85dbb4a9af
Finally unit-copy-paste passes under sanitizers with this. Details: ==8988==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d0005e6de0 at pc 0x000000988e85 bp 0x7fff753316d0 sp 0x7fff753316c8 READ of size 4 at 0x60d0005e6de0 thread T0 (loolkit) #0 0x988e84 in std::pair<int const, UserInfo>::pair(std::pair<int const, UserInfo> const&) /home/vmiklos/git/libreoffice/lode/opt_private/gcc-7.3.0/lib64/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_pair.h:292:17 ... #12 0x9322af in Document::notifyViewInfo() /home/vmiklos/git/libreoffice/online-san/kit/Kit.cpp:1600:53 #13 0x9303f9 in Document::onUnload(ChildSession const&) /home/vmiklos/git/libreoffice/online-san/kit/Kit.cpp:1566:13 #14 0x616dcd in ChildSession::disconnect() /home/vmiklos/git/libreoffice/online-san/kit/ChildSession.cpp:96:25 #15 0x616535 in ChildSession::~ChildSession() /home/vmiklos/git/libreoffice/online-san/kit/ChildSession.cpp:85:5 freed by thread T0 (loolkit) here: #0 0x60f9b0 in operator delete(void*) _asan_rtl_:0 ... #8 0x939292 in Document::~Document() /home/vmiklos/git/libreoffice/online-san/kit/Kit.cpp:913:5 I.e. when the Document dtor clears Document::_sessions, the ChildSession dtor may be called. But ChildSession expected that it has a valid Document during its lifetime, which is not a promise we can hold, see the above trace. Fix the problem by having a pointer (and not a reference) to a Document in ChildSession and then: 1) Clear that Document pointer in ChildSessions at the end of the Document dtor using a new resetDocManager() 2) Check if the Document is nullptr in ChildSession::disconnect() instead of dereferencing it unconditionally. Change-Id: I19d3d6bfe9e142a52c199f49aaa347d1a2edbf87 |
||
---|---|---|
.. | ||
ChildSession.cpp | ||
ChildSession.hpp | ||
Delta.hpp | ||
DummyLibreOfficeKit.cpp | ||
DummyLibreOfficeKit.hpp | ||
ForKit.cpp | ||
Kit.cpp | ||
Kit.hpp | ||
KitHelper.hpp | ||
TestStubs.cpp |