sw/CppunitTest_sw_uibase_uno.mk | 74 ++++++++++++++++++++++++++++++++++++++
sw/Module_sw.mk | 1
sw/qa/uibase/uno/uno.cxx | 36 ++++++++++++++++++
sw/source/uibase/uno/unotxdoc.cxx | 4 ++
4 files changed, 115 insertions(+)
New commits:
commit e08afec61aef62dd4f949ca7e1ffcc70d437e525
Author: Miklos Vajna <vmik...@collabora.com>
AuthorDate: Wed Sep 30 16:48:27 2020 +0200
Commit: Miklos Vajna <vmik...@collabora.com>
CommitDate: Wed Sep 30 19:09:55 2020 +0200
sw: fix heap-use-after-free in the UnoActionContext dtor
When lockControllers() is followed by close() + dispose(), but no match
unlock first:
==8514==ERROR: AddressSanitizer: heap-use-after-free on address
0x6190002d1b58 at pc 0x7f48b13f5b85 bp 0x7fff557d98c0 sp 0x7fff557d98b8
...
#3 0x7f48b138beca in SwDoc::getIDocumentLayoutAccess()
/sw/source/core/doc/doc.cxx:412:12
#4 0x7f48b58db224 in UnoActionContext::~UnoActionContext()
/sw/source/core/unocore/unoobj2.cxx:200:49
...
#15 0x7f48b841c484 in SwXTextDocument::~SwXTextDocument()
/sw/source/uibase/uno/unotxdoc.cxx:439:1
freed by thread T0 here:
#1 0x7f48b1388a26 in SwDoc::release() /sw/source/core/doc/doc.cxx:118:9
...
#17 0x7f48d15a40e5 in SfxBaseModel::dispose()
/sfx2/source/doc/sfxbasemodel.cxx:755:13
#18 0x7f48b8429a48 in SwXTextDocument::dispose()
/sw/source/uibase/uno/unotxdoc.cxx:586:19
Change-Id: I39bf65e43c12ce5ee49bdedeb1673b934ca21106
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103709
Reviewed-by: Miklos Vajna <vmik...@collabora.com>
Tested-by: Jenkins
diff --git a/sw/CppunitTest_sw_uibase_uno.mk b/sw/CppunitTest_sw_uibase_uno.mk
new file mode 100644
index 000000000000..36c54d04db33
--- /dev/null
+++ b/sw/CppunitTest_sw_uibase_uno.mk
@@ -0,0 +1,74 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#*************************************************************************
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+#*************************************************************************
+
+$(eval $(call gb_CppunitTest_CppunitTest,sw_uibase_uno))
+
+$(eval $(call gb_CppunitTest_use_common_precompiled_header,sw_uibase_uno))
+
+$(eval $(call gb_CppunitTest_add_exception_objects,sw_uibase_uno, \
+ sw/qa/uibase/uno/uno \
+))
+
+$(eval $(call gb_CppunitTest_use_libraries,sw_uibase_uno, \
+ comphelper \
+ cppu \
+ cppuhelper \
+ editeng \
+ sal \
+ sfx \
+ svl \
+ svx \
+ svxcore \
+ sw \
+ swqahelper \
+ test \
+ unotest \
+ utl \
+ vcl \
+))
+
+$(eval $(call gb_CppunitTest_use_externals,sw_uibase_uno,\
+ boost_headers \
+ libxml2 \
+))
+
+$(eval $(call gb_CppunitTest_set_include,sw_uibase_uno,\
+ -I$(SRCDIR)/sw/inc \
+ -I$(SRCDIR)/sw/source/core/inc \
+ -I$(SRCDIR)/sw/source/uibase/inc \
+ -I$(SRCDIR)/sw/qa/inc \
+ $$(INCLUDE) \
+))
+
+$(eval $(call gb_CppunitTest_use_api,sw_uibase_uno,\
+ udkapi \
+ offapi \
+ oovbaapi \
+))
+
+$(eval $(call gb_CppunitTest_use_ure,sw_uibase_uno))
+$(eval $(call gb_CppunitTest_use_vcl,sw_uibase_uno))
+
+$(eval $(call gb_CppunitTest_use_rdb,sw_uibase_uno,services))
+
+$(eval $(call gb_CppunitTest_use_custom_headers,sw_uibase_uno,\
+ officecfg/registry \
+))
+
+$(eval $(call gb_CppunitTest_use_configuration,sw_uibase_uno))
+
+$(eval $(call gb_CppunitTest_use_uiconfigs,sw_uibase_uno, \
+ modules/swriter \
+))
+
+$(eval $(call gb_CppunitTest_use_more_fonts,sw_uibase_uno))
+
+# vim: set noet sw=4 ts=4:
diff --git a/sw/Module_sw.mk b/sw/Module_sw.mk
index 2f8a9a35ed01..05a9fe6b90c2 100644
--- a/sw/Module_sw.mk
+++ b/sw/Module_sw.mk
@@ -113,6 +113,7 @@ $(eval $(call gb_Module_add_slowcheck_targets,sw,\
CppunitTest_sw_uibase_shells \
CppunitTest_sw_uibase_dochdl \
CppunitTest_sw_uibase_frmdlg \
+ CppunitTest_sw_uibase_uno \
CppunitTest_sw_core_accessibilitycheck \
CppunitTest_sw_core_layout \
CppunitTest_sw_core_frmedt \
diff --git a/sw/qa/uibase/uno/uno.cxx b/sw/qa/uibase/uno/uno.cxx
new file mode 100644
index 000000000000..23c1829ab7de
--- /dev/null
+++ b/sw/qa/uibase/uno/uno.cxx
@@ -0,0 +1,36 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <swmodeltestbase.hxx>
+
+#include <com/sun/star/util/XCloseable.hpp>
+
+/// Covers sw/source/uibase/uno/ fixes.
+class SwUibaseUnoTest : public SwModelTestBase
+{
+};
+
+CPPUNIT_TEST_FIXTURE(SwUibaseUnoTest, testLockControllers)
+{
+ mxComponent = loadFromDesktop("private:factory/swriter",
"com.sun.star.text.TextDocument");
+ {
+ uno::Reference<frame::XModel> xModel(mxComponent,
uno::UNO_QUERY_THROW);
+ xModel->lockControllers();
+ }
+ {
+ uno::Reference<util::XCloseable> xCloseable(mxComponent,
uno::UNO_QUERY_THROW);
+ xCloseable->close(false);
+ }
+ // Without the accompanying fix in place, this test would have crashed.
+ mxComponent.clear();
+}
+
+CPPUNIT_PLUGIN_IMPLEMENT();
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/sw/source/uibase/uno/unotxdoc.cxx
b/sw/source/uibase/uno/unotxdoc.cxx
index 05bfe95dbc20..7208fd2d94ca 100644
--- a/sw/source/uibase/uno/unotxdoc.cxx
+++ b/sw/source/uibase/uno/unotxdoc.cxx
@@ -583,6 +583,10 @@ void SwXTextDocument::disconnectController(const
Reference< frame::XController >
void SwXTextDocument::dispose()
{
+ // Delete UnoActionContexts before deleting the SwDoc, as the first has
unowned pointers to the
+ // second.
+ maActionArr.clear();
+
SfxBaseModel::dispose();
}
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
