp:15:12
>     #34 0x2b0edf86bc47 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const /workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
>     #35 0x2b0edf865697 in CppUnit::ProtectorChain::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) /workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:86:18
>     #36 0x2b0edf904a79 in CppUnit::TestResult::protect(CppUnit::Functor const&, CppUnit::Test*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:182:28
>     #37 0x2b0edf898c21 in CppUnit::TestCase::run(CppUnit::TestResult*) /workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:91:13
>     #38 0x2b0edf89ca52 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) /workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
>     #39 0x2b0edf89bc4a in CppUnit::TestComposite::run(CppUnit::TestResult*) /workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
>     #40 0x2b0edf89ca52 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) /workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
>     #41 0x2b0edf89bc4a in CppUnit::TestComposite::run(CppUnit::TestResult*) /workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
>     #42 0x2b0edf93260e in CppUnit::TestRunner::WrappingSuite::run(CppUnit::TestResult*) /workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:47:27
>     #43 0x2b0edf9034de in CppUnit::TestResult::runTest(CppUnit::Test*) /workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:149:9
>     #44 0x2b0edf93356b in CppUnit::TestRunner::run(CppUnit::TestResult&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:96:14
>     #45 0x4ff42e in (anonymous namespace)::ProtectedFixtureFunctor::run() const /sal/cppunittester/cppunittester.cxx:324:20
>     #46 0x4fb90c in sal_main() /sal/cppunittester/cppunittester.cxx:474:20
>     #47 0x4fa40e in main /sal/cppunittester/cppunittester.cxx:381:1
>     #48 0x2b0ee157a554 in __libc_start_main (/lib64/libc.so.6+0x22554)
>     #49 0x425e04 in _start (/workdir/LinkTarget/Executable/cppunittester+0x425e04)
> 
> 0x60c0002ac460 is located 96 bytes inside of 120-byte region [0x60c0002ac400,0x60c0002ac478)
> freed by thread T0 here:
>     #0 0x4f75f0 in operator delete(void*) /home/tdf/lode/packages/llvm-llvmorg-9.0.1.src/compiler-rt/lib/asan/asan_new_delete.cc:160
>     #1 0x2b0f16428760 in SfxListUndoAction::~SfxListUndoAction() /svl/source/undo/undo.cxx:1306:1
>     #2 0x2b0f1645b5d1 in std::default_delete<SfxUndoAction>::operator()(SfxUndoAction*) const /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:78:2
>     #3 0x2b0f1643b153 in std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >::~unique_ptr() /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:268:4
>     #4 0x2b0f1644b34c in void std::_Destroy<std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> > >(std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >*) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_construct.h:98:19
>     #5 0x2b0f1644b296 in void std::_Destroy_aux<false>::__destroy<std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >*>(std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >*, std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >*) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_construct.h:108:6
>     #6 0x2b0f1644b214 in void std::_Destroy<std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >*>(std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >*, std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >*) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_construct.h:136:7
>     #7 0x2b0f1644af58 in void std::_Destroy<std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >*, std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> > >(std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >*, std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >*, std::allocator<std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> > >&) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_construct.h:206:7
>     #8 0x2b0f16474dd3 in std::__cxx1998::vector<std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >, std::allocator<std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> > > >::_M_erase_at_end(std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >*) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_vector.h:1513:2
>     #9 0x2b0f16474c70 in std::__cxx1998::vector<std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >, std::allocator<std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> > > >::clear() /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_vector.h:1248:9
>     #10 0x2b0f1643ca24 in std::__debug::vector<std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> >, std::allocator<std::unique_ptr<SfxUndoAction, std::default_delete<SfxUndoAction> > > >::clear() /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/debug/vector:699:9
>     #11 0x2b0f163f5ac6 in svl::undo::impl::UndoManagerGuard::~UndoManagerGuard() /svl/source/undo/undo.cxx:326:31
>     #12 0x2b0f163fe0eb in SfxUndoManager::ImplClearRedo_NoLock(bool) /svl/source/undo/undo.cxx:466:1
>     #13 0x2b0f53295434 in sw::UndoManager::ClearRedo() /sw/source/core/undo/docundo.cxx:252:28
>     #14 0x2b0f4f8d2266 in SwDoc::ChgPageDesc(unsigned long, SwPageDesc const&) /sw/source/core/doc/docdesc.cxx:508:36
>     #15 0x2b0f4f8eb8ab in SwDoc::ChgPageDesc(rtl::OUString const&, SwPageDesc const&) /sw/source/core/doc/docdesc.cxx:980:9
>     #16 0x2b0f5328aac6 in SwUndoPageDesc::UndoImpl(sw::UndoRedoContext&) /sw/source/core/undo/SwUndoPageDesc.cxx:225:13
>     #17 0x2b0f533a4261 in SwUndo::UndoWithContext(SfxUndoContext&) /sw/source/core/undo/undobj.cxx:235:5
>     #18 0x2b0f164290f2 in SfxListUndoAction::UndoWithContext(SfxUndoContext&) /svl/source/undo/undo.cxx:1320:37
>     #19 0x2b0f164106cd in SfxUndoManager::ImplUndo(SfxUndoContext*) /svl/source/undo/undo.cxx:697:22
>     #20 0x2b0f16411666 in SfxUndoManager::UndoWithContext(SfxUndoContext&) /svl/source/undo/undo.cxx:665:12
>     #21 0x2b0f5329e1eb in sw::UndoManager::impl_DoUndoRedo(sw::UndoManager::UndoOrRedoType) /sw/source/core/undo/docundo.cxx:608:32
>     #22 0x2b0f5329f44b in sw::UndoManager::Undo() /sw/source/core/undo/docundo.cxx:641:16
>     #23 0x2b0f511e817a in SwEditShell::Undo(unsigned short) /sw/source/core/edit/edundo.cxx:131:57
>     #24 0x2b0f56da4728 in SwWrtShell::Do(SwWrtShell::DoType, unsigned short) /sw/source/uibase/wrtsh/wrtundo.cxx:45:26
>     #25 0x2b0f55f10998 in SwBaseShell::ExecUndo(SfxRequest&) /sw/source/uibase/shells/basesh.cxx:559:27
>     #26 0x2b0f55f0eb3f in SfxStubSwBaseShellExecUndo(SfxShell*, SfxRequest&) /workdir/SdiTarget/sw/sdi/swslots.hxx:2193:1
>     #27 0x2b0f35e44a6f in SfxDispatcher::Call_Impl(SfxShell&, SfxSlot const&, SfxRequest&, bool) /sfx2/source/control/dispatch.cxx:253:9
>     #28 0x2b0f35e5aa6f in SfxDispatcher::Execute_(SfxShell&, SfxSlot const&, SfxRequest&, SfxCallMode) /sfx2/source/control/dispatch.cxx:753:9
>     #29 0x2b0f35dd27e7 in SfxBindings::Execute_Impl(SfxRequest&, SfxSlot const*, SfxShell*) /sfx2/source/control/bindings.cxx:1060:22
> 
> previously allocated by thread T0 here:
>     #0 0x4f6bf8 in operator new(unsigned long) /home/tdf/lode/packages/llvm-llvmorg-9.0.1.src/compiler-rt/lib/asan/asan_new_delete.cc:99
>     #1 0x2b0f1641af93 in SfxUndoManager::EnterListAction(rtl::OUString const&, rtl::OUString const&, unsigned short, o3tl::strong_int<int, ViewShellIdTag>) /svl/source/undo/undo.cxx:917:34
>     #2 0x2b0f53296455 in sw::UndoManager::StartUndo(SwUndoId, SwRewriter const*) /sw/source/core/undo/docundo.cxx:291:21
>     #3 0x2b0f511f2d0e in SwEditShell::StartUndo(SwUndoId, SwRewriter const*) /sw/source/core/edit/edws.cxx:225:43
>     #4 0x2b0f56d6853f in SwWrtShell::ChangeHeaderOrFooter(std::basic_string_view<char16_t, std::char_traits<char16_t> >, bool, bool, bool) /sw/source/uibase/wrtsh/wrtsh1.cxx:1819:5
>     #5 0x2b0f56195ac7 in SwTextShell::Execute(SfxRequest&) /sw/source/uibase/shells/textsh1.cxx:1308:16
>     #6 0x2b0f5614626f in SfxStubSwTextShellExecute(SfxShell*, SfxRequest&) /workdir/SdiTarget/sw/sdi/swslots.hxx:3099:1
>     #7 0x2b0f35e44a6f in SfxDispatcher::Call_Impl(SfxShell&, SfxSlot const&, SfxRequest&, bool) /sfx2/source/control/dispatch.cxx:253:9
>     #8 0x2b0f35e5aa6f in SfxDispatcher::Execute_(SfxShell&, SfxSlot const&, SfxRequest&, SfxCallMode) /sfx2/source/control/dispatch.cxx:753:9
>     #9 0x2b0f35e5b9b6 in SfxDispatcher::Execute(unsigned short, SfxCallMode, SfxItemSet const*, SfxItemSet const*, unsigned short) /sfx2/source/control/dispatch.cxx:811:9
>     #10 0x2b0f362d0086 in SfxDispatchController_Impl::dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) /sfx2/source/control/unoctitm.cxx:738:46
>     #11 0x2b0f362d3455 in SfxOfficeDispatch::dispatchWithNotification(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) /sfx2/source/control/unoctitm.cxx:243:16
>     #12 0x2b0f7f395377 in framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatch> const&, com::sun::star::util::URL const&, bool, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /framework/source/services/dispatchhelper.cxx:159:30
>     #13 0x2b0f7f3942d1 in framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatchProvider> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /framework/source/services/dispatchhelper.cxx:117:16
>     #14 0x2b0f7f395ab7 in non-virtual thunk to framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatchProvider> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /framework/source/services/dispatchhelper.cxx
>     #15 0x2b0f6048146f in unotest::MacrosTest::dispatchCommand(com::sun::star::uno::Reference<com::sun::star::lang::XComponent> const&, rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) /unotest/source/cpp/macros_test.cxx:85:22
>     #16 0x2b0f2b69fb2a in testTdf141613::TestBody() /sw/qa/extras/uiwriter/uiwriter3.cxx:1851:5
>     #17 0x2b0f2b89f1e4 in void std::__invoke_impl<void, void (testTdf141613::*&)(), testTdf141613*&>(std::__invoke_memfun_deref, void (testTdf141613::*&)(), testTdf141613*&) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:73:14
>     #18 0x2b0f2b89edbe in std::__invoke_result<void (testTdf141613::*&)(), testTdf141613*&>::type std::__invoke<void (testTdf141613::*&)(), testTdf141613*&>(void (testTdf141613::*&)(), testTdf141613*&) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:95:14
>     #19 0x2b0f2b89ec12 in void std::_Bind<void (testTdf141613::* (testTdf141613*))()>::__call<void, 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/functional:467:11
>     #20 0x2b0f2b89e872 in void std::_Bind<void (testTdf141613::* (testTdf141613*))()>::operator()<void>() /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/functional:549:17
>     #21 0x2b0f2b89d901 in std::_Function_handler<void (), std::_Bind<void (testTdf141613::* (testTdf141613*))()> >::_M_invoke(std::_Any_data const&) /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/std_function.h:316:2
>     #22 0x2b0f2b77aba1 in std::function<void ()>::operator()() const /home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/std_function.h:706:14
>     #23 0x2b0f2b89cbe4 in CppUnit::TestCaller<testTdf141613>::runTest() /workdir/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:175:7
>     #24 0x2b0edf89a5ba in CppUnit::TestCaseMethodFunctor::operator()() const /workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32:5
>     #25 0x2b0efa73a937 in (anonymous namespace)::Protector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) /test/source/vclbootstrapprotector.cxx:46:14
>     #26 0x2b0edf86bc47 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const /workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
>     #27 0x2b0eeed52fd7 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) /unotest/source/cpp/unobootstrapprotector/unobootstrapprotector.cxx:78:12
>     #28 0x2b0edf86bc47 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const /workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
>     #29 0x2b0eeb847962 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) /unotest/source/cpp/unoexceptionprotector/unoexceptionprotector.cxx:62:16
> 
> SUMMARY: AddressSanitizer: heap-use-after-free /svl/source/undo/undo.cxx:1321:19 in SfxListUndoAction::UndoWithContext(SfxUndoContext&)
> Shadow bytes around the buggy address:
>   0x0c188004d830: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
>   0x0c188004d840: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
>   0x0c188004d850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c188004d860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c188004d870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> =>0x0c188004d880: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fa
>   0x0c188004d890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c188004d8a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c188004d8b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c188004d8c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c188004d8d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
>   Addressable:           00
>   Partially addressable: 01 02 03 04 05 06 07 
>   Heap left redzone:       fa
>   Freed heap region:       fd
>   Stack left redzone:      f1
>   Stack mid redzone:       f2
>   Stack right redzone:     f3
>   Stack after return:      f5
>   Stack use after scope:   f8
>   Global redzone:          f9
>   Global init order:       f6
>   Poisoned by user:        f7
>   Container overflow:      fc
>   Array cookie:            ac
>   Intra object redzone:    bb
>   ASan internal:           fe
>   Left alloca redzone:     ca
>   Right alloca redzone:    cb
>   Shadow gap:              cc
> ==26995==ABORTING
> 
> Error: a unit test failed, please do one of:
> 
> make CppunitTest_sw_uiwriter3 CPPUNITTRACE="gdb --args"
>     # for interactive debugging on Linux
> make CppunitTest_sw_uiwriter3 VALGRIND=memcheck
>     # for memory checking
> make CppunitTest_sw_uiwriter3 DEBUGCPPUNIT=TRUE
>     # for exception catching
> 
> You can limit the execution to just one particular test by:
> 
> make CPPUNIT_TEST_NAME="testXYZ" ...above mentioned params...
> 
> /home/tdf/lode/jenkins/workspace/lo_ubsan/solenv/gbuild/CppunitTest.mk:123: recipe for target '/home/tdf/lode/jenkins/workspace/lo_ubsan/workdir/CppunitTest/sw_uiwriter3.test' failed
> make[1]: *** [/home/tdf/lode/jenkins/workspace/lo_ubsan/workdir/CppunitTest/sw_uiwriter3.test] Error 1

More information about the LibreOffice mailing list