Mailinglist Archive: opensuse-bugs (6226 mails)

< Previous Next >
[Bug 553819] [OO-3.1.1] OO Writer closes if multiple images are pasted from Firefox
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 9 Dec 2009 21:58:40 +0000
  • Message-id: <20091209215840.15B3924551B@xxxxxxxxxxxxxxxxxxxxxx>
http://bugzilla.novell.com/show_bug.cgi?id=553819

http://bugzilla.novell.com/show_bug.cgi?id=553819#c8


--- Comment #8 from Tor Lillqvist <tlillqvist@xxxxxxxxxx> 2009-12-09 21:58:38
UTC ---
Running OOo under valgrind shows up that the code is using freed data:

==12396== Invalid read of size 4
==12396== at 0x12577149:
rtl::Reference<webdav_ucp::DAVSession>::operator->() const (ref.hxx:168)
==12396== by 0x125754B0:
webdav_ucp::DAVResourceAccess::LOCK(com::sun::star::ucb::Lock&,
com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment>
const&) (DAVResourceAccess.cxx:1017)
==12396== by 0x1254F9AE:
webdav_ucp::Content::open(com::sun::star::ucb::OpenCommandArgument2 const&,
com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment>
const&) (webdavcontent.cxx:2481)
==12396== by 0x12548AED:
webdav_ucp::Content::execute(com::sun::star::ucb::Command const&, long,
com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment>
const&) (webdavcontent.cxx:919)
==12396== by 0x50E9DB4:
ucbhelper::Content_Impl::executeCommand(com::sun::star::ucb::Command const&)
(content.cxx:1809)
==12396== by 0x50E7144: ucbhelper::Content::openWriteableStream()
(content.cxx:1256)
==12396== by 0x44FFD71:
comphelper::MediaDescriptor::impl_openStreamWithURL(rtl::OUString const&,
unsigned char) (mediadescriptor.cxx:837)
==12396== by 0x44FF00E:
comphelper::MediaDescriptor::impl_addInputStream(unsigned char)
(mediadescriptor.cxx:581)
==12396== by 0x44FEA7C: comphelper::MediaDescriptor::addInputStream()
(mediadescriptor.cxx:519)
==12396== by 0xE60F95D: SwAsyncRetrieveInputStreamThread::threadFunction()
(in /mnt/sdb/ooo-build-master/build/ooo320-m7/sw/unxlngi6.pro/lib/libswli.so)
==12396== by 0xE60ED4B: ObservableThread::run() (in
/mnt/sdb/ooo-build-master/build/ooo320-m7/sw/unxlngi6.pro/lib/libswli.so)
==12396== by 0xE61113A: threadFunc (in
/mnt/sdb/ooo-build-master/build/ooo320-m7/sw/unxlngi6.pro/lib/libswli.so)
==12396== by 0x403D117: osl_thread_start_Impl (in
/home/tml/ooo32/ure/lib/libuno_sal.so.3)
==12396== by 0x43E06E4: start_thread (in /lib/libpthread-2.10.1.so)
==12396== by 0x43E05FF: ??? (in /lib/libpthread-2.10.1.so)
==12396== Address 0xa96a96c is 12 bytes inside a block of size 36 free'd
==12396== at 0x40268A6: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==12396== by 0x405BD00: rtl_freeMemory (in
/home/tml/ooo32/ure/lib/libuno_sal.so.3)
==12396== by 0x8048CF7: operator delete(void*) (in
/home/tml/ooo32/program/soffice.bin)
==12396== by 0x12559667:
std::auto_ptr<webdav_ucp::DAVResourceAccess>::reset(webdav_ucp::DAVResourceAccess*)
(auto_ptr.h:242)
==12396== by 0x1254FBD9:
webdav_ucp::Content::open(com::sun::star::ucb::OpenCommandArgument2 const&,
com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment>
const&) (webdavcontent.cxx:2516)
==12396== by 0x12548AED:
webdav_ucp::Content::execute(com::sun::star::ucb::Command const&, long,
com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment>
const&) (webdavcontent.cxx:919)
==12396== by 0x50E9DB4:
ucbhelper::Content_Impl::executeCommand(com::sun::star::ucb::Command const&)
(content.cxx:1809)
==12396== by 0x50E7144: ucbhelper::Content::openWriteableStream()
(content.cxx:1256)
==12396== by 0x44FFD71:
comphelper::MediaDescriptor::impl_openStreamWithURL(rtl::OUString const&,
unsigned char) (mediadescriptor.cxx:837)
==12396== by 0x44FF00E:
comphelper::MediaDescriptor::impl_addInputStream(unsigned char)
(mediadescriptor.cxx:581)
==12396== by 0x44FEA7C: comphelper::MediaDescriptor::addInputStream()
(mediadescriptor.cxx:519)
==12396== by 0xE60F95D: SwAsyncRetrieveInputStreamThread::threadFunction()
(in /mnt/sdb/ooo-build-master/build/ooo320-m7/sw/unxlngi6.pro/lib/libswli.so)
==12396== by 0xE60ED4B: ObservableThread::run() (in
/mnt/sdb/ooo-build-master/build/ooo320-m7/sw/unxlngi6.pro/lib/libswli.so)
==12396== by 0xE61113A: threadFunc (in
/mnt/sdb/ooo-build-master/build/ooo320-m7/sw/unxlngi6.pro/lib/libswli.so)
==12396== by 0x403D117: osl_thread_start_Impl (in
/home/tml/ooo32/ure/lib/libuno_sal.so.3)
==12396== by 0x43E06E4: start_thread (in /lib/libpthread-2.10.1.so)
==12396== by 0x43E05FF: ??? (in /lib/libpthread-2.10.1.so)

(Some temporary debugging printouts in the code above so line numbers might be
off from our normal build.)

I.e, in webdavcontent.cxx in Content::open() the call that resets the member
m_xResAccess, i.e. m_xResAccess.reset(new DAVResourceAccess(
*xResAccess.get())) causes something to be freed that the code in
DAVResourceAccess::LOCK() then tries to use. I have tried to wrap my head
around this for almost a day now but with little success.

--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >