office-gobmx/sw/source/core/doc/DocumentTimerManager.cxx
Mike Kaganski 8fc13f7d54 Disallow closing document during idle layout
Similar to commit 99c1bd1a4e (Disallow
closing document during generation of preview, 2024-03-11), it may
happen that an external process is closes a document that is being
in the process of the background layout, leading to use-after-free.

The request thread at the crash time, executing XComponent::dispose:

 swlo.dll!SwNoTextFrame::~SwNoTextFrame() Line 170
 swlo.dll!SwNoTextFrame::`scalar deleting destructor'(unsigned int)
 swlo.dll!SwFrame::DestroyFrame(SwFrame * const pFrame) Line 397
 swlo.dll!SwFlyFrame::DeleteCnt() Line 424
 swlo.dll!SwFlyFrame::DestroyImpl() Line 358
 swlo.dll!SwFlyFreeFrame::DestroyImpl() Line 89
 swlo.dll!SwFrame::DestroyFrame(SwFrame * const pFrame) Line 396
 swlo.dll!SwLayoutFrame::DestroyImpl() Line 516
 swlo.dll!SwFrame::DestroyFrame(SwFrame * const pFrame) Line 396
 swlo.dll!SwLayoutFrame::DestroyImpl() Line 540
 swlo.dll!SwPageFrame::DestroyImpl() Line 317
 swlo.dll!SwFrame::DestroyFrame(SwFrame * const pFrame) Line 396
 swlo.dll!SwLayoutFrame::DestroyImpl() Line 540
 swlo.dll!SwRootFrame::DestroyImpl() Line 570
 swlo.dll!SwFrame::DestroyFrame(SwFrame * const pFrame) Line 396
 swlo.dll!std::_Ref_count_resource<SwRootFrame *,void (__cdecl*)(SwFrame *)>::_Destroy() Line 1222
 swlo.dll!std::_Ref_count_base::_Decref() Line 1164
 swlo.dll!std::_Ptr_base<SwRootFrame>::_Decref() Line 1380
 swlo.dll!std::shared_ptr<SwRootFrame>::~shared_ptr<SwRootFrame>() Line 1685
 swlo.dll!SwViewShell::~SwViewShell() Line 354
 swlo.dll!SwCursorShell::~SwCursorShell() Line 3440
 swlo.dll!SwEditShell::~SwEditShell() Line 63
 swlo.dll!SwFEShell::~SwFEShell() Line 699
 swlo.dll!SwWrtShell::~SwWrtShell() Line 2065
 swlo.dll!SwWrtShell::`scalar deleting destructor'(unsigned int)
 swlo.dll!std::default_delete<SwWrtShell>::operator()(SwWrtShell * _Ptr) Line 3302
 swlo.dll!std::unique_ptr<SwWrtShell,std::default_delete<SwWrtShell>>::reset(SwWrtShell * _Ptr) Line 3447
 swlo.dll!SwView::~SwView() Line 1196
 swlo.dll!SwView::`vector deleting destructor'(unsigned int)
 sfxlo.dll!SfxViewFrame::ReleaseObjectShell_Impl() Line 1140
 sfxlo.dll!SfxViewFrame::~SfxViewFrame() Line 2059
 sfxlo.dll!SfxViewFrame::`scalar deleting destructor'(unsigned int)
 sfxlo.dll!SfxViewFrame::Close() Line 1192
 sfxlo.dll!SfxFrame::DoClose_Impl() Line 138
 sfxlo.dll!SfxBaseController::dispose() Line 928
 fwklo.dll!`anonymous namespace'::XFrameImpl::setComponent(const com::sun::uno::Reference<com::sun::awt::XWindow> & xComponentWindow, const com::sun::uno::Reference<com::sun::frame::XController> & xController) Line 1496
 fwklo.dll!`anonymous namespace'::XFrameImpl::close(unsigned char bDeliverOwnership) Line 1707
 sfxlo.dll!SfxFrame::DoClose() Line 104
 sfxlo.dll!SfxViewFrame::Notify(SfxBroadcaster & __formal, const SfxHint & rHint) Line 1820
 svllo.dll!SfxBroadcaster::Broadcast(const SfxHint & rHint) Line 40
 sfxlo.dll!`anonymous namespace'::SfxModelListener_Impl::notifyClosing(const com::sun::lang::EventObject & __formal) Line 154
 sfxlo.dll!SfxBaseModel::close(unsigned char bDeliverOwnership) Line 1511
 swlo.dll!SwXTextDocument::close(unsigned char bDeliverOwnership) Line 574
 sfxlo.dll!SfxBaseModel::dispose() Line 745
 swlo.dll!SwXTextDocument::dispose() Line 561
 mscx_uno.dll!`anonymous namespace'::cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy * pThis, bridges::cpp_uno::shared::VtableSlot aVtableSlot, _typelib_TypeDescriptionReference * pReturnTypeRef, long nParams, _typelib_MethodParameter * pParams, void * pUnoReturn, void * * pUnoArgs, _uno_Any * * ppUnoExc) Line 214
 mscx_uno.dll!unoInterfaceProxyDispatch(_uno_Interface * pUnoI, const _typelib_TypeDescription * pMemberTD, void * pReturn, void * * pArgs, _uno_Any * * ppException) Line 430
 binaryurplo.dll!binaryurp::IncomingRequest::execute_throw(binaryurp::BinaryAny * returnValue, std::vector<binaryurp::BinaryAny,std::allocator<binaryurp::BinaryAny>> * outArguments) Line 239
 binaryurplo.dll!binaryurp::IncomingRequest::execute() Line 79
 binaryurplo.dll!request(void * pThreadSpecificData) Line 84
 cppu3.dll!cppu_threadpool::JobQueue::enter(const void * nDisposeId, bool bReturnWhenNoJob) Line 101
 cppu3.dll!cppu_threadpool::ORequestThread::run() Line 165
 cppu3.dll!threadFunc(void * param) Line 190
 sal3.dll!oslWorkerWrapperFunction(void * pData) Line 67

Main thread, doing an idle layout of the same document:

 emboleobj.dll!OleComponent::SetExtent(const com::sun::awt::Size & aVisAreaSize, __int64 nAspect) Line 1099
 emboleobj.dll!OleEmbeddedObject::setVisualAreaSize(__int64 nAspect, const com::sun::awt::Size & aSize) Line 138
 swlo.dll!SwWrtShell::CalcAndSetScale(svt::EmbeddedObjectRef & xObj, const SwRect * pFlyPrtRect, const SwRect * pFlyFrameRect, const bool bNoTextFramePrtAreaChanged) Line 777
 swlo.dll!SwContentNotify::ImplDestroy() Line 926
 swlo.dll!SwContentNotify::~SwContentNotify() Line 1037
 swlo.dll!SwNoTextFrame::MakeAll(OutputDevice * pRenderContext) Line 584
 swlo.dll!SwFrame::OptPrepareMake() Line 412
 swlo.dll!SwFrame::OptCalc() Line 1110
 swlo.dll!SwLayAction::FormatContent_(const SwContentFrame * pContent, const SwPageFrame * pPage) Line 1969
 swlo.dll!SwLayAction::FormatFlyContent(const SwFlyFrame * pFly) Line 1994
 swlo.dll!SwObjectFormatter::FormatObj_(SwAnchoredObject & _rAnchoredObj) Line 312
 swlo.dll!SwObjectFormatterTextFrame::DoFormatObj(SwAnchoredObject & _rAnchoredObj, const bool _bCheckForMovedFwd) Line 133
 swlo.dll!SwObjectFormatter::FormatObjsAtFrame_(SwTextFrame * _pMasterTextFrame) Line 414
 swlo.dll!SwObjectFormatterTextFrame::DoFormatObjs() Line 348
 swlo.dll!SwObjectFormatter::FormatObjsAtFrame(SwFrame & _rAnchorFrame, const SwPageFrame & _rPageFrame, SwLayAction * _pLayAction) Line 160
 swlo.dll!SwLayAction::FormatContent(SwPageFrame * pPage) Line 1802
 swlo.dll!SwLayAction::InternalAction(OutputDevice * pRenderContext) Line 607
 swlo.dll!SwLayAction::Action(OutputDevice * pRenderContext) Line 390
 swlo.dll!SwLayIdle::SwLayIdle(SwRootFrame * pRt, SwViewShellImp * pI) Line 2372
 swlo.dll!SwViewShell::LayoutIdle() Line 827
 swlo.dll!sw::DocumentTimerManager::DoIdleJobs(Timer * __formal) Line 176
 swlo.dll!sw::DocumentTimerManager::LinkStubDoIdleJobs(void * instance, Timer * data) Line 156
 vcllo.dll!Link<Timer *,void>::Call(Timer * data) Line 111
 vcllo.dll!Timer::Invoke() Line 75
 vcllo.dll!Scheduler::CallbackTaskScheduling() Line 509
 vcllo.dll!SalTimer::CallCallback() Line 53
 vclplug_winlo.dll!WinSalTimer::ImplHandleElapsedTimer() Line 169
 vclplug_winlo.dll!ImplSalYield(bool bWait, bool bHandleAllCurrentEvents) Line 525
 vclplug_winlo.dll!WinSalInstance::DoYield(bool bWait, bool bHandleAllCurrentEvents) Line 581
 vcllo.dll!ImplYield(bool i_bWait, bool i_bAllEvents) Line 385
 vcllo.dll!Application::Yield() Line 473
 vcllo.dll!Application::Execute() Line 361
 sofficeapp.dll!desktop::Desktop::Main() Line 1652
 vcllo.dll!ImplSVMain() Line 229
 vcllo.dll!SVMain() Line 262
 sofficeapp.dll!soffice_main() Line 121
 soffice.bin!sal_main() Line 51
 soffice.bin!main(int argc, char * * argv) Line 49
 soffice.bin!invoke_main() Line 79
 soffice.bin!__scrt_common_main_seh() Line 288
 soffice.bin!__scrt_common_main() Line 331
 soffice.bin!mainCRTStartup(void * __formal) Line 17

Change-Id: I92102a9cd11ccde307b070ebc1984eb3d17d65bf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171856
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Jenkins
2024-08-14 14:44:20 +02:00

237 lines
7.3 KiB
C++

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* This file incorporates work covered by the following license notice:
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed
* with this work for additional information regarding copyright
* ownership. The ASF licenses this file to you under the Apache
* License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
#include <DocumentTimerManager.hxx>
#include <doc.hxx>
#include <DocumentSettingManager.hxx>
#include <IDocumentFieldsAccess.hxx>
#include <IDocumentLayoutAccess.hxx>
#include <rootfrm.hxx>
#include <viewsh.hxx>
#include <unotools/lingucfg.hxx>
#include <unotools/linguprops.hxx>
#include <fldupde.hxx>
#include <sfx2/progress.hxx>
#include <viewopt.hxx>
#include <docsh.hxx>
#include <docfld.hxx>
#include <fldbas.hxx>
#include <vcl/scheduler.hxx>
#include <comphelper/lok.hxx>
#include <editsh.hxx>
namespace sw
{
DocumentTimerManager::DocumentTimerManager(SwDoc& i_rSwdoc)
: m_rDoc(i_rSwdoc)
, m_nIdleBlockCount(0)
, m_bStartOnUnblock(false)
, m_aDocIdle(i_rSwdoc, "sw::DocumentTimerManager m_aDocIdle")
, m_aFireIdleJobsTimer("sw::DocumentTimerManager m_aFireIdleJobsTimer")
, m_bWaitForLokInit(true)
{
m_aDocIdle.SetPriority(TaskPriority::LOWEST);
m_aDocIdle.SetInvokeHandler(LINK(this, DocumentTimerManager, DoIdleJobs));
m_aFireIdleJobsTimer.SetInvokeHandler(LINK(this, DocumentTimerManager, FireIdleJobsTimeout));
m_aFireIdleJobsTimer.SetTimeout(1000); // Enough time for LOK to render the first tiles.
}
void DocumentTimerManager::StartIdling()
{
if (m_bWaitForLokInit && comphelper::LibreOfficeKit::isActive())
{
// Start the idle jobs only after a certain delay.
m_bWaitForLokInit = false;
StopIdling();
m_aFireIdleJobsTimer.Start();
return;
}
m_bWaitForLokInit = false;
m_bStartOnUnblock = true;
if (0 == m_nIdleBlockCount)
{
if (!m_aDocIdle.IsActive())
m_aDocIdle.Start();
else
Scheduler::Wakeup();
}
}
void DocumentTimerManager::StopIdling()
{
m_bStartOnUnblock = false;
m_aDocIdle.Stop();
}
void DocumentTimerManager::BlockIdling()
{
assert(SAL_MAX_UINT32 != m_nIdleBlockCount);
++m_nIdleBlockCount;
}
void DocumentTimerManager::UnblockIdling()
{
assert(0 != m_nIdleBlockCount);
--m_nIdleBlockCount;
if ((0 == m_nIdleBlockCount) && m_bStartOnUnblock)
{
if (!m_aDocIdle.IsActive())
m_aDocIdle.Start();
else
Scheduler::Wakeup();
}
}
IMPL_LINK(DocumentTimerManager, FireIdleJobsTimeout, Timer*, , void)
{
// Now we can run the idle jobs, assuming we finished LOK initialization.
StartIdling();
}
DocumentTimerManager::IdleJob DocumentTimerManager::GetNextIdleJob() const
{
SwRootFrame* pTmpRoot = m_rDoc.getIDocumentLayoutAccess().GetCurrentLayout();
if( pTmpRoot &&
!SfxProgress::GetActiveProgress( m_rDoc.GetDocShell() ) )
{
SwViewShell* pShell(m_rDoc.getIDocumentLayoutAccess().GetCurrentViewShell());
for(const SwViewShell& rSh : pShell->GetRingContainer())
if( rSh.ActionPend() )
return IdleJob::Busy;
if( pTmpRoot->IsNeedGrammarCheck() )
{
bool bIsOnlineSpell = pShell->GetViewOptions()->IsOnlineSpell();
bool bIsAutoGrammar = false;
SvtLinguConfig().GetProperty( UPN_IS_GRAMMAR_AUTO ) >>= bIsAutoGrammar;
if( bIsOnlineSpell && bIsAutoGrammar && m_rDoc.StartGrammarChecking( true ) )
return IdleJob::Grammar;
}
// If we're dragging re-layout doesn't occur so avoid a busy loop.
if (!pShell->HasDrawViewDrag())
{
for ( auto pLayout : m_rDoc.GetAllLayouts() )
{
if( pLayout->IsIdleFormat() )
return IdleJob::Layout;
}
}
SwFieldUpdateFlags nFieldUpdFlag = m_rDoc.GetDocumentSettingManager().getFieldUpdateFlags(true);
if( ( AUTOUPD_FIELD_ONLY == nFieldUpdFlag
|| AUTOUPD_FIELD_AND_CHARTS == nFieldUpdFlag )
&& m_rDoc.getIDocumentFieldsAccess().GetUpdateFields().IsFieldsDirty() )
{
if( m_rDoc.getIDocumentFieldsAccess().GetUpdateFields().IsInUpdateFields()
|| m_rDoc.getIDocumentFieldsAccess().IsExpFieldsLocked() )
return IdleJob::Busy;
return IdleJob::Fields;
}
}
return IdleJob::None;
}
IMPL_LINK_NOARG( DocumentTimerManager, DoIdleJobs, Timer*, void )
{
#ifdef TIMELOG
static ::rtl::Logfile* pModLogFile = new ::rtl::Logfile( "First DoIdleJobs" );
#endif
SfxCloseVetoLock lock(m_rDoc.GetDocShell());
BlockIdling();
StopIdling();
IdleJob eJob = GetNextIdleJob();
switch ( eJob )
{
case IdleJob::Grammar:
m_rDoc.StartGrammarChecking();
break;
case IdleJob::Layout:
for ( auto pLayout : m_rDoc.GetAllLayouts() )
if( pLayout->IsIdleFormat() )
{
pLayout->GetCurrShell()->LayoutIdle();
break;
}
break;
case IdleJob::Fields:
{
SwViewShell* pShell( m_rDoc.getIDocumentLayoutAccess().GetCurrentViewShell() );
SwRootFrame* pTmpRoot = m_rDoc.getIDocumentLayoutAccess().GetCurrentLayout();
// Action brackets!
m_rDoc.getIDocumentFieldsAccess().GetUpdateFields().SetInUpdateFields( true );
pTmpRoot->StartAllAction();
// no jump on update of fields #i85168#
const bool bOldLockView = pShell->IsViewLocked();
pShell->LockView( true );
auto pChapterFieldType = m_rDoc.getIDocumentFieldsAccess().GetSysFieldType( SwFieldIds::Chapter );
pChapterFieldType->CallSwClientNotify(sw::LegacyModifyHint( nullptr, nullptr )); // ChapterField
m_rDoc.getIDocumentFieldsAccess().UpdateExpFields( nullptr, false ); // Updates ExpressionFields
m_rDoc.getIDocumentFieldsAccess().UpdateTableFields(nullptr); // Tables
m_rDoc.getIDocumentFieldsAccess().UpdateRefFields(); // References
// Validate and update the paragraph signatures.
if (SwEditShell* pSh = m_rDoc.GetEditShell())
pSh->ValidateAllParagraphSignatures(true);
pTmpRoot->EndAllAction();
pShell->LockView( bOldLockView );
m_rDoc.getIDocumentFieldsAccess().GetUpdateFields().SetInUpdateFields( false );
m_rDoc.getIDocumentFieldsAccess().GetUpdateFields().SetFieldsDirty( false );
break;
}
case IdleJob::Busy:
break;
case IdleJob::None:
break;
}
if ( IdleJob::None != eJob )
StartIdling();
UnblockIdling();
#ifdef TIMELOG
if( pModLogFile && 1 != (long)pModLogFile )
delete pModLogFile, static_cast<long&>(pModLogFile) = 1;
#endif
}
DocumentTimerManager::~DocumentTimerManager() {}
}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */