vcl/unx/gtk3/gtkinst.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 38024bc9559d75696eb8c91ac5b0b41be0baa55f
Author: Michael Weghorn <m.wegh...@posteo.de>
AuthorDate: Fri Feb 14 13:37:23 2025 +0100
Commit: Michael Weghorn <m.wegh...@posteo.de>
CommitDate: Fri Feb 14 16:43:42 2025 +0100
gtk4: Own the string when freeing it
As the GVariant format string doc says [1] about
pointers:
> The `&` character is used to indicate that serialised data should be
> directly exchanged via a pointer.
>
> Currently, the only use for this character is when it is applied to a
> string (ie: `&s`, `&o` or `&g`). For `g_variant_new()` this has
absolutely no
> effect. The string is collected and duplicated normally. For
> `g_variant_get()` it means that instead of creating a newly allocated copy
> of the string, a pointer to the serialised data is returned. This
> pointer should not be freed. Validity checks are performed to ensure
> that the string data will always be properly nul-terminated.
Therefore, freeing the string with
g_free(pLabel);
is incorrect and resulted in a crash when starting Writer with
the gtk4 VCL plugin, s. backtrace below.
Use just "s" instead of "&s" for the format string to get a
string copy that is owned and can be freed.
(Dropping the `g_free` might be an alternative and avoid
a string copy, but it's not instantly clear to me whether
using "a pointer to the serialised data" is safe without
digging any deeper what exactly that means.)
Backtrace:
free(): invalid pointer
[New Thread 125500.125502]
[New Thread 125500.125503]
[New Thread 125500.125504]
[New Thread 125500.125505]
[New Thread 125500.125506]
[New Thread 125500.125507]
[New Thread 125500.125508]
[New Thread 125500.125510]
[New Thread 125500.125511]
[New Thread 125500.125525]
Thread 1 received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
warning: 44 ./nptl/pthread_kill.c: No such file or directory
(rr) bt
#0 __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
#1 0x00007f0bb969de2f in __pthread_kill_internal (threadid=<optimized
out>, signo=6) at ./nptl/pthread_kill.c:78
#2 0x00007f0bb9649d02 in __GI_raise (sig=sig@entry=6) at
../sysdeps/posix/raise.c:26
#3 0x00007f0bb96324f0 in __GI_abort () at ./stdlib/abort.c:79
#4 0x00007f0bb963332d in __libc_message_impl
(fmt=fmt@entry=0x7f0bb97b5303 "%s
") at ../sysdeps/posix/libc_fatal.c:134
#5 0x00007f0bb96a7965 in malloc_printerr (str=str@entry=0x7f0bb97b3082
"free(): invalid pointer") at ./malloc/malloc.c:5772
#6 0x00007f0bb96a9bf4 in _int_free (av=0x7f0bb97f1ac0 <main_arena>,
p=<optimized out>, have_lock=have_lock@entry=0) at ./malloc/malloc.c:4507
#7 0x00007f0bb96ac43f in __GI___libc_free (mem=<optimized out>) at
./malloc/malloc.c:3398
#8 0x00007f0ba62b908a in (anonymous
namespace)::MenuHelper::get_item_label (this=0x55b0c8dcd360, rIdent="standard")
at vcl/unx/gtk4/../gtk3/gtkinst.cxx:5684
#9 0x00007f0ba63013d8 in (anonymous
namespace)::GtkInstanceMenu::get_label (this=0x55b0c8dcd360, rIdent="standard")
at vcl/unx/gtk4/../gtk3/gtkinst.cxx:11694
#10 0x00007f0ba6301b2f in virtual thunk to (anonymous
namespace)::GtkInstanceMenu::get_label(rtl::OUString const&) const () at
vcl/unx/gtk4/../gtk3/gtkinst.cxx:11823
#11 0x00007f0bb482d026 in (anonymous
namespace)::SelectionTypePopup::GetItemTextForState (this=0x7ffed304ad80,
nState=0) at
/home/michi/development/git/libreoffice/svx/source/stbctrls/selctrl.cxx:56
#12 0x00007f0bb482cc59 in
SvxSelectionModeControl::StateChangedAtStatusBarControl (this=0x55b0c8d2d6e0,
eState=SfxItemState::DEFAULT, pState=0x55b0c8f331c0) at
/home/michi/development/git/libreoffice/svx/source/stbctrls/selctrl.cxx:128
#13 0x00007f0bb5f9af1e in SfxStatusBarControl::statusChanged
(this=0x55b0c8d2d6e0, rEvent=...) at
/home/michi/development/git/libreoffice/sfx2/source/statbar/stbitem.cxx:263
#14 0x00007f0bb5a9d4c8 in SfxDispatchController_Impl::addStatusListener
(this=0x55b0c8ed6380, aListener=uno::Reference to (SvxSelectionModeControl *)
0x55b0c8d2d6f0, aURL=...)
at
/home/michi/development/git/libreoffice/sfx2/source/control/unoctitm.cxx:841
#15 0x00007f0bb5a9d174 in SfxOfficeDispatch::addStatusListener
(this=0x55b0c8f280e0, aListener=uno::Reference to (SvxSelectionModeControl *)
0x55b0c8d2d6f0, aURL=...)
at
/home/michi/development/git/libreoffice/sfx2/source/control/unoctitm.cxx:283
#16 0x00007f0bb28a8577 in svt::StatusbarController::bindListener
(this=0x55b0c8d2d6e0) at
/home/michi/development/git/libreoffice/svtools/source/uno/statusbarcontroller.cxx:462
#17 0x00007f0bb28a7f09 in svt::StatusbarController::update
(this=0x55b0c8d2d6e0) at
/home/michi/development/git/libreoffice/svtools/source/uno/statusbarcontroller.cxx:169
#18 0x00007f0bb6d41a6b in framework::(anonymous
namespace)::lcl_UpdateController<std::__debug::map<unsigned short,
com::sun::star::uno::Reference<com::sun::star::frame::XStatusbarController>,
std::less<unsigned short>, std::allocator<std::pair<unsigned short const,
com::sun::star::uno::Reference<com::sun::star::frame::XStatusbarController> > >
> >::operator() (this=0x7ffed304b547, rElement={...})
at
/home/michi/development/git/libreoffice/framework/source/uielement/statusbarmanager.cxx:69
#19 0x00007f0bb6d3e5ef in
std::for_each<__gnu_debug::_Safe_iterator<std::_Rb_tree_iterator<std::pair<unsigned
short const,
com::sun::star::uno::Reference<com::sun::star::frame::XStatusbarController> >
>, std::__debug::map<unsigned short,
com::sun::star::uno::Reference<com::sun::star::frame::XStatusbarController>,
std::less<unsigned short>, std::allocator<std::pair<unsigned short const,
com::sun::star::uno::Reference<com::sun::star::frame::XStatusbarController> > >
>, std::bidirectional_iterator_tag>, framework::(anonymous
namespace)::lcl_UpdateController<std::__debug::map<unsigned short,
com::sun::star::uno::Reference<com::sun::star::frame::XStatusbarController>,
std::less<unsigned short>, std::allocator<std::pair<unsigned short const,
com::sun::star::uno::Reference<com::sun::star::frame::XStatusbarController> > >
> > > (__first={...}, __last={...}, __f=...)
at
/usr/lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14/bits/stl_algo.h:3786
#20 0x00007f0bb6d3d9a5 in
framework::StatusBarManager::UpdateControllers (this=0x55b0c8cefc90) at
/home/michi/development/git/libreoffice/framework/source/uielement/statusbarmanager.cxx:269
#21 0x00007f0bb6d4028b in framework::StatusBarManager::FillStatusBar
(this=0x55b0c8cefc90, rItemContainer=uno::Reference to
(framework::ConstItemContainer *) 0x55b0c8e017e8)
at
/home/michi/development/git/libreoffice/framework/source/uielement/statusbarmanager.cxx:479
#22 0x00007f0bb6d4ae38 in framework::StatusBarWrapper::initialize
(this=0x55b0c8d0f060, aArguments=uno::Sequence of length 4 = {...}) at
/home/michi/development/git/libreoffice/framework/source/uielement/statusbarwrapper.cxx:117
#23 0x00007f0bb6df9104 in framework::MenuBarFactory::CreateUIElement
(ResourceURL="private:resource/statusbar/statusbar",
Args=uno::Sequence of length 2 = {...},
ResourceType=u"private:resource/statusbar/", _xMenuBar=uno::Reference to
(framework::StatusBarWrapper *) 0x55b0c8d0f0f8, _rxContext=uno::Reference to
(cppu::(anonymous namespace)::ComponentContext *) 0x55b0ba8b8308) at
/home/michi/development/git/libreoffice/framework/source/uifactory/menubarfactory.cxx:158
#24 0x00007f0bb6df9c0a in (anonymous
namespace)::StatusBarFactory::createUIElement (this=0x55b0c8e03800,
ResourceURL="private:resource/statusbar/statusbar", Args=uno::Sequence of
length 2 = {...})
at
/home/michi/development/git/libreoffice/framework/source/uifactory/statusbarfactory.cxx:68
#25 0x00007f0bb6df9d74 in non-virtual thunk to (anonymous
namespace)::StatusBarFactory::createUIElement(rtl::OUString const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) ()
at
/home/michi/development/git/libreoffice/instdir/program/libfwklo.so
#26 0x00007f0bb6e01290 in (anonymous
namespace)::UIElementFactoryManager::createUIElement (this=0x55b0bf803260,
ResourceURL="private:resource/statusbar/statusbar", Args=uno::Sequence of
length 2 = {...})
at
/home/michi/development/git/libreoffice/framework/source/uifactory/uielementfactorymanager.cxx:440
#27 0x00007f0bb6e024f4 in non-virtual thunk to (anonymous
namespace)::UIElementFactoryManager::createUIElement(rtl::OUString const&,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) ()
at
/home/michi/development/git/libreoffice/instdir/program/libfwklo.so
#28 0x00007f0bb6b6d427 in
framework::LayoutManager::implts_createElement (this=0x55b0c1e3a170,
aName="private:resource/statusbar/statusbar")
at
/home/michi/development/git/libreoffice/framework/source/layoutmanager/layoutmanager.cxx:730
#29 0x00007f0bb6b71852 in
framework::LayoutManager::implts_createStatusBar (this=0x55b0c1e3a170,
aStatusBarName="private:resource/statusbar/statusbar")
at
/home/michi/development/git/libreoffice/framework/source/layoutmanager/layoutmanager.cxx:849
#30 0x00007f0bb6b75bcc in framework::LayoutManager::createElement
(this=0x55b0c1e3a170, aName="private:resource/statusbar/statusbar") at
/home/michi/development/git/libreoffice/framework/source/layoutmanager/layoutmanager.cxx:1443
#31 0x00007f0bb6b76b57 in framework::LayoutManager::requestElement
(this=0x55b0c1e3a170, rResourceURL="private:resource/statusbar/statusbar")
at
/home/michi/development/git/libreoffice/framework/source/layoutmanager/layoutmanager.cxx:1570
#32 0x00007f0bb595f0b5 in SfxWorkWindow::UpdateStatusBar_Impl
(this=0x55b0bf82f570) at
/home/michi/development/git/libreoffice/sfx2/source/appl/workwin.cxx:1471
#33 0x00007f0bb595e9a0 in SfxWorkWindow::UpdateObjectBars_Impl2
(this=0x55b0bf82f570) at
/home/michi/development/git/libreoffice/sfx2/source/appl/workwin.cxx:1242
#34 0x00007f0bb595e001 in SfxWorkWindow::UpdateObjectBars_Impl
(this=0x55b0bf82f570) at
/home/michi/development/git/libreoffice/sfx2/source/appl/workwin.cxx:1095
#35 0x00007f0bb59ca573 in SfxDispatcher::Update_Impl
(this=0x55b0c742b5b0, bForce=false) at
/home/michi/development/git/libreoffice/sfx2/source/control/dispatch.cxx:1123
#36 0x00007f0bb6003921 in SfxBaseController::ConnectSfxFrame_Impl
(this=0x55b0c7469930, i_eConnect=SfxBaseController::E_CONNECT) at
/home/michi/development/git/libreoffice/sfx2/source/view/sfxbasecontroller.cxx:1207
#37 0x00007f0bb6002ade in SfxBaseController::attachFrame
(this=0x55b0c7469930, xFrame=uno::Reference to ((anonymous
namespace)::XFrameImpl *) 0x55b0bfb36e40)
at
/home/michi/development/git/libreoffice/sfx2/source/view/sfxbasecontroller.cxx:531
#38 0x00007f0bb5fd38b9 in utl::ConnectFrameControllerModel
(xFrame=uno::Reference to ((anonymous namespace)::XFrameImpl *)
0x55b0bfb36e40, xController=uno::Reference to (SwXTextView *) 0x55b0c7469958,
xModel=uno::Reference to (SwXTextDocument *) 0x55b0c71c0670)
at include/unotools/fcm.hxx:57
#39 0x00007f0bb5fcfec1 in (anonymous
namespace)::SfxFrameLoader_Impl::impl_createDocumentView
(i_rModel=uno::Reference to (SwXTextDocument *) 0x55b0c71c0670,
i_rFrame=uno::Reference to ((anonymous namespace)::XFrameImpl *)
0x55b0bfb36e40, i_rViewFactoryArgs=..., i_rViewName="Default")
at
/home/michi/development/git/libreoffice/sfx2/source/view/frmload.cxx:585
#40 0x00007f0bb5fcd45c in (anonymous
namespace)::SfxFrameLoader_Impl::load (this=0x55b0c22dc9f0, rArgs=uno::Sequence
of length 9 = {...}, _rTargetFrame=uno::Reference to ((anonymous
namespace)::XFrameImpl *) 0x55b0bfb36e40)
at
/home/michi/development/git/libreoffice/sfx2/source/view/frmload.cxx:764
#41 0x00007f0bb6bc2644 in framework::LoadEnv::impl_loadContent
(this=0x55b0c1271ec8) at
/home/michi/development/git/libreoffice/framework/source/loadenv/loadenv.cxx:1180
#42 0x00007f0bb6bbf7a5 in framework::LoadEnv::start
(this=0x55b0c1271ec8) at
/home/michi/development/git/libreoffice/framework/source/loadenv/loadenv.cxx:415
#43 0x00007f0bb6bbd452 in framework::LoadEnv::startLoading
(this=0x55b0c1271ec8, sURL="private:factory/swriter",
lMediaDescriptor=uno::Sequence of length 4 = {...}, xBaseFrame=uno::Reference
to (framework::Desktop *) 0x55b0bbbee8c8, sTarget="_default", nSearchFlags=0,
eFeature=(LoadEnvFeatu--Type <RET> for more, q to quit, c to continue without
paging--
res::WorkWithUI | LoadEnvFeatures::AllowContentHandler)) at
/home/michi/development/git/libreoffice/framework/source/loadenv/loadenv.cxx:311
#44 0x00007f0bb6a56311 in framework::LoadDispatcher::impl_dispatch
(this=0x55b0c1271e70, rURL=..., lArguments=uno::Sequence of length 4 = {...},
xListener=empty uno::Reference)
at
/home/michi/development/git/libreoffice/framework/source/dispatch/loaddispatcher.cxx:107
#45 0x00007f0bb6a57071 in
framework::LoadDispatcher::dispatchWithReturnValue (this=0x55b0c1271e70,
rURL=..., lArguments=uno::Sequence of length 4 = {...})
at
/home/michi/development/git/libreoffice/framework/source/dispatch/loaddispatcher.cxx:60
#46 0x00007f0bb6a57114 in non-virtual thunk to
framework::LoadDispatcher::dispatchWithReturnValue(com::sun::star::util::URL
const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>
const&) ()
at
/home/michi/development/git/libreoffice/framework/source/dispatch/loaddispatcher.cxx:60
#47 0x00007f0bb80110b0 in comphelper::SynchronousDispatch::dispatch
(xStartPoint=uno::Reference to (framework::Desktop *) 0x55b0bbbee8b8,
sURL="private:factory/swriter", sTarget="_default", lArguments=uno::Sequence of
length 4 = {...})
at
/home/michi/development/git/libreoffice/comphelper/source/misc/synchronousdispatch.cxx:62
#48 0x00007f0bb99757fd in
desktop::DispatchWatcher::executeDispatchRequests (this=0x55b0c16043b0,
aDispatchRequestsList=std::__debug::vector of length 1, capacity 1 = {...},
bNoTerminate=false)
at
/home/michi/development/git/libreoffice/desktop/source/app/dispatchwatcher.cxx:529
#49 0x00007f0bb9993b5a in
desktop::RequestHandler::ExecuteCmdLineRequests (aRequest=...,
noTerminate=false) at
/home/michi/development/git/libreoffice/desktop/source/app/officeipcthread.cxx:1347
#50 0x00007f0bb992f196 in desktop::Desktop::OpenDefault () at
/home/michi/development/git/libreoffice/desktop/source/app/app.cxx:2276
#51 0x00007f0bb992e5cd in desktop::Desktop::OpenClients () at
/home/michi/development/git/libreoffice/desktop/source/app/app.cxx:2220
#52 0x00007f0bb992c3a3 in desktop::Desktop::OpenClients_Impl
(this=0x7ffed3055280) at
/home/michi/development/git/libreoffice/desktop/source/app/app.cxx:1979
#53 0x00007f0bb992aa3d in desktop::Desktop::LinkStubOpenClients_Impl
(instance=0x7ffed3055280, data=0x0) at
/home/michi/development/git/libreoffice/desktop/source/app/app.cxx:1963
#54 0x00007f0bb02ac091 in Link<void*, void>::Call (this=0x55b0bffb6ba8,
data=0x0) at include/tools/link.hxx:105
#55 0x00007f0bb02a8291 in ImplHandleUserEvent (pSVEvent=0x55b0bffb6ba0)
at /home/michi/development/git/libreoffice/vcl/source/window/winproc.cxx:2285
#56 0x00007f0bb02a51ba in ImplWindowFrameProc (_pWindow=0x55b0bfc9e9b0,
nEvent=SalEvent::UserEvent, pEvent=0x55b0bffb6ba0) at
/home/michi/development/git/libreoffice/vcl/source/window/winproc.cxx:2849
#57 0x00007f0bb0e665bc in SalFrame::CallCallback (this=0x55b0bf7eaa50,
nEvent=SalEvent::UserEvent, pEvent=0x55b0bffb6ba0) at vcl/inc/salframe.hxx:311
#58 0x00007f0bb0e8ef5f in SalGenericDisplay::ProcessEvent
(this=0x55b0baa61510, aEvent=...) at
/home/michi/development/git/libreoffice/vcl/unx/generic/app/gendisp.cxx:66
#59 0x00007f0bb09aaddd in
SalUserEventList::DispatchUserEvents(bool)::$_0::operator()() const
(this=0x7ffed3053530) at
/home/michi/development/git/libreoffice/vcl/source/app/salusereventlist.cxx:119
#60 0x00007f0bb09aacb6 in SalUserEventList::DispatchUserEvents
(this=0x55b0baa61510, bHandleAllCurrentEvents=false) at
/home/michi/development/git/libreoffice/vcl/source/app/salusereventlist.cxx:120
#61 0x00007f0bb0e8eeb5 in SalGenericDisplay::DispatchInternalEvent
(this=0x55b0baa61510, bHandleAllCurrentEvent=false) at
/home/michi/development/git/libreoffice/vcl/unx/generic/app/gendisp.cxx:51
#62 0x00007f0ba628536f in call_userEventFn (data=0x55b0ba8d13e0) at
vcl/unx/gtk4/../gtk3/gtkdata.cxx:827
#63 0x00007f0babd03d5f in ??? () at
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#64 0x00007f0babd05fd7 in ??? () at
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#65 0x00007f0babd06740 in g_main_context_iteration () at
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#66 0x00007f0ba62840ac in GtkSalData::Yield (this=0x55b0ba8d13e0,
bWait=true, bHandleAllCurrentEvents=false) at
vcl/unx/gtk4/../gtk3/gtkdata.cxx:405
#67 0x00007f0ba6289863 in GtkInstance::DoYield (this=0x55b0ba8d1290,
bWait=true, bHandleAllCurrentEvents=false) at
vcl/unx/gtk4/../gtk3/gtkinst.cxx:439
#68 0x00007f0bb0a75c06 in ImplYield (i_bWait=true, i_bAllEvents=false)
at /home/michi/development/git/libreoffice/vcl/source/app/svapp.cxx:385
#69 0x00007f0bb0a7551f in Application::Yield () at
/home/michi/development/git/libreoffice/vcl/source/app/svapp.cxx:488
#70 0x00007f0bb0a75300 in Application::Execute () at
/home/michi/development/git/libreoffice/vcl/source/app/svapp.cxx:360
#71 0x00007f0bb9928a19 in desktop::Desktop::Main (this=0x7ffed3055280)
at /home/michi/development/git/libreoffice/desktop/source/app/app.cxx:1679
#72 0x00007f0bb0a970d6 in ImplSVMain () at
/home/michi/development/git/libreoffice/vcl/source/app/svmain.cxx:230
#73 0x00007f0bb0a98cc9 in SVMain () at
/home/michi/development/git/libreoffice/vcl/source/app/svmain.cxx:248
#74 0x00007f0bb99a22fa in soffice_main () at
/home/michi/development/git/libreoffice/desktop/source/app/sofficemain.cxx:122
#75 0x000055b09e4b3a6d in sal_main () at
/home/michi/development/git/libreoffice/desktop/source/app/main.c:51
#76 0x000055b09e4b3a47 in main (argc=2, argv=0x7ffed3055488) at
/home/michi/development/git/libreoffice/desktop/source/app/main.c:49
[1] https://docs.gtk.org/glib/gvariant-format-strings.html#pointers
Change-Id: I87bd2840ac573426264d1dff2fd40ab292f09fc1
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/181666
Tested-by: Jenkins
Reviewed-by: Michael Weghorn <m.wegh...@posteo.de>
diff --git a/vcl/unx/gtk3/gtkinst.cxx b/vcl/unx/gtk3/gtkinst.cxx
index 924b64655108..1a492dbe0226 100644
--- a/vcl/unx/gtk3/gtkinst.cxx
+++ b/vcl/unx/gtk3/gtkinst.cxx
@@ -5679,7 +5679,7 @@ public:
// clone the original item to query its label
GMenuItem* pMenuItem = g_menu_item_new_from_model(aRes.first,
aRes.second);
char *pLabel = nullptr;
- g_menu_item_get_attribute(pMenuItem, G_MENU_ATTRIBUTE_LABEL, "&s",
&pLabel);
+ g_menu_item_get_attribute(pMenuItem, G_MENU_ATTRIBUTE_LABEL, "s",
&pLabel);
OUString aRet(pLabel, pLabel ? strlen(pLabel) : 0,
RTL_TEXTENCODING_UTF8);
g_free(pLabel);
g_object_unref(pMenuItem);
