[Libreoffice-commits] core.git: external/mdds

Stephan Bergmann (via logerrit) Wed, 26 Jan 2022 23:01:27 -0800

 external/mdds/UnpackedTarball_mdds.mk |    1 +
 external/mdds/use-after-free.patch    |   12 ++++++++++++
 2 files changed, 13 insertions(+)


New commits:
commit a6f21bc32e746fd89ce963b1567ef78315612669
Author:     Stephan Bergmann <sberg...@redhat.com>
AuthorDate: Wed Jan 26 20:16:02 2022 +0100
Commit:     Stephan Bergmann <sberg...@redhat.com>
CommitDate: Thu Jan 27 08:00:48 2022 +0100

    external/mdds: Avoid -Werror=use-after-free (GCC 12 trunk)
    
    > In file included from 
workdir/UnpackedTarball/mdds/include/mdds/flat_segment_tree.hpp:37,
    >                  from sc/inc/columnspanset.hxx:16,
    >                  from sc/source/core/data/columnspanset.cxx:10:
    > In function ‘void mdds::__st::intrusive_ptr_add_ref(node<T>*) [with T = 
mdds::flat_segment_tree<int, bool>]’,
    >     inlined from ‘boost::intrusive_ptr<T>::intrusive_ptr(const 
boost::intrusive_ptr<T>&) [with T = 
mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at 
workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:93:44,
    >     inlined from ‘boost::intrusive_ptr<T>& 
boost::intrusive_ptr<T>::operator=(const boost::intrusive_ptr<T>&) [with T = 
mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at 
workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:154:9,
    >     inlined from ‘mdds::flat_segment_tree<_Key, 
_Value>::flat_segment_tree(const mdds::flat_segment_tree<_Key, _Value>&) [with 
_Key = int; _Value = bool]’ at 
workdir/UnpackedTarball/mdds/include/mdds/flat_segment_tree_def.inl:88:25:
    > workdir/UnpackedTarball/mdds/include/mdds/node.hpp:244:10: error: pointer 
used after ‘void operator delete(void*, std::size_t)’ [-Werror=use-after-free]
    >   244 |     ++p->refcount;
    >       |       ~~~^~~~~~~~
    > In function ‘void mdds::__st::intrusive_ptr_release(node<T>*) [with T = 
mdds::flat_segment_tree<int, bool>]’,
    >     inlined from ‘void mdds::__st::intrusive_ptr_release(node<T>*) [with 
T = mdds::flat_segment_tree<int, bool>]’ at 
workdir/UnpackedTarball/mdds/include/mdds/node.hpp:248:13,
    >     inlined from ‘boost::intrusive_ptr<T>::~intrusive_ptr() [with T = 
mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at 
workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:98:44,
    >     inlined from ‘boost::intrusive_ptr<T>& 
boost::intrusive_ptr<T>::operator=(const boost::intrusive_ptr<T>&) [with T = 
mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at 
workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:154:9,
    >     inlined from ‘mdds::flat_segment_tree<_Key, 
_Value>::flat_segment_tree(const mdds::flat_segment_tree<_Key, _Value>&) [with 
_Key = int; _Value = bool]’ at 
workdir/UnpackedTarball/mdds/include/mdds/flat_segment_tree_def.inl:87:19:
    > workdir/UnpackedTarball/mdds/include/mdds/node.hpp:252:9: note: call to 
‘void operator delete(void*, std::size_t)’ here
    >   252 |         delete p;
    >       |         ^~~~~~~~
    
    etc.  The warning is apparently new in GCC 12 trunk (see
    
<https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=671a283636de75f7ed638ee6b01ed2d44361b8b6>
    "Add -Wuse-after-free [PR80532]"), and I'm not entirely sure whether this
    is a true or false positive, but the fix looks somewhat plausible, and at 
least
    also my (Clang) ASan+UBSan build does a successful `make check` with (and
    without) this change.
    
    Change-Id: I63fafceba8d1b4e0ddd7cf2e58403a3bc763e53c
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129008
    Tested-by: Jenkins
    Reviewed-by: Stephan Bergmann <sberg...@redhat.com>

diff --git a/external/mdds/UnpackedTarball_mdds.mk 
b/external/mdds/UnpackedTarball_mdds.mk
index c015f4c13f5a..271d20b0f4d1 100644
--- a/external/mdds/UnpackedTarball_mdds.mk
+++ b/external/mdds/UnpackedTarball_mdds.mk
@@ -14,6 +14,7 @@ $(eval $(call 
gb_UnpackedTarball_set_tarball,mdds,$(MDDS_TARBALL)))
 $(eval $(call gb_UnpackedTarball_set_patchlevel,mdds,0))
 
 $(eval $(call gb_UnpackedTarball_add_patches,mdds,\
+    external/mdds/use-after-free.patch \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/external/mdds/use-after-free.patch 
b/external/mdds/use-after-free.patch
new file mode 100644
index 000000000000..981c945821a7
--- /dev/null
+++ b/external/mdds/use-after-free.patch
@@ -0,0 +1,12 @@
+--- include/mdds/flat_segment_tree_def.inl
++++ include/mdds/flat_segment_tree_def.inl
+@@ -84,8 +84,8 @@
+         // Move on to the next destination node, and have the next node point
+         // back to the previous node.
+         node_ptr old_node = dest_node;
++        dest_node->next->prev = old_node;
+         dest_node = dest_node->next;
+-        dest_node->prev = old_node;
+ 
+         if (src_node == r.m_right_leaf.get())
+         {

[Libreoffice-commits] core.git: external/mdds

Reply via email to