On 06/05/2021 11.07, Stephan Bergmann wrote:
Since
<https://git.libreoffice.org/core/+/4ade38b97f8c22061b612bac81f5dcd3cfb83547%5E!/>
"tdf#141613: sw_uiwriter3: fix unittest" introduced that test case,
<https://ci.libreoffice.org//job/lo_ubsan/2001/> fails with
[_RUN_____] testTdf141613::TestBody
=================================================================
==26995==ERROR: AddressSanitizer: heap-use-after-free on address
0x60c0002ac460 at pc 0x2b0f164291e9 bp 0x7fff7ed81ee0 sp 0x7fff7ed81ed8
WRITE of size 8 at 0x60c0002ac460 thread T0
#0 0x2b0f164291e8 in
SfxListUndoAction::UndoWithContext(SfxUndoContext&)
/svl/source/undo/undo.cxx:1321:19
#1 0x2b0f164106cd in SfxUndoManager::ImplUndo(SfxUndoContext*)
/svl/source/undo/undo.cxx:697:22
#2 0x2b0f16411666 in
SfxUndoManager::UndoWithContext(SfxUndoContext&)
/svl/source/undo/undo.cxx:665:12
#3 0x2b0f5329e1eb in
sw::UndoManager::impl_DoUndoRedo(sw::UndoManager::UndoOrRedoType)
/sw/source/core/undo/docundo.cxx:608:32
#4 0x2b0f5329f44b in sw::UndoManager::Undo()
/sw/source/core/undo/docundo.cxx:641:16
0x60c0002ac460 is located 96 bytes inside of 120-byte region
[0x60c0002ac400,0x60c0002ac478)
freed by thread T0 here:
#0 0x4f75f0 in operator delete(void*)
/home/tdf/lode/packages/llvm-llvmorg-9.0.1.src/compiler-rt/lib/asan/asan_new_delete.cc:160
#1 0x2b0f16428760 in SfxListUndoAction::~SfxListUndoAction()
/svl/source/undo/undo.cxx:1306:1
#2 0x2b0f1645b5d1 in
std::default_delete<SfxUndoAction>::operator()(SfxUndoAction*) const
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:78:2
#3 0x2b0f1643b153 in std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >::~unique_ptr()
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:268:4
#4 0x2b0f1644b34c in void
std::_Destroy<std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> > >(std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >*)
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_construct.h:98:19
#5 0x2b0f1644b296 in void
std::_Destroy_aux<false>::__destroy<std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >*>(std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >*, std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >*)
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_construct.h:108:6
#6 0x2b0f1644b214 in void
std::_Destroy<std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >*>(std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >*, std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >*)
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_construct.h:136:7
#7 0x2b0f1644af58 in void
std::_Destroy<std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >*, std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> > >(std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >*, std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >*,
std::allocator<std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> > >&)
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_construct.h:206:7
#8 0x2b0f16474dd3 in
std::__cxx1998::vector<std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >,
std::allocator<std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> > >
>::_M_erase_at_end(std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >*)
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_vector.h:1513:2
#9 0x2b0f16474c70 in
std::__cxx1998::vector<std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >,
std::allocator<std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> > > >::clear()
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_vector.h:1248:9
#10 0x2b0f1643ca24 in
std::__debug::vector<std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> >,
std::allocator<std::unique_ptr<SfxUndoAction,
std::default_delete<SfxUndoAction> > > >::clear()
/home/tdf/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/debug/vector:699:9
#11 0x2b0f163f5ac6 in
svl::undo::impl::UndoManagerGuard::~UndoManagerGuard()
/svl/source/undo/undo.cxx:326:31
#12 0x2b0f163fe0eb in SfxUndoManager::ImplClearRedo_NoLock(bool)
/svl/source/undo/undo.cxx:466:1
#13 0x2b0f53295434 in sw::UndoManager::ClearRedo()
/sw/source/core/undo/docundo.cxx:252:28
^ you can't delete the undo stack while it's doing undo!
this was added in commit 65e52cb61d74b0c71b45b63b2da131bc6b621104
"tdf#141613 sw: fix crash at header/footer undo"
#14 0x2b0f4f8d2266 in SwDoc::ChgPageDesc(unsigned long, SwPageDesc
const&) /sw/source/core/doc/docdesc.cxx:508:36
#15 0x2b0f4f8eb8ab in SwDoc::ChgPageDesc(rtl::OUString const&,
SwPageDesc const&) /sw/source/core/doc/docdesc.cxx:980:9
#16 0x2b0f5328aac6 in
SwUndoPageDesc::UndoImpl(sw::UndoRedoContext&)
/sw/source/core/undo/SwUndoPageDesc.cxx:225:13
#17 0x2b0f533a4261 in SwUndo::UndoWithContext(SfxUndoContext&)
/sw/source/core/undo/undobj.cxx:235:5
_______________________________________________
LibreOffice mailing list
LibreOffice@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/libreoffice
