2cb54449b4
The problem is that the destructor of the vector maFocusableObjects
ends up dispose()-ing every element, which calls back into
AccessibleFocusManager to remove the element from the vector, which
invokes its destructor a 2nd time.
Move it to the stack so it doesn't double-free itself.
ERROR: AddressSanitizer: heap-use-after-free on address 0x612001571c00 at pc 0x7fc5e723ca72 bp 0x7fffbaa8d6d0 sp 0x7fffbaa8d6c8
READ of size 1 at 0x612001571c00 thread T0
#0 0x7fc5e723ca71 in cppu::WeakComponentImplHelperBase::release() cppuhelper/source/implbase.cxx:84:9
#1 0x7fc595211b27 in cppu::PartialWeakComponentImplHelper<com::sun:⭐:accessibility::XAccessible, com::sun:⭐:accessibility::XAccessibleContext, com::sun:⭐:accessibility::XAccessibleComponent, com::sun:⭐:accessibility::XAccessibleEventBroadcaster, com::sun:⭐:awt::XWindowListener>::release() include/cppuhelper/compbase.hxx:86:36
#2 0x7fc5952093e4 in rtl::Reference<sdext::presenter::PresenterAccessible::AccessibleObject>::~Reference() include/rtl/ref.hxx:113:22
#3 0x7fc59522acd4 in void std::_Destroy<rtl::Reference<sdext::presenter::PresenterAccessible::AccessibleObject> >(rtl::Reference<sdext::presenter::PresenterAccessible::AccessibleObject>*) /usr/bin/../lib/gcc/x86_64-redhat-linux/10/../../../../include/c++/10/bits/stl_construct.h:140:19
0x612001571c00 is located 64 bytes inside of 312-byte region [0x612001571bc0,0x612001571cf8)
freed by thread T0 here:
#0 0x4be997 in free (instdir/program/soffice.bin+0x4be997)
#1 0x7fc5ea2a5104 in rtl_freeMemory sal/rtl/alloc_global.cxx:51:5
#2 0x7fc5952097f4 in cppu::WeakComponentImplHelperBase::operator delete(void*) include/cppuhelper/compbase_ex.hxx:66:11
#3 0x7fc595211e07 in sdext::presenter::PresenterAccessible::AccessibleObject::~AccessibleObject() sdext/source/presenter/PresenterAccessibility.cxx:67:28
#4 0x7fc5e74a11b4 in cppu::OWeakObject::release() cppuhelper/source/weak.cxx:233:9
#5 0x7fc5e723cb05 in cppu::WeakComponentImplHelperBase::release() cppuhelper/source/implbase.cxx:86:18
#6 0x7fc595211b27 in cppu::PartialWeakComponentImplHelper<com::sun:⭐:accessibility::XAccessible, com::sun:⭐:accessibility::XAccessibleContext, com::sun:⭐:accessibility::XAccessibleComponent, com::sun:⭐:accessibility::XAccessibleEventBroadcaster, com::sun:⭐:awt::XWindowListener>::release() include/cppuhelper/compbase.hxx:86:36
#7 0x7fc5e7194115 in com::sun:⭐:uno::Reference<com::sun:⭐:uno::XInterface>::~Reference() include/com/sun/star/uno/Reference.hxx:110:22
#8 0x7fc5e71f3944 in com::sun:⭐:lang::EventObject::~EventObject() workdir/UnoApiHeadersTarget/udkapi/comprehensive/com/sun/star/lang/EventObject.hdl:18:27
#9 0x7fc5e723d395 in cppu::WeakComponentImplHelperBase::dispose() cppuhelper/source/implbase.cxx:118:5
#10 0x7fc595211e27 in cppu::PartialWeakComponentImplHelper<com::sun:⭐:accessibility::XAccessible, com::sun:⭐:accessibility::XAccessibleContext, com::sun:⭐:accessibility::XAccessibleComponent, com::sun:⭐:accessibility::XAccessibleEventBroadcaster, com::sun:⭐:awt::XWindowListener>::dispose() include/cppuhelper/compbase.hxx:90:36
#11 0x7fc5e723c6e9 in cppu::WeakComponentImplHelperBase::release() cppuhelper/source/implbase.cxx:79:13
#12 0x7fc595211b27 in cppu::PartialWeakComponentImplHelper<com::sun:⭐:accessibility::XAccessible, com::sun:⭐:accessibility::XAccessibleContext, com::sun:⭐:accessibility::XAccessibleComponent, com::sun:⭐:accessibility::XAccessibleEventBroadcaster, com::sun:⭐:awt::XWindowListener>::release() include/cppuhelper/compbase.hxx:86:36
#13 0x7fc5952093e4 in rtl::Reference<sdext::presenter::PresenterAccessible::AccessibleObject>::~Reference() include/rtl/ref.hxx:113:22
#14 0x7fc59522acd4 in void std::_Destroy<rtl::Reference<sdext::presenter::PresenterAccessible::AccessibleObject> >(rtl::Reference<sdext::presenter::PresenterAccessible::AccessibleObject>*) /usr/bin/../lib/gcc/x86_64-redhat-linux/10/../../../../include/c++/10/bits/stl_construct.h:140:19
Change-Id: I95151807e9182ed5f43b63792fba86f83ee0bad8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104208
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@cib.de>
|
||
|---|---|---|
| .. | ||
| inc | ||
| source | ||
| CppunitTest_sdext_pdfimport.mk | ||
| CustomTarget_pdfimport.mk | ||
| Executable_pdf2xml.mk | ||
| Executable_pdfunzip.mk | ||
| Executable_xpdfimport.mk | ||
| IwyuFilter_sdext.yaml | ||
| Library_pdfimport.mk | ||
| Library_PresentationMinimizer.mk | ||
| Library_PresenterScreen.mk | ||
| Makefile | ||
| Module_sdext.mk | ||
| Package_pdfimport_xpdfimport.mk | ||
| README | ||
Extensions for the Impress and Draw applications.
source/pdfimport/ - PDF import
Uses an external poppler process to parse and handle PDF
import as draw shapes.
source/minimizer/ - Presentation Minimizer
Shrinks presentations by down-scaling images, and removing
extraneous eg. embedded OLE content.
source/presenter/ - Impress / Presenter Console.
This couples to sd/ in rather strange ways. Its design is
heavily mangled by an attempt to use only UNO interfaces
which are highly inadequate. This leads to somewhat
ridiculous situations. Activating in response to
configuration keys (for example), and the 'XPresenterHelper'
interface inside sd/ used to create and manage windows.
The main screen uses a hardware-accelerated
canvas (e.g. cairo canvas), while the entire secondary screen
uses a VCL-canvas that is created in
sd::framework::FullScreenPane::CreateCanvas().
The secondary screen contains 3 "Panes" which each have
2 XWindows for the border area & the actual content,
and each content Pane is backed by a sd::presenter::PresenterCanvas
that wraps the FullScreenPane's canvas and does clipping.