heap-use-after-free in SwFootnoteBossFrame::GetMaxFootnoteHeight
Stephan Bergmann
sbergman at redhat.com
Wed Mar 2 14:06:45 UTC 2022
`make CppunitTest_sw_layoutwriter
CPPUNIT_TEST_NAME=testN4LA0OHZ::TestBody` introduced in
<https://git.libreoffice.org/core/+/ee2a192923bf709d05c174848e7054cd411b205a%5E!/>
"protect frame from triggering deleting itself" exposed a pre-existing
issue (cf. <https://ci.libreoffice.org/job/lo_ubsan/2317/>, which
stopped at a preceding UBSan symptom before getting to reporting the
underlying ASan issue) I have no idea how to solve:
> ==500390==ERROR: AddressSanitizer: heap-use-after-free on address 0x613000737e18 at pc 0x7fd27da3eee0 bp 0x7fffdb2990f0 sp 0x7fffdb2990e8
> READ of size 8 at 0x613000737e18 thread T0
> #0 in SwFootnoteBossFrame::GetMaxFootnoteHeight() const at sw/source/core/inc/ftnboss.hxx:97:51
> #1 in SwSaveFootnoteHeight::~SwSaveFootnoteHeight() at sw/source/core/layout/ftnfrm.cxx:2887:31
> #2 in SwTextFrame::CalcFollow(o3tl::strong_int<int, Tag_TextFrameIndex>) at sw/source/core/text/frmform.cxx:335:5
> #3 in SwTextFrame::AdjustFollow_(SwTextFormatter&, o3tl::strong_int<int, Tag_TextFrameIndex>, o3tl::strong_int<int, Tag_TextFrameIndex>, unsigned char) at sw/source/core/text/frmform.cxx:611:14
> #4 in SwTextFrame::FormatAdjust(SwTextFormatter&, WidowsAndOrphans&, o3tl::strong_int<int, Tag_TextFrameIndex>, bool) at sw/source/core/text/frmform.cxx:1189:9
> #5 in SwTextFrame::Format_(SwTextFormatter&, SwTextFormatInfo&, bool) at sw/source/core/text/frmform.cxx:1636:9
> #6 in SwTextFrame::Format_(OutputDevice*, SwParaPortion*) at sw/source/core/text/frmform.cxx:1743:5
> #7 in SwTextFrame::Format(OutputDevice*, SwBorderAttrs const*) at sw/source/core/text/frmform.cxx:1932:17
> #8 in SwContentFrame::MakeAll(OutputDevice*) at sw/source/core/layout/calcmove.cxx:1514:17
> #9 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:286:21
> #10 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #11 in SwTextFrame::CalcFollow(o3tl::strong_int<int, Tag_TextFrameIndex>) at sw/source/core/text/frmform.cxx:281:32
> #12 in SwTextFrame::AdjustFollow_(SwTextFormatter&, o3tl::strong_int<int, Tag_TextFrameIndex>, o3tl::strong_int<int, Tag_TextFrameIndex>, unsigned char) at sw/source/core/text/frmform.cxx:611:14
> #13 in SwTextFrame::FormatAdjust(SwTextFormatter&, WidowsAndOrphans&, o3tl::strong_int<int, Tag_TextFrameIndex>, bool) at sw/source/core/text/frmform.cxx:1189:9
> #14 in SwTextFrame::Format_(SwTextFormatter&, SwTextFormatInfo&, bool) at sw/source/core/text/frmform.cxx:1636:9
> #15 in SwTextFrame::Format_(OutputDevice*, SwParaPortion*) at sw/source/core/text/frmform.cxx:1743:5
> #16 in SwTextFrame::Format(OutputDevice*, SwBorderAttrs const*) at sw/source/core/text/frmform.cxx:1932:17
> #17 in SwContentFrame::MakeAll(OutputDevice*) at sw/source/core/layout/calcmove.cxx:1514:17
> #18 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:375:5
> #19 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #20 in SwContentFrame::CalcLowers(SwLayoutFrame&, SwLayoutFrame const&, long, bool) at sw/source/core/layout/tabfrm.cxx:1534:19
> #21 in lcl_RecalcRow(SwRowFrame&, long) at sw/source/core/layout/tabfrm.cxx:1667:22
> #22 in SwTabFrame::MakeAll(OutputDevice*) at sw/source/core/layout/tabfrm.cxx:2546:25
> #23 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:375:5
> #24 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #25 in SwLayAction::IsShortCut(SwPageFrame*&) at sw/source/core/layout/layact.cxx:1113:31
> #26 in SwLayAction::InternalAction(OutputDevice*) at sw/source/core/layout/layact.cxx:535:66
> #27 in SwLayAction::Action(OutputDevice*) at sw/source/core/layout/layact.cxx:386:5
> #28 in SwViewShell::ImplEndAction(bool) at sw/source/core/view/viewsh.cxx:296:17
> #29 in SwViewShell::EndAction(bool) at sw/inc/viewsh.hxx:603:9
> #30 in SwCursorShell::EndAction(bool) at sw/source/core/crsr/crsrsh.cxx:265:18
> #31 in SwRootFrame::EndAllAction(bool) at sw/source/core/layout/pagechg.cxx:1920:27
> #32 in UnoActionContext::~UnoActionContext() at sw/source/core/unocore/unoobj2.cxx:202:25
> #33 in SwXTextFieldTypes::refresh() at sw/source/core/unocore/unofield.cxx:2896:5
> #34 in writerfilter::dmapper::ModelEventListener::notifyEvent(com::sun::star::document::EventObject const&) at writerfilter/source/dmapper/ModelEventListener.cxx:83:31
> #35 in (anonymous namespace)::NotifySingleListenerIgnoreRE<com::sun::star::document::XEventListener, com::sun::star::document::EventObject>::operator()(com::sun::star::uno::Reference<com::sun::star::document::XEventListener> const&) const at sfx2/source/doc/sfxbasemodel.cxx:3219:13
> #36 in void comphelper::OInterfaceContainerHelper2::forEach<com::sun::star::document::XEventListener, (anonymous namespace)::NotifySingleListenerIgnoreRE<com::sun::star::document::XEventListener, com::sun::star::document::EventObject> >((anonymous namespace)::NotifySingleListenerIgnoreRE<com::sun::star::document::XEventListener, com::sun::star::document::EventObject> const&) at include/comphelper/interfacecontainer2.hxx:271:17
> #37 in SfxBaseModel::postEvent_Impl(rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::frame::XController2> const&, com::sun::star::uno::Any const&) at sfx2/source/doc/sfxbasemodel.cxx:3266:14
> #38 in SfxBaseModel::Notify(SfxBroadcaster&, SfxHint const&) at sfx2/source/doc/sfxbasemodel.cxx:2902:9
> #39 in SfxBroadcaster::Broadcast(SfxHint const&) at svl/source/notify/SfxBroadcaster.cxx:39:24
> #40 in SfxApplication::NotifyEvent(SfxEventHint const&, bool) at sfx2/source/appl/appcfg.cxx:732:19
> #41 in SfxApplication::SetViewFrame_Impl(SfxViewFrame*) at sfx2/source/appl/app.cxx:276:17
> #42 in SfxViewFrame::SetViewFrame(SfxViewFrame*) at sfx2/source/view/viewfrm.cxx:3426:19
> #43 in SfxViewFrame::MakeActive_Impl(bool) at sfx2/source/view/viewfrm.cxx:2041:9
> #44 in SfxBaseController::ConnectSfxFrame_Impl(SfxBaseController::ConnectSfxFrame) at sfx2/source/view/sfxbasecontroller.cxx:1253:33
> #45 in SfxBaseController::attachFrame(com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) at sfx2/source/view/sfxbasecontroller.cxx:530:9
> #46 in (anonymous namespace)::SfxFrameLoader_Impl::impl_createDocumentView(com::sun::star::uno::Reference<com::sun::star::frame::XModel2> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&, comphelper::NamedValueCollection const&, rtl::OUString const&) at sfx2/source/view/frmload.cxx:582:18
> #47 in (anonymous namespace)::SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) at sfx2/source/view/frmload.cxx:702:13
> #48 in framework::LoadEnv::impl_loadContent() at framework/source/loadenv/loadenv.cxx:1157:37
> #49 in framework::LoadEnv::start() at framework/source/loadenv/loadenv.cxx:395:20
> #50 in framework::LoadEnv::startLoading(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&, rtl::OUString const&, int, LoadEnvFeatures) at framework/source/loadenv/loadenv.cxx:300:5
> #51 in framework::LoadEnv::loadComponentFromURL(com::sun::star::uno::Reference<com::sun::star::frame::XComponentLoader> const&, com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/loadenv/loadenv.cxx:168:14
> #52 in framework::Desktop::loadComponentFromURL(rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/services/desktop.cxx:593:16
> #53 in non-virtual thunk to framework::Desktop::loadComponentFromURL(rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/services/desktop.cxx
> #54 in unotest::MacrosTest::loadFromDesktop(rtl::OUString const&, rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at unotest/source/cpp/macros_test.cxx:68:62
> #55 in SwModelTestBase::loadURL(rtl::OUString const&, char const*, char const*) at sw/qa/unit/swmodeltestbase.cxx:515:19
> #56 in SwModelTestBase::load(std::basic_string_view<char16_t, std::char_traits<char16_t> >, char const*, char const*) at sw/qa/inc/swmodeltestbase.hxx:311:16
> #57 in SwModelTestBase::createSwDoc(std::basic_string_view<char16_t, std::char_traits<char16_t> >, char const*) at sw/qa/unit/swmodeltestbase.cxx:725:9
> #58 in testN4LA0OHZ::TestBody() at sw/qa/extras/layout/layout.cxx:2488:5
> #59 in void std::__invoke_impl<void, void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&>(std::__invoke_memfun_deref, void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:74:14
> #60 in std::__invoke_result<void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&>::type std::__invoke<void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&>(void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:96:14
> #61 in void std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>::__call<void, 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/functional:484:11
> #62 in void std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>::operator()<void>() at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/functional:567:17
> #63 in void std::__invoke_impl<void, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&>(std::__invoke_other, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:61:14
> #64 in std::enable_if<is_invocable_r_v<void, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&>, void>::type std::__invoke_r<void, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&>(std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:111:2
> #65 in std::_Function_handler<void (), std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()> >::_M_invoke(std::_Any_data const&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/std_function.h:290:9
> #66 in std::function<void ()>::operator()() const at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/std_function.h:591:9
> #67 in CppUnit::TestCaller<testN4LA0OHZ>::runTest() at workdir/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:175:7
> #68 in CppUnit::TestCaseMethodFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32:5
> #69 in (anonymous namespace)::Protector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at test/source/vclbootstrapprotector.cxx:46:14
> #70 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #71 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at unotest/source/cpp/unobootstrapprotector/unobootstrapprotector.cxx:78:12
> #72 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #73 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at unotest/source/cpp/unoexceptionprotector/unoexceptionprotector.cxx:62:16
> #74 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #75 in CppUnit::DefaultProtector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at workdir/UnpackedTarball/cppunit/src/cppunit/DefaultProtector.cpp:15:12
> #76 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #77 in CppUnit::ProtectorChain::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:86:18
> #78 in CppUnit::TestResult::protect(CppUnit::Functor const&, CppUnit::Test*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) at workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:182:28
> #79 in CppUnit::TestCase::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:91:13
> #80 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
> #81 in CppUnit::TestComposite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
> #82 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
> #83 in CppUnit::TestComposite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
> #84 in CppUnit::TestRunner::WrappingSuite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:47:27
> #85 in CppUnit::TestResult::runTest(CppUnit::Test*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:149:9
> #86 in CppUnit::TestRunner::run(CppUnit::TestResult&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) at workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:96:14
> #87 in (anonymous namespace)::ProtectedFixtureFunctor::run() const at sal/cppunittester/cppunittester.cxx:329:20
> #88 in main2() at sal/cppunittester/cppunittester.cxx:478:16
> #89 in sal_main() at sal/cppunittester/cppunittester.cxx:614:14
> #90 in main at sal/cppunittester/cppunittester.cxx:609:1
> #91 in __libc_start_call_main at /usr/src/debug/glibc-2.34-25.fc35.x86_64/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
> #92 in __libc_start_main at GLIBC_2.2.5 at /usr/src/debug/glibc-2.34-25.fc35.x86_64/csu/../csu/libc-start.c:409:3
> #93 in _start at <null>
>
> 0x613000737e18 is located 344 bytes inside of 384-byte region [0x613000737cc0,0x613000737e40)
> freed by thread T0 here:
> #0 in operator delete(void*, unsigned long) at ~/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:164:3
> #1 in SwPageFrame::~SwPageFrame() at sw/source/core/layout/pagechg.cxx:304:1
> #2 in SwFrame::DestroyFrame(SwFrame*) at sw/source/core/layout/ssfrm.cxx:395:9
> #3 in SwFrame::CheckPageDescs(SwPageFrame*, bool, SwPageFrame**) at sw/source/core/layout/pagechg.cxx:1255:17
> #4 in SwFlowFrame::MoveBwd(bool&) at sw/source/core/layout/flowfrm.cxx:2702:21
> #5 in SwTabFrame::MakeAll(OutputDevice*) at sw/source/core/layout/tabfrm.cxx:2120:18
> #6 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:375:5
> #7 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #8 in SwTabFrame::MakeAll(OutputDevice*) at sw/source/core/layout/tabfrm.cxx:2675:19
> #9 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:375:5
> #10 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #11 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:253:25
> #12 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #13 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:253:25
> #14 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #15 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:253:25
> #16 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #17 in SwTextFrame::CalcFollow(o3tl::strong_int<int, Tag_TextFrameIndex>) at sw/source/core/text/frmform.cxx:281:32
> #18 in SwTextFrame::AdjustFollow_(SwTextFormatter&, o3tl::strong_int<int, Tag_TextFrameIndex>, o3tl::strong_int<int, Tag_TextFrameIndex>, unsigned char) at sw/source/core/text/frmform.cxx:611:14
> #19 in SwTextFrame::FormatAdjust(SwTextFormatter&, WidowsAndOrphans&, o3tl::strong_int<int, Tag_TextFrameIndex>, bool) at sw/source/core/text/frmform.cxx:1189:9
> #20 in SwTextFrame::Format_(SwTextFormatter&, SwTextFormatInfo&, bool) at sw/source/core/text/frmform.cxx:1636:9
> #21 in SwTextFrame::Format_(OutputDevice*, SwParaPortion*) at sw/source/core/text/frmform.cxx:1743:5
> #22 in SwTextFrame::Format(OutputDevice*, SwBorderAttrs const*) at sw/source/core/text/frmform.cxx:1932:17
> #23 in SwContentFrame::MakeAll(OutputDevice*) at sw/source/core/layout/calcmove.cxx:1514:17
> #24 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:286:21
> #25 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #26 in SwTextFrame::CalcFollow(o3tl::strong_int<int, Tag_TextFrameIndex>) at sw/source/core/text/frmform.cxx:281:32
> #27 in SwTextFrame::AdjustFollow_(SwTextFormatter&, o3tl::strong_int<int, Tag_TextFrameIndex>, o3tl::strong_int<int, Tag_TextFrameIndex>, unsigned char) at sw/source/core/text/frmform.cxx:611:14
> #28 in SwTextFrame::FormatAdjust(SwTextFormatter&, WidowsAndOrphans&, o3tl::strong_int<int, Tag_TextFrameIndex>, bool) at sw/source/core/text/frmform.cxx:1189:9
> #29 in SwTextFrame::Format_(SwTextFormatter&, SwTextFormatInfo&, bool) at sw/source/core/text/frmform.cxx:1636:9
> #30 in SwTextFrame::Format_(OutputDevice*, SwParaPortion*) at sw/source/core/text/frmform.cxx:1743:5
> #31 in SwTextFrame::Format(OutputDevice*, SwBorderAttrs const*) at sw/source/core/text/frmform.cxx:1932:17
> #32 in SwContentFrame::MakeAll(OutputDevice*) at sw/source/core/layout/calcmove.cxx:1514:17
> #33 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:375:5
> #34 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #35 in SwContentFrame::CalcLowers(SwLayoutFrame&, SwLayoutFrame const&, long, bool) at sw/source/core/layout/tabfrm.cxx:1534:19
> #36 in lcl_RecalcRow(SwRowFrame&, long) at sw/source/core/layout/tabfrm.cxx:1667:22
> #37 in SwTabFrame::MakeAll(OutputDevice*) at sw/source/core/layout/tabfrm.cxx:2546:25
> #38 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:375:5
> #39 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #40 in SwLayAction::IsShortCut(SwPageFrame*&) at sw/source/core/layout/layact.cxx:1113:31
> #41 in SwLayAction::InternalAction(OutputDevice*) at sw/source/core/layout/layact.cxx:535:66
> #42 in SwLayAction::Action(OutputDevice*) at sw/source/core/layout/layact.cxx:386:5
> #43 in SwViewShell::ImplEndAction(bool) at sw/source/core/view/viewsh.cxx:296:17
> #44 in SwViewShell::EndAction(bool) at sw/inc/viewsh.hxx:603:9
> #45 in SwCursorShell::EndAction(bool) at sw/source/core/crsr/crsrsh.cxx:265:18
> #46 in SwRootFrame::EndAllAction(bool) at sw/source/core/layout/pagechg.cxx:1920:27
> #47 in UnoActionContext::~UnoActionContext() at sw/source/core/unocore/unoobj2.cxx:202:25
> #48 in SwXTextFieldTypes::refresh() at sw/source/core/unocore/unofield.cxx:2896:5
> #49 in writerfilter::dmapper::ModelEventListener::notifyEvent(com::sun::star::document::EventObject const&) at writerfilter/source/dmapper/ModelEventListener.cxx:83:31
> #50 in (anonymous namespace)::NotifySingleListenerIgnoreRE<com::sun::star::document::XEventListener, com::sun::star::document::EventObject>::operator()(com::sun::star::uno::Reference<com::sun::star::document::XEventListener> const&) const at sfx2/source/doc/sfxbasemodel.cxx:3219:13
> #51 in void comphelper::OInterfaceContainerHelper2::forEach<com::sun::star::document::XEventListener, (anonymous namespace)::NotifySingleListenerIgnoreRE<com::sun::star::document::XEventListener, com::sun::star::document::EventObject> >((anonymous namespace)::NotifySingleListenerIgnoreRE<com::sun::star::document::XEventListener, com::sun::star::document::EventObject> const&) at include/comphelper/interfacecontainer2.hxx:271:17
> #52 in SfxBaseModel::postEvent_Impl(rtl::OUString const&, com::sun::star::uno::Reference<com::sun::star::frame::XController2> const&, com::sun::star::uno::Any const&) at sfx2/source/doc/sfxbasemodel.cxx:3266:14
> #53 in SfxBaseModel::Notify(SfxBroadcaster&, SfxHint const&) at sfx2/source/doc/sfxbasemodel.cxx:2902:9
> #54 in SfxBroadcaster::Broadcast(SfxHint const&) at svl/source/notify/SfxBroadcaster.cxx:39:24
> #55 in SfxApplication::NotifyEvent(SfxEventHint const&, bool) at sfx2/source/appl/appcfg.cxx:732:19
> #56 in SfxApplication::SetViewFrame_Impl(SfxViewFrame*) at sfx2/source/appl/app.cxx:276:17
> #57 in SfxViewFrame::SetViewFrame(SfxViewFrame*) at sfx2/source/view/viewfrm.cxx:3426:19
> #58 in SfxViewFrame::MakeActive_Impl(bool) at sfx2/source/view/viewfrm.cxx:2041:9
> #59 in SfxBaseController::ConnectSfxFrame_Impl(SfxBaseController::ConnectSfxFrame) at sfx2/source/view/sfxbasecontroller.cxx:1253:33
> #60 in SfxBaseController::attachFrame(com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) at sfx2/source/view/sfxbasecontroller.cxx:530:9
> #61 in (anonymous namespace)::SfxFrameLoader_Impl::impl_createDocumentView(com::sun::star::uno::Reference<com::sun::star::frame::XModel2> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&, comphelper::NamedValueCollection const&, rtl::OUString const&) at sfx2/source/view/frmload.cxx:582:18
> #62 in (anonymous namespace)::SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) at sfx2/source/view/frmload.cxx:702:13
> #63 in framework::LoadEnv::impl_loadContent() at framework/source/loadenv/loadenv.cxx:1157:37
> #64 in framework::LoadEnv::start() at framework/source/loadenv/loadenv.cxx:395:20
> #65 in framework::LoadEnv::startLoading(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&, rtl::OUString const&, int, LoadEnvFeatures) at framework/source/loadenv/loadenv.cxx:300:5
> #66 in framework::LoadEnv::loadComponentFromURL(com::sun::star::uno::Reference<com::sun::star::frame::XComponentLoader> const&, com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/loadenv/loadenv.cxx:168:14
> #67 in framework::Desktop::loadComponentFromURL(rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/services/desktop.cxx:593:16
> #68 in non-virtual thunk to framework::Desktop::loadComponentFromURL(rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/services/desktop.cxx
> #69 in unotest::MacrosTest::loadFromDesktop(rtl::OUString const&, rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at unotest/source/cpp/macros_test.cxx:68:62
> #70 in SwModelTestBase::loadURL(rtl::OUString const&, char const*, char const*) at sw/qa/unit/swmodeltestbase.cxx:515:19
> #71 in SwModelTestBase::load(std::basic_string_view<char16_t, std::char_traits<char16_t> >, char const*, char const*) at sw/qa/inc/swmodeltestbase.hxx:311:16
> #72 in SwModelTestBase::createSwDoc(std::basic_string_view<char16_t, std::char_traits<char16_t> >, char const*) at sw/qa/unit/swmodeltestbase.cxx:725:9
> #73 in testN4LA0OHZ::TestBody() at sw/qa/extras/layout/layout.cxx:2488:5
> #74 in void std::__invoke_impl<void, void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&>(std::__invoke_memfun_deref, void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:74:14
> #75 in std::__invoke_result<void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&>::type std::__invoke<void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&>(void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:96:14
> #76 in void std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>::__call<void, 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/functional:484:11
> #77 in void std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>::operator()<void>() at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/functional:567:17
> #78 in void std::__invoke_impl<void, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&>(std::__invoke_other, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:61:14
> #79 in std::enable_if<is_invocable_r_v<void, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&>, void>::type std::__invoke_r<void, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&>(std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:111:2
> #80 in std::_Function_handler<void (), std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()> >::_M_invoke(std::_Any_data const&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/std_function.h:290:9
> #81 in std::function<void ()>::operator()() const at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/std_function.h:591:9
> #82 in CppUnit::TestCaller<testN4LA0OHZ>::runTest() at workdir/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:175:7
> #83 in CppUnit::TestCaseMethodFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32:5
> #84 in (anonymous namespace)::Protector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at test/source/vclbootstrapprotector.cxx:46:14
> #85 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #86 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at unotest/source/cpp/unobootstrapprotector/unobootstrapprotector.cxx:78:12
> #87 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #88 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at unotest/source/cpp/unoexceptionprotector/unoexceptionprotector.cxx:62:16
> #89 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #90 in CppUnit::DefaultProtector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at workdir/UnpackedTarball/cppunit/src/cppunit/DefaultProtector.cpp:15:12
> #91 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #92 in CppUnit::ProtectorChain::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:86:18
> #93 in CppUnit::TestResult::protect(CppUnit::Functor const&, CppUnit::Test*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) at workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:182:28
> #94 in CppUnit::TestCase::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:91:13
> #95 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
> #96 in CppUnit::TestComposite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
> #97 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
> #98 in CppUnit::TestComposite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
> #99 in CppUnit::TestRunner::WrappingSuite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:47:27
>
> previously allocated by thread T0 here:
> #0 in operator new(unsigned long) at ~/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:95:3
> #1 in (anonymous namespace)::doInsertPage(SwRootFrame*, SwPageFrame**, SwFrameFormat*, SwPageDesc*, bool, SwPageFrame**) at sw/source/core/layout/pagechg.cxx:1316:30
> #2 in SwFrame::InsertPage(SwPageFrame*, bool) at sw/source/core/layout/pagechg.cxx:1400:9
> #3 in SwFrame::GetNextLeaf(MakePageType) at sw/source/core/layout/flowfrm.cxx:1077:17
> #4 in SwFrame::GetLeaf(MakePageType, bool) at sw/source/core/layout/flowfrm.cxx:881:19
> #5 in SwFlowFrame::MoveFwd(bool, bool, bool) at sw/source/core/layout/flowfrm.cxx:1992:21
> #6 in SwTabFrame::MakeAll(OutputDevice*) at sw/source/core/layout/tabfrm.cxx:2007:23
> #7 in SwTabFrame::MakeAll(OutputDevice*) at sw/source/core/layout/tabfrm.cxx:2576:42
> #8 in SwTabFrame::MakeAll(OutputDevice*) at sw/source/core/layout/tabfrm.cxx:2576:42
> #9 in SwFrame::PrepareMake(OutputDevice*) at sw/source/core/layout/calcmove.cxx:375:5
> #10 in SwFrame::Calc(OutputDevice*) const at sw/source/core/layout/trvlfrm.cxx:1792:37
> #11 in SwLayAction::FormatLayoutTab(SwTabFrame*, bool) at sw/source/core/layout/layact.cxx:1516:15
> #12 in SwLayAction::FormatLayout(OutputDevice*, SwLayoutFrame*, bool) at sw/source/core/layout/layact.cxx:1402:32
> #13 in SwLayAction::FormatLayout(OutputDevice*, SwLayoutFrame*, bool) at sw/source/core/layout/layact.cxx:1408:29
> #14 in SwLayAction::IsShortCut(SwPageFrame*&) at sw/source/core/layout/layact.cxx:1016:13
> #15 in SwLayAction::InternalAction(OutputDevice*) at sw/source/core/layout/layact.cxx:535:66
> #16 in SwLayAction::Action(OutputDevice*) at sw/source/core/layout/layact.cxx:393:9
> #17 in SwViewShell::ImplEndAction(bool) at sw/source/core/view/viewsh.cxx:296:17
> #18 in SwViewShell::EndAction(bool) at sw/inc/viewsh.hxx:603:9
> #19 in SwCursorShell::EndAction(bool) at sw/source/core/crsr/crsrsh.cxx:265:18
> #20 in SwView::OuterResizePixel(Point const&, Size const&) at sw/source/uibase/uiview/viewport.cxx:1116:22
> #21 in SfxViewFrame::DoAdjustPosSizePixel(SfxViewShell*, Point const&, Size const&, bool) at sfx2/source/view/viewfrm.cxx:1904:18
> #22 in SfxViewFrame::Resize(bool) at sfx2/source/view/viewfrm.cxx:2698:13
> #23 in SfxFrameViewWindow_Impl::Resize() at sfx2/source/view/viewfrm2.cxx:72:17
> #24 in vcl::Window::ImplCallResize() at vcl/source/window/event.cxx:520:5
> #25 in vcl::Window::Show(bool, ShowFlags) at vcl/source/window/window.cxx:2296:13
> #26 in SfxBaseController::ConnectSfxFrame_Impl(SfxBaseController::ConnectSfxFrame) at sfx2/source/view/sfxbasecontroller.cxx:1223:24
> #27 in SfxBaseController::attachFrame(com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) at sfx2/source/view/sfxbasecontroller.cxx:530:9
> #28 in (anonymous namespace)::SfxFrameLoader_Impl::impl_createDocumentView(com::sun::star::uno::Reference<com::sun::star::frame::XModel2> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&, comphelper::NamedValueCollection const&, rtl::OUString const&) at sfx2/source/view/frmload.cxx:582:18
> #29 in (anonymous namespace)::SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) at sfx2/source/view/frmload.cxx:702:13
> #30 in framework::LoadEnv::impl_loadContent() at framework/source/loadenv/loadenv.cxx:1157:37
> #31 in framework::LoadEnv::start() at framework/source/loadenv/loadenv.cxx:395:20
> #32 in framework::LoadEnv::startLoading(rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&, rtl::OUString const&, int, LoadEnvFeatures) at framework/source/loadenv/loadenv.cxx:300:5
> #33 in framework::LoadEnv::loadComponentFromURL(com::sun::star::uno::Reference<com::sun::star::frame::XComponentLoader> const&, com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/loadenv/loadenv.cxx:168:14
> #34 in framework::Desktop::loadComponentFromURL(rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/services/desktop.cxx:593:16
> #35 in non-virtual thunk to framework::Desktop::loadComponentFromURL(rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at framework/source/services/desktop.cxx
> #36 in unotest::MacrosTest::loadFromDesktop(rtl::OUString const&, rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at unotest/source/cpp/macros_test.cxx:68:62
> #37 in SwModelTestBase::loadURL(rtl::OUString const&, char const*, char const*) at sw/qa/unit/swmodeltestbase.cxx:515:19
> #38 in SwModelTestBase::load(std::basic_string_view<char16_t, std::char_traits<char16_t> >, char const*, char const*) at sw/qa/inc/swmodeltestbase.hxx:311:16
> #39 in SwModelTestBase::createSwDoc(std::basic_string_view<char16_t, std::char_traits<char16_t> >, char const*) at sw/qa/unit/swmodeltestbase.cxx:725:9
> #40 in testN4LA0OHZ::TestBody() at sw/qa/extras/layout/layout.cxx:2488:5
> #41 in void std::__invoke_impl<void, void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&>(std::__invoke_memfun_deref, void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:74:14
> #42 in std::__invoke_result<void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&>::type std::__invoke<void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&>(void (testN4LA0OHZ::*&)(), testN4LA0OHZ*&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:96:14
> #43 in void std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>::__call<void, 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/functional:484:11
> #44 in void std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>::operator()<void>() at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/functional:567:17
> #45 in void std::__invoke_impl<void, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&>(std::__invoke_other, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:61:14
> #46 in std::enable_if<is_invocable_r_v<void, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&>, void>::type std::__invoke_r<void, std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&>(std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()>&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/invoke.h:111:2
> #47 in std::_Function_handler<void (), std::_Bind<void (testN4LA0OHZ::* (testN4LA0OHZ*))()> >::_M_invoke(std::_Any_data const&) at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/std_function.h:290:9
> #48 in std::function<void ()>::operator()() const at ~/gcc/trunk/inst/lib/gcc/x86_64-pc-linux-gnu/12.0.1/../../../../include/c++/12.0.1/bits/std_function.h:591:9
> #49 in CppUnit::TestCaller<testN4LA0OHZ>::runTest() at workdir/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:175:7
> #50 in CppUnit::TestCaseMethodFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32:5
> #51 in (anonymous namespace)::Protector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at test/source/vclbootstrapprotector.cxx:46:14
> #52 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #53 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at unotest/source/cpp/unobootstrapprotector/unobootstrapprotector.cxx:78:12
> #54 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #55 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at unotest/source/cpp/unoexceptionprotector/unoexceptionprotector.cxx:62:16
> #56 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #57 in CppUnit::DefaultProtector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at workdir/UnpackedTarball/cppunit/src/cppunit/DefaultProtector.cpp:15:12
> #58 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
> #59 in CppUnit::ProtectorChain::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) at workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:86:18
> #60 in CppUnit::TestResult::protect(CppUnit::Functor const&, CppUnit::Test*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) at workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:182:28
> #61 in CppUnit::TestCase::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:91:13
> #62 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
> #63 in CppUnit::TestComposite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
> #64 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
> #65 in CppUnit::TestComposite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
> #66 in CppUnit::TestRunner::WrappingSuite::run(CppUnit::TestResult*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:47:27
> #67 in CppUnit::TestResult::runTest(CppUnit::Test*) at workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:149:9
> #68 in CppUnit::TestRunner::run(CppUnit::TestResult&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) at workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:96:14
> #69 in (anonymous namespace)::ProtectedFixtureFunctor::run() const at sal/cppunittester/cppunittester.cxx:329:20
> #70 in main2() at sal/cppunittester/cppunittester.cxx:478:16
> #71 in sal_main() at sal/cppunittester/cppunittester.cxx:614:14
> #72 in main at sal/cppunittester/cppunittester.cxx:609:1
> #73 in __libc_start_call_main at /usr/src/debug/glibc-2.34-25.fc35.x86_64/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
>
> SUMMARY: AddressSanitizer: heap-use-after-free sw/source/core/inc/ftnboss.hxx:97:51 in SwFootnoteBossFrame::GetMaxFootnoteHeight() const
> Shadow bytes around the buggy address:
> 0x0c26800def70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 0x0c26800def80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 0x0c26800def90: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
> 0x0c26800defa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 0x0c26800defb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> =>0x0c26800defc0: fd fd fd[fd]fd fd fd fd fa fa fa fa fa fa fa fa
> 0x0c26800defd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 0x0c26800defe0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> 0x0c26800deff0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
> 0x0c26800df000: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
> 0x0c26800df010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
> Shadow byte legend (one shadow byte represents 8 application bytes):
> Addressable: 00
> Partially addressable: 01 02 03 04 05 06 07
> Heap left redzone: fa
> Freed heap region: fd
> Stack left redzone: f1
> Stack mid redzone: f2
> Stack right redzone: f3
> Stack after return: f5
> Stack use after scope: f8
> Global redzone: f9
> Global init order: f6
> Poisoned by user: f7
> Container overflow: fc
> Array cookie: ac
> Intra object redzone: bb
> ASan internal: fe
> Left alloca redzone: ca
> Right alloca redzone: cb
> ==500390==ABORTING
More information about the LibreOffice
mailing list