vcl/unx/generic/glyphs/glyphcache.cxx | 7 -------
1 file changed, 7 deletions(-)
New commits:
commit 0083269c3cbdb3de2ec92dafaecae5911c30fa04
Author: Stephan Bergmann <sberg...@redhat.com>
Date: Thu Jun 7 08:27:17 2018 +0200
Revert "Revert "Blind attempt to fix UBSAN error in FreetypeFont""
This reverts commit 3220ada5159307be8a93da3a57d2bfec0c826bf5. The ASan
heap-
use-after-free came back, as seen (seemingly reliably, this time) during
CppunitTest_sw_ooxmlimport:
> ==4510==ERROR: AddressSanitizer: heap-use-after-free on address
0x611000c72ea8 at pc 0x7f9e4d9b567e bp 0x7ffcb2648770 sp 0x7ffcb2648768
> READ of size 8 at 0x611000c72ea8 thread T0
> #0 in FreetypeFont::Release() const at
vcl/unx/generic/glyphs/glyphcache.cxx:311:5 (instdir/program/libvcllo.so
+0x68ec67d)
> #1 in FreetypeFontInstance::~FreetypeFontInstance() at
vcl/unx/generic/glyphs/glyphcache.cxx:371:25 (instdir/program/libvcllo.so
+0x68efdc7)
> #2 in FreetypeFontInstance::~FreetypeFontInstance() at
vcl/unx/generic/glyphs/glyphcache.cxx:368:1 (instdir/program/libvcllo.so
+0x68efe6e)
> #3 in LogicalFontInstance::Release() at
vcl/source/font/fontinstance.cxx:136:13 (instdir/program/libvcllo.so +0x6376ceb)
> #4 in FreetypeFont::~FreetypeFont() at
vcl/unx/generic/glyphs/freetype_glyphcache.cxx:488:21
(instdir/program/libvcllo.so +0x68ab549)
> #5 in GlyphCache::InvalidateAllGlyphs() at
vcl/unx/generic/glyphs/glyphcache.cxx:57:9 (instdir/program/libvcllo.so
+0x68e6c6c)
> #6 in GlyphCache::~GlyphCache() at
vcl/unx/generic/glyphs/glyphcache.cxx:47:5 (instdir/program/libvcllo.so
+0x68e664c)
> #7 in GlyphCache::~GlyphCache() at
vcl/unx/generic/glyphs/glyphcache.cxx:46:1 (instdir/program/libvcllo.so
+0x68e6fde)
> #8 in std::default_delete<GlyphCache>::operator()(GlyphCache*) const at
/usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:81:2
(instdir/program/libvcllo.so +0x68679d9)
> #9 in std::unique_ptr<GlyphCache, std::default_delete<GlyphCache>
>::~unique_ptr() at
/usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:274:4
(instdir/program/libvcllo.so +0x6867739)
> #10 in std::unique_ptr<GlyphCache, std::default_delete<GlyphCache>
>::~unique_ptr() at
/usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:271:7
(instdir/program/libvcllo.so +0x68675ce)
> #11 in (anonymous namespace)::GlyphCacheHolder::~GlyphCacheHolder() at
vcl/headless/svpglyphcache.cxx:33:12 (instdir/program/libvcllo.so +0x686667e)
> #12 in __run_exit_handlers at
/usr/src/debug/glibc-2.27-56-g50df56ca86/stdlib/exit.c:108:8 (/lib64/libc.so.6
+0x3966b)
> #13 in __GI_exit at
/usr/src/debug/glibc-2.27-56-g50df56ca86/stdlib/exit.c:139:3 (/lib64/libc.so.6
+0x3979b)
> #14 in __libc_start_main at
/usr/src/debug/glibc-2.27-56-g50df56ca86/csu/../csu/libc-start.c:342:3
(/lib64/libc.so.6 +0x23191)
> #15 in _start at <null> (workdir/LinkTarget/Executable/cppunittester
+0x42f349)
>
> 0x611000c72ea8 is located 104 bytes inside of 216-byte region
[0x611000c72e40,0x611000c72f18)
> freed by thread T0 here:
> #0 in operator delete(void*, unsigned long) at
/data/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_new_delete.cc:162:3
(workdir/LinkTarget/Executable/cppunittester +0x53a060)
> #1 in GlyphCache::InvalidateAllGlyphs() at
vcl/unx/generic/glyphs/glyphcache.cxx:57:9 (instdir/program/libvcllo.so
+0x68e6c7c)
> #2 in GlyphCache::~GlyphCache() at
vcl/unx/generic/glyphs/glyphcache.cxx:47:5 (instdir/program/libvcllo.so
+0x68e664c)
> #3 in GlyphCache::~GlyphCache() at
vcl/unx/generic/glyphs/glyphcache.cxx:46:1 (instdir/program/libvcllo.so
+0x68e6fde)
> #4 in std::default_delete<GlyphCache>::operator()(GlyphCache*) const at
/usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:81:2
(instdir/program/libvcllo.so +0x68679d9)
> #5 in std::unique_ptr<GlyphCache, std::default_delete<GlyphCache>
>::~unique_ptr() at
/usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:274:4
(instdir/program/libvcllo.so +0x6867739)
> #6 in std::unique_ptr<GlyphCache, std::default_delete<GlyphCache>
>::~unique_ptr() at
/usr/lib/gcc/x86_64-redhat-linux/8/../../../../include/c++/8/bits/unique_ptr.h:271:7
(instdir/program/libvcllo.so +0x68675ce)
> #7 in (anonymous namespace)::GlyphCacheHolder::~GlyphCacheHolder() at
vcl/headless/svpglyphcache.cxx:33:12 (instdir/program/libvcllo.so +0x686667e)
> #8 in __run_exit_handlers at
/usr/src/debug/glibc-2.27-56-g50df56ca86/stdlib/exit.c:108:8 (/lib64/libc.so.6
+0x3966b)
>
> previously allocated by thread T0 here:
> #0 in operator new(unsigned long) at
/data/sbergman/github.com/llvm-project/llvm-project-20170507/compiler-rt/lib/asan/asan_new_delete.cc:93:3
(workdir/LinkTarget/Executable/cppunittester +0x538c20)
> #1 in FreetypeManager::CreateFont(FontSelectPattern const&) at
vcl/unx/generic/glyphs/freetype_glyphcache.cxx:351:12
(instdir/program/libvcllo.so +0x68a7b34)
> #2 in GlyphCache::CacheFont(FontSelectPattern const&) at
vcl/unx/generic/glyphs/glyphcache.cxx:194:29 (instdir/program/libvcllo.so
+0x68eb345)
> #3 in CairoTextRender::setFont(FontSelectPattern const*, int) at
vcl/unx/generic/gdi/cairotextrender.cxx:104:61 (instdir/program/libvcllo.so
+0x686889e)
> #4 in CairoTextRender::SetFont(FontSelectPattern const*, int) at
vcl/unx/generic/gdi/cairotextrender.cxx:355:5 (instdir/program/libvcllo.so
+0x686db63)
> #5 in SvpSalGraphics::SetFont(FontSelectPattern const*, int) at
vcl/headless/svptext.cxx:30:23 (instdir/program/libvcllo.so +0x6863c53)
> #6 in OutputDevice::getFallbackFont(FontSelectPattern&, int,
ImplLayoutArgs&) const at vcl/source/outdev/font.cxx:1297:17
(instdir/program/libvcllo.so +0x4ae1a8d)
> #7 in OutputDevice::ImplGlyphFallbackLayout(std::unique_ptr<SalLayout,
std::default_delete<SalLayout> >, ImplLayoutArgs&) const at
vcl/source/outdev/font.cxx:1373:48 (instdir/program/libvcllo.so +0x4ae3854)
> #8 in OutputDevice::ImplLayout(rtl::OUString const&, int, int, Point
const&, long, long const*, SalLayoutFlags, vcl::TextLayoutCache const*) const
at vcl/source/outdev/text.cxx:1363:22 (instdir/program/libvcllo.so +0x4b32af9)
> #9 in OutputDevice::GetTextBreak(rtl::OUString const&, long, int, int,
long, vcl::TextLayoutCache const*) const at vcl/source/outdev/text.cxx:1417:45
(instdir/program/libvcllo.so +0x4b3e4a0)
Change-Id: I2fe5d7cdef010c268f89385ec147585816d605a6
Reviewed-on: https://gerrit.libreoffice.org/55397
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
diff --git a/vcl/unx/generic/glyphs/glyphcache.cxx
b/vcl/unx/generic/glyphs/glyphcache.cxx
index ac2eaf5498e3..cff473c9036c 100644
--- a/vcl/unx/generic/glyphs/glyphcache.cxx
+++ b/vcl/unx/generic/glyphs/glyphcache.cxx
@@ -357,18 +357,11 @@ void FreetypeFontInstance::SetFreetypeFont(FreetypeFont*
p)
{
if (p == mpFreetypeFont)
return;
- if (mpFreetypeFont)
- mpFreetypeFont->Release();
mpFreetypeFont = p;
- if (mpFreetypeFont)
- mpFreetypeFont->AddRef();
}
FreetypeFontInstance::~FreetypeFontInstance()
{
- // TODO: remove the FreetypeFont here instead of in the GlyphCache
- if (mpFreetypeFont)
- mpFreetypeFont->Release();
}
static hb_blob_t* getFontTable(hb_face_t* /*face*/, hb_tag_t nTableTag, void*
pUserData)
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
