ucb/source/core/ucbprops.cxx | 18 ++----------------
ucb/source/core/ucbprops.hxx | 11 +++--------
2 files changed, 5 insertions(+), 24 deletions(-)
New commits:
commit 0de191e1d201d691c2196cf1aef412a98affb66f
Author: Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Tue Aug 11 06:52:25 2020 +0200
Commit: Stephan Bergmann <sberg...@redhat.com>
CommitDate: Tue Aug 11 08:32:16 2020 +0200
Heap use-after-free
...as seen during UITest_writer_tests2:
> ==2548829==ERROR: AddressSanitizer: heap-use-after-free on address
0x60b0002be9d0 at pc 0x7f42be5ddc7f bp 0x7ffe2d26b090 sp 0x7ffe2d26b088
> READ of size 1 at 0x60b0002be9d0 thread T0
> #0 in cppu::WeakComponentImplHelperBase::release() at
cppuhelper/source/implbase.cxx:84:9
> #1 in
cppu::PartialWeakComponentImplHelper<com::sun::star::lang::XServiceInfo,
com::sun::star::beans::XPropertySetInfo>::release() at
include/cppuhelper/compbase.hxx:86:36
> #2 in rtl::Reference<UcbPropertiesManager>::~Reference() at
include/rtl/ref.hxx:113:22
> #3 in __run_exit_handlers at
/usr/src/debug/glibc-2.31-48-g64246fccaf/stdlib/exit.c:108:8
> #4 in exit at
/usr/src/debug/glibc-2.31-48-g64246fccaf/stdlib/exit.c:139:3
> #5 in __libc_start_main at
/usr/src/debug/glibc-2.31-48-g64246fccaf/csu/../csu/libc-start.c:342:3
> 0x60b0002be9d0 is located 64 bytes inside of 112-byte region
[0x60b0002be990,0x60b0002bea00)
> freed by thread T0 here:
> #0 in free at
/home/sbergman/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:123:3
> #1 in rtl_freeMemory at sal/rtl/alloc_global.cxx:51:5
> #2 in cppu::WeakComponentImplHelperBase::operator delete(void*) at
include/cppuhelper/compbase_ex.hxx:66:11
> #3 in UcbPropertiesManager::~UcbPropertiesManager() at
ucb/source/core/ucbprops.cxx:197:1
> #4 in cppu::OWeakObject::release() at cppuhelper/source/weak.cxx:233:9
> #5 in cppu::WeakComponentImplHelperBase::release() at
cppuhelper/source/implbase.cxx:86:18
> #6 in
cppu::PartialWeakComponentImplHelper<com::sun::star::lang::XServiceInfo,
com::sun::star::beans::XPropertySetInfo>::release() at
include/cppuhelper/compbase.hxx:86:36
> #7 in rtl::Reference<UcbPropertiesManager>::clear() at
include/rtl/ref.hxx:180:19
> #8 in UcbPropertiesManager::dispose() at
ucb/source/core/ucbprops.cxx:205:16
> #9 in cppu::WeakComponentImplHelperBase::release() at
cppuhelper/source/implbase.cxx:79:13
> #10 in
cppu::PartialWeakComponentImplHelper<com::sun::star::lang::XServiceInfo,
com::sun::star::beans::XPropertySetInfo>::release() at
include/cppuhelper/compbase.hxx:86:36
> #11 in rtl::Reference<UcbPropertiesManager>::~Reference() at
include/rtl/ref.hxx:113:22
> #12 in __run_exit_handlers at
/usr/src/debug/glibc-2.31-48-g64246fccaf/stdlib/exit.c:108:8
The elaborate g_Instance disposal scheme had been introduced with
3d44c6a49b20415616dab7a2de2820da5efab309 "ucb/core: create instances with
uno
constructors", but it is unclear to me for what reason.
Change-Id: I768bc3a8674e0e81cf89adae58e4a67d14509985
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/100456
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sberg...@redhat.com>
diff --git a/ucb/source/core/ucbprops.cxx b/ucb/source/core/ucbprops.cxx
index 19a42e653883..fe64bfad6cfe 100644
--- a/ucb/source/core/ucbprops.cxx
+++ b/ucb/source/core/ucbprops.cxx
@@ -45,12 +45,8 @@ using namespace com::sun::star::uno;
#define ATTR_DEFAULT ( PropertyAttribute::BOUND | PropertyAttribute::MAYBEVOID
| PropertyAttribute::MAYBEDEFAULT )
-static osl::Mutex g_InstanceGuard;
-static rtl::Reference<UcbPropertiesManager> g_Instance;
-
UcbPropertiesManager::UcbPropertiesManager()
-: UcbPropertiesManager_Base(m_aMutex),
- m_pProps({
+: m_pProps({
{ "Account", -1, cppu::UnoType<OUString>::get(), ATTR_DEFAULT },
{ "AutoUpdateInterval", -1, cppu::UnoType<sal_Int32>::get(), ATTR_DEFAULT
},
{ "ConfirmEmpty", -1, cppu::UnoType<bool>::get(), ATTR_DEFAULT },
@@ -197,14 +193,6 @@ UcbPropertiesManager::~UcbPropertiesManager()
{
}
-// XComponent
-void SAL_CALL UcbPropertiesManager::dispose()
-{
- UcbPropertiesManager_Base::dispose();
- osl::MutexGuard aGuard(g_InstanceGuard);
- g_Instance.clear();
-}
-
// XServiceInfo methods.
OUString SAL_CALL UcbPropertiesManager::getImplementationName()
@@ -228,9 +216,7 @@ extern "C" SAL_DLLPUBLIC_EXPORT css::uno::XInterface*
ucb_UcbPropertiesManager_get_implementation(
css::uno::XComponentContext* , css::uno::Sequence<css::uno::Any> const&)
{
- osl::MutexGuard aGuard(g_InstanceGuard);
- if (!g_Instance)
- g_Instance.set(new UcbPropertiesManager());
+ static rtl::Reference<UcbPropertiesManager> g_Instance(new
UcbPropertiesManager());
g_Instance->acquire();
return static_cast<cppu::OWeakObject*>(g_Instance.get());
}
diff --git a/ucb/source/core/ucbprops.hxx b/ucb/source/core/ucbprops.hxx
index 6ef4e5a5bfcb..89e31a389e9f 100644
--- a/ucb/source/core/ucbprops.hxx
+++ b/ucb/source/core/ucbprops.hxx
@@ -24,15 +24,13 @@
#include <com/sun/star/lang/XSingleServiceFactory.hpp>
#include <com/sun/star/lang/XServiceInfo.hpp>
#include <com/sun/star/beans/XPropertySetInfo.hpp>
-#include <cppuhelper/compbase.hxx>
-#include <cppuhelper/basemutex.hxx>
+#include <cppuhelper/implbase.hxx>
-
-using UcbPropertiesManager_Base = cppu::WeakComponentImplHelper <
+using UcbPropertiesManager_Base = cppu::WeakImplHelper <
css::lang::XServiceInfo,
css::beans::XPropertySetInfo >;
-class UcbPropertiesManager : public cppu::BaseMutex, public
UcbPropertiesManager_Base
+class UcbPropertiesManager : public UcbPropertiesManager_Base
{
css::uno::Sequence< css::beans::Property > m_pProps;
@@ -44,9 +42,6 @@ public:
explicit UcbPropertiesManager();
virtual ~UcbPropertiesManager() override;
- // XComponent
- virtual void SAL_CALL dispose() override;
-
// XServiceInfo
virtual OUString SAL_CALL getImplementationName() override;
virtual sal_Bool SAL_CALL supportsService( const OUString& ServiceName )
override;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
