svx/source/diagram/IDiagramHelper.cxx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
New commits: commit dac27e9967580db83ec6983dfb1437d9b6451d9d Author: Stephan Bergmann <[email protected]> AuthorDate: Fri Dec 12 14:13:06 2025 +0100 Commit: Stephan Bergmann <[email protected]> CommitDate: Fri Dec 12 20:02:21 2025 +0100 Guard against mpAssociatedSdrObjGroup->mp_DiagramHelper.reset() deleting *this (whether or not that's actually intended to happen; i.e., maybe this just fixes a symptom and not the cause) CppunitTest_sd_export_tests-ooxml2 started to fail with > ==3826659==ERROR: AddressSanitizer: heap-use-after-free on address 0x7b91d094e0b0 at pc 0x7b315d113da8 bp 0x7fffa8477530 sp 0x7fffa8477528 > WRITE of size 8 at 0x7b91d094e0b0 thread T0 > #0 in svx::diagram::IDiagramHelper::disconnectFromSdrObjGroup() at svx/source/diagram/IDiagramHelper.cxx:427:33 > #1 in testSmartartRotation2::TestBody() at sd/qa/unit/export-tests-ooxml2.cxx:1606:39 > > 0x7b91d094e0b0 is located 16 bytes inside of 64-byte region [0x7b91d094e0a0,0x7b91d094e0e0) > freed by thread T0 here: > #0 in operator delete(void*, unsigned long) at ~/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:190:3 > #1 in oox::drawingml::AdvancedDiagramHelper::~AdvancedDiagramHelper() at oox/source/drawingml/diagram/diagramhelper.cxx:56:1 > #2 in std::_Sp_counted_ptr<svx::diagram::IDiagramHelper*, (__gnu_cxx::_Lock_policy)2>::_M_dispose() at ~/gcc/inst/lib/gcc/x86_64-pc-linux-gnu/16.0.0/../../../../include/c++/16.0.0/bits/shared_ptr_base.h:487:9 > #3 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() at ~/gcc/inst/lib/gcc/x86_64-pc-linux-gnu/16.0.0/../../../../include/c++/16.0.0/bits/shared_ptr_base.h:423:8 > #4 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() at ~/gcc/inst/lib/gcc/x86_64-pc-linux-gnu/16.0.0/../../../../include/c++/16.0.0/bits/shared_ptr_base.h:1129:11 > #5 in std::__shared_ptr<svx::diagram::IDiagramHelper, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() at ~/gcc/inst/lib/gcc/x86_64-pc-linux-gnu/16.0.0/../../../../include/c++/16.0.0/bits/shared_ptr_base.h:1603:31 > #6 in std::__shared_ptr<svx::diagram::IDiagramHelper, (__gnu_cxx::_Lock_policy)2>::reset() at ~/gcc/inst/lib/gcc/x86_64-pc-linux-gnu/16.0.0/../../../../include/c++/16.0.0/bits/shared_ptr_base.h:1721:9 > #7 in svx::diagram::IDiagramHelper::disconnectFromSdrObjGroup() at svx/source/diagram/IDiagramHelper.cxx:426:51 > #8 in testSmartartRotation2::TestBody() at sd/qa/unit/export-tests-ooxml2.cxx:1606:39 > > previously allocated by thread T0 here: > #0 in operator new(unsigned long) at ~/github.com/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:109:35 > #1 in oox::drawingml::Shape::prepareDiagramHelper(std::shared_ptr<oox::drawingml::Diagram> const&, std::shared_ptr<oox::drawingml::Theme> const&, bool) at oox/source/drawingml/shape.cxx:267:27 > #2 in oox::drawingml::loadDiagram(std::shared_ptr<oox::drawingml::Shape> const&, oox::core::XmlFilterBase&, rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, oox::core::Relations const&) at oox/source/drawingml/diagram/diagram.cxx:443:17 > #3 in oox::drawingml::DiagramGraphicDataContext::onCreateContext(int, oox::AttributeList const&) at oox/source/drawingml/graphicshapecontext.cxx:294:9 > #4 in non-virtual thunk to oox::drawingml::DiagramGraphicDataContext::onCreateContext(int, oox::AttributeList const&) at oox/source/drawingml/graphicshapecontext.cxx > #5 in oox::core::ContextHandler2Helper::implCreateChildContext(int, com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList> const&) at oox/source/core/contexthandler2.cxx:99:34 > #6 in oox::core::ContextHandler2::createFastChildContext(int, com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList> const&) at oox/source/core/contexthandler2.cxx:203:12 > #7 in non-virtual thunk to oox::core::ContextHandler2::createFastChildContext(int, com::sun::star::uno::Reference<com::sun::star::xml::sax::XFastAttributeList> const&) at oox/source/core/contexthandler2.cxx > #8 in (anonymous namespace)::Entity::startElement((anonymous namespace)::Event const*) at sax/source/fastparser/fastparser.cxx:468:44 > #9 in sax_fastparser::FastSaxParserImpl::callbackStartElement(unsigned char const*, unsigned char const*, unsigned char const*, int, unsigned char const**, int, unsigned char const**) at sax/source/fastparser/fastparser.cxx:1304:21 > #10 in (anonymous namespace)::call_callbackStartElement(void*, unsigned char const*, unsigned char const*, unsigned char const*, int, unsigned char const**, int, int, unsigned char const**) at sax/source/fastparser/fastparser.cxx:336:18 > #11 in xmlParseStartTag2 at workdir/UnpackedTarball/libxml2/parser.c:9568:6 > #12 in xmlParseTryOrFinish at workdir/UnpackedTarball/libxml2/parser.c:11217:14 > #13 in xmlParseChunk at workdir/UnpackedTarball/libxml2/parser.c:11553:5 > #14 in sax_fastparser::FastSaxParserImpl::parse() at sax/source/fastparser/fastparser.cxx:1094:21 > #15 in sax_fastparser::FastSaxParserImpl::parseStream(com::sun::star::xml::sax::InputSource const&) at sax/source/fastparser/fastparser.cxx:898:9 > #16 in sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource const&) at sax/source/fastparser/fastparser.cxx:1492:13 > #17 in oox::core::FastParser::parseStream(com::sun::star::xml::sax::InputSource const&, bool) at oox/source/core/fastparser.cxx:121:15 > #18 in oox::core::FastParser::parseStream(com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&, rtl::OUString const&) at oox/source/core/fastparser.cxx:129:5 > #19 in oox::core::XmlFilterBase::importFragment(rtl::Reference<oox::core::FragmentHandler> const&, oox::core::FastParser&) at oox/source/core/xmlfilterbase.cxx:427:21 > #20 in oox::core::XmlFilterBase::importFragment(rtl::Reference<oox::core::FragmentHandler> const&) at oox/source/core/xmlfilterbase.cxx:357:12 > #21 in oox::ppt::PresentationFragmentHandler::importSlide(rtl::Reference<oox::core::FragmentHandler> const&, std::shared_ptr<oox::ppt::SlidePersist> const&) at oox/source/ppt/presentationfragmenthandler.cxx:843:17 > #22 in oox::ppt::PresentationFragmentHandler::importSlide(unsigned int, bool, bool) at oox/source/ppt/presentationfragmenthandler.cxx:503:13 > #23 in oox::ppt::PresentationFragmentHandler::finalizeImport() at oox/source/ppt/presentationfragmenthandler.cxx:652:17 > #24 in oox::core::FragmentHandler2::endDocument() at oox/source/core/fragmenthandler2.cxx:53:5 > #25 in sax_fastparser::FastSaxParserImpl::parseStream(com::sun::star::xml::sax::InputSource const&) at sax/source/fastparser/fastparser.cxx:904:36 > #26 in sax_fastparser::FastSaxParser::parseStream(com::sun::star::xml::sax::InputSource const&) at sax/source/fastparser/fastparser.cxx:1492:13 > #27 in oox::core::FastParser::parseStream(com::sun::star::xml::sax::InputSource const&, bool) at oox/source/core/fastparser.cxx:121:15 > #28 in oox::core::FastParser::parseStream(com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&, rtl::OUString const&) at oox/source/core/fastparser.cxx:129:5 > #29 in oox::core::XmlFilterBase::importFragment(rtl::Reference<oox::core::FragmentHandler> const&, oox::core::FastParser&) at oox/source/core/xmlfilterbase.cxx:427:21 > #30 in oox::core::XmlFilterBase::importFragment(rtl::Reference<oox::core::FragmentHandler> const&) at oox/source/core/xmlfilterbase.cxx:357:12 > #31 in oox::ppt::PowerPointImport::importDocument() at oox/source/ppt/pptimport.cxx:110:17 > #32 in oox::core::FilterBase::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at oox/source/core/filterbase.cxx:485:49 > #33 in oox::ppt::PowerPointImport::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at oox/source/ppt/pptimport.cxx:215:24 > #34 in SfxObjectShell::ImportFrom(SfxMedium&, com::sun::star::uno::Reference<com::sun::star::text::XTextRange> const&) at sfx2/source/doc/objstor.cxx:2653:34 > #35 in sd::DrawDocShell::ImportFrom(SfxMedium&, com::sun::star::uno::Reference<com::sun::star::text::XTextRange> const&) at sd/source/ui/docshell/docshel4.cxx:457:39 > #36 in SfxObjectShell::DoLoad(SfxMedium*) at sfx2/source/doc/objstor.cxx:762:23 > #37 in SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at sfx2/source/doc/sfxbasemodel.cxx:1981:36 > #38 in (anonymous namespace)::SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) at sfx2/source/view/frmload.cxx:774:28 > #39 in framework::LoadEnv::impl_loadContent() at framework/source/loadenv/loadenv.cxx:1181:37 after 3ad22de97dc8a96b8b7df832aa5fa3e5a36c6bda "SmartArt: Add posssibility to edit (simple) text" Change-Id: Ie6d2e8ec7fc8e07222cb85d50cf0d67df22d30ab Reviewed-on: https://gerrit.libreoffice.org/c/core/+/195562 Tested-by: Armin Le Grand <[email protected]> Reviewed-by: Stephan Bergmann <[email protected]> Tested-by: Jenkins diff --git a/svx/source/diagram/IDiagramHelper.cxx b/svx/source/diagram/IDiagramHelper.cxx index 5ccffe123507..3153b98e7687 100644 --- a/svx/source/diagram/IDiagramHelper.cxx +++ b/svx/source/diagram/IDiagramHelper.cxx @@ -423,8 +423,9 @@ void IDiagramHelper::disconnectFromSdrObjGroup() { // if change was done, reset GrabBagItem to delete buffered DiagramData which is no longer valid mpAssociatedSdrObjGroup->SetGrabBagItem(uno::Any(uno::Sequence<beans::PropertyValue>())); - mpAssociatedSdrObjGroup->mp_DiagramHelper.reset(); + auto const p = mpAssociatedSdrObjGroup; mpAssociatedSdrObjGroup = nullptr; + p->mp_DiagramHelper.reset(); } }
