Attachment 181725 Details for Bug 147731 – ASAN log

ASAN log

asan.txt (text/plain), 17.48 KB, created by Michael Stahl (allotropia) on 2022-08-11 10:18:28 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Michael Stahl (allotropia)

Created: 2022-08-11 10:18:28 UTC

Size: 17.48 KB

patch

obsolete

>==465572==ERROR: AddressSanitizer: heap-use-after-free on address 0x60400141759c at pc 0x7f073a5b3eed bp 0x7fffe597dc20 sp 0x7fffe597dc18
>READ of size 2 at 0x60400141759c thread T0
>    #0 0x7f073a5b3eec in SfxPoolItem::Which() const include/svl/poolitem.hxx:149:53
>    #1 0x7f073a6bc923 in SfxItemSet::~SfxItemSet() svl/source/items/itemset.cxx:185:36
>    #2 0x7f06f880d7f4 in SwAttrSet::~SwAttrSet() sw/inc/swatrset.hxx:154:20
>    #3 0x7f06f880625c in SwFormat::~SwFormat() sw/source/core/attr/format.cxx:223:1
>    #4 0x7f06f9b9f056 in SwFrameFormat::~SwFrameFormat() sw/source/core/layout/atrfrm.cxx:2568:1
>    #5 0x7f06f9b9f0c8 in SwFrameFormat::~SwFrameFormat() sw/source/core/layout/atrfrm.cxx:2540:1
>    #6 0x7f06f9b8634b in lcl_DelHFFormat(SwClient*, SwFrameFormat*) sw/source/core/layout/atrfrm.cxx:157:9
>    #7 0x7f06f9b86049 in SwFormatHeader::~SwFormatHeader() sw/source/core/layout/atrfrm.cxx:513:9
>    #8 0x7f06f9b86dc8 in SwFormatHeader::~SwFormatHeader() sw/source/core/layout/atrfrm.cxx:511:1
>    #9 0x7f073a6162a2 in SfxItemPool::Delete() svl/source/items/itempool.cxx:562:13
>    #10 0x7f073a615469 in SfxItemPool::~SfxItemPool() svl/source/items/itempool.cxx:404:9
>    #11 0x7f06f881b572 in SwAttrPool::~SwAttrPool() sw/source/core/attr/swatrset.cxx:93:1
>    #12 0x7f06f881b5c8 in SwAttrPool::~SwAttrPool() sw/source/core/attr/swatrset.cxx:87:1
>    #13 0x7f06f88246dc in salhelper::SimpleReferenceObject::release() include/salhelper/simplereferenceobject.hxx:76:49
>    #14 0x7f06f8effb72 in rtl::Reference<SwAttrPool>::clear() include/rtl/ref.hxx:196:19
>    #15 0x7f06f8edc229 in SwDoc::~SwDoc() sw/source/core/doc/docnew.cxx:605:16
>    #16 0x7f06f8be65af in SwDoc::release() sw/source/core/doc/doc.cxx:119:9
>    #17 0x7f06f95e7de2 in rtl::Reference<SwDoc>::clear() include/rtl/ref.hxx:196:19
>    #18 0x7f06fb60f382 in SwDocShell::RemoveLink() sw/source/uibase/app/docshini.cxx:443:16
>    #19 0x7f06fb60eebe in SwDocShell::~SwDocShell() sw/source/uibase/app/docshini.cxx:371:5
>    #20 0x7f06fb60f53f in SwDocShell::~SwDocShell() sw/source/uibase/app/docshini.cxx:361:1
>    #21 0x7f06fb60f6b8 in SwDocShell::~SwDocShell() sw/source/uibase/app/docshini.cxx:361:1
>    #22 0x7f073b7c1081 in SvRefBase::ReleaseRef() include/tools/ref.hxx:163:29
>    #23 0x7f073b7c0c8e in tools::SvRef<SfxObjectShell>::~SvRef() include/tools/ref.hxx:56:36
>    #24 0x7f073ca8b720 in SfxViewFrame::ReleaseObjectShell_Impl() sfx2/source/view/viewfrm.cxx:1149:5
>    #25 0x7f073ca98ad5 in SfxViewFrame::~SfxViewFrame() sfx2/source/view/viewfrm.cxx:1816:5
>    #26 0x7f073ca8fc7c in SfxViewFrame::Close() sfx2/source/view/viewfrm.cxx:1171:5
>    #27 0x7f073c993e6f in SfxFrame::DoClose_Impl() sfx2/source/view/frame.cxx:135:37
>    #28 0x7f073ca1e11e in SfxBaseController::dispose() sfx2/source/view/sfxbasecontroller.cxx:981:28
>    #29 0x7f073e9affb0 in (anonymous namespace)::XFrameImpl::setComponent(com::sun::star::uno::Reference<com::sun::star::awt::XWindow> const&, com::sun::star::uno::Reference<com::sun::star::frame::XController> const&) framework/source/services/frame.cxx:1485:33
>    #30 0x7f073e521cb4 in framework::CloseDispatcher::implts_establishBackingMode() framework/source/dispatch/closedispatcher.cxx:532:13
>    #31 0x7f073e5201d6 in framework::CloseDispatcher::impl_asyncCallback(LinkParamNone*) framework/source/dispatch/closedispatcher.cxx:400:20
>    #32 0x7f073e51ded4 in framework::CloseDispatcher::dispatchWithNotification(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) framework/source/dispatch/closedispatcher.cxx:222:9
>    #33 0x7f073e99ff97 in framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatch> const&, com::sun::star::util::URL const&, bool, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) framework/source/services/dispatchhelper.cxx:163:30
>    #34 0x7f073e99f7a0 in framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatchProvider> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) framework/source/services/dispatchhelper.cxx:120:16
>    #35 0x7f073e9a04e4 in non-virtual thunk to framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatchProvider> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) framework/source/services/dispatchhelper.cxx
>    #36 0x7f073e854fa0 in framework::LayoutManager::MenuBarClose(void*) framework/source/layoutmanager/layoutmanager.cxx:2549:18
>    #37 0x7f073e854c0c in framework::LayoutManager::LinkStubMenuBarClose(void*, void*) framework/source/layoutmanager/layoutmanager.cxx:2537:1
>    #38 0x7f072ec31df0 in Link<void*, void>::Call(void*) const include/tools/link.hxx:111:45
>    #39 0x7f072ec275de in ImplHandleUserEvent(ImplSVEvent*) vcl/source/window/winproc.cxx:2229:30
>    #40 0x7f072ec1f410 in ImplWindowFrameProc(vcl::Window*, SalEvent, void const*) vcl/source/window/winproc.cxx:2799:13
>    #41 0x7f07308ceddd in SalFrame::CallCallback(SalEvent, void const*) const vcl/inc/salframe.hxx:306:29
>    #42 0x7f073093dd25 in SalGenericDisplay::ProcessEvent(SalUserEventList::SalUserEvent) vcl/unx/generic/app/gendisp.cxx:66:22
>    #43 0x7f072fdcd2f8 in SalUserEventList::DispatchUserEvents(bool)::$_0::operator()() const vcl/source/app/salusereventlist.cxx:119:58
>    #44 0x7f072fdccde4 in SalUserEventList::DispatchUserEvents(bool) vcl/source/app/salusereventlist.cxx:120:13
>    #45 0x7f073093daf4 in SalGenericDisplay::DispatchInternalEvent(bool) vcl/unx/generic/app/gendisp.cxx:51:12
>    #46 0x7f07126d4569 in call_userEventFn(void*) vcl/unx/gtk3/gtkdata.cxx:824:27
>    #47 0x7f0734f154ca  (/lib64/libglib-2.0.so.0+0x514ca) (BuildId: 8a4c270219135729dff508e4bb3cc03099af40e8)
>    #48 0x7f0734f18fae in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x54fae) (BuildId: 8a4c270219135729dff508e4bb3cc03099af40e8)
>    #49 0x7f0734f6e2c7  (/lib64/libglib-2.0.so.0+0xaa2c7) (BuildId: 8a4c270219135729dff508e4bb3cc03099af40e8)
>    #50 0x7f0734f1693f in g_main_context_iteration (/lib64/libglib-2.0.so.0+0x5293f) (BuildId: 8a4c270219135729dff508e4bb3cc03099af40e8)
>    #51 0x7f07126d1675 in GtkSalData::Yield(bool, bool) vcl/unx/gtk3/gtkdata.cxx:405:31
>    #52 0x7f07126de5e2 in GtkInstance::DoYield(bool, bool) vcl/unx/gtk3/gtkinst.cxx:429:29
>    #53 0x7f072ffee764 in ImplYield(bool, bool) vcl/source/app/svapp.cxx:475:48
>    #54 0x7f072ffed63c in Application::Yield() vcl/source/app/svapp.cxx:559:5
>    #55 0x7f072ffed07a in Application::Execute() vcl/source/app/svapp.cxx:453:13
>    #56 0x7f0743adec60 in desktop::Desktop::Main() desktop/source/app/app.cxx:1604:13
>    #57 0x7f073003f144 in ImplSVMain() vcl/source/app/svmain.cxx:203:35
>    #58 0x7f0730042d48 in SVMain() vcl/source/app/svmain.cxx:235:12
>    #59 0x7f0743c07902 in soffice_main desktop/source/app/sofficemain.cxx:94:12
>    #60 0x515d2c in sal_main desktop/source/app/main.c:51:15
>    #61 0x515d06 in main desktop/source/app/main.c:49:1
>    #62 0x7f074322954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f) (BuildId: 6f5ce514a9e7f51e0247a527c3a41ed981c04458)
>    #63 0x7f0743229608 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x29608) (BuildId: 6f5ce514a9e7f51e0247a527c3a41ed981c04458)
>    #64 0x41dcd4 in _start (instdir/program/soffice.bin+0x41dcd4)
>
>0x60400141759c is located 12 bytes inside of 48-byte region [0x604001417590,0x6040014175c0)
>freed by thread T0 here:
>    #0 0x513908 in operator delete(void*) (instdir/program/soffice.bin+0x513908)
>    #1 0x7f06f9bb1f21 in SwFormatFrameSize::~SwFormatFrameSize() sw/inc/fmtfsize.hxx:43:20
>    #2 0x7f073a6162a2 in SfxItemPool::Delete() svl/source/items/itempool.cxx:562:13
>    #3 0x7f073a615469 in SfxItemPool::~SfxItemPool() svl/source/items/itempool.cxx:404:9
>    #4 0x7f06f881b572 in SwAttrPool::~SwAttrPool() sw/source/core/attr/swatrset.cxx:93:1
>    #5 0x7f06f881b5c8 in SwAttrPool::~SwAttrPool() sw/source/core/attr/swatrset.cxx:87:1
>    #6 0x7f06f88246dc in salhelper::SimpleReferenceObject::release() include/salhelper/simplereferenceobject.hxx:76:49
>    #7 0x7f06f8effb72 in rtl::Reference<SwAttrPool>::clear() include/rtl/ref.hxx:196:19
>    #8 0x7f06f8edc229 in SwDoc::~SwDoc() sw/source/core/doc/docnew.cxx:605:16
>    #9 0x7f06f8be65af in SwDoc::release() sw/source/core/doc/doc.cxx:119:9
>    #10 0x7f06f95e7de2 in rtl::Reference<SwDoc>::clear() include/rtl/ref.hxx:196:19
>    #11 0x7f06fb60f382 in SwDocShell::RemoveLink() sw/source/uibase/app/docshini.cxx:443:16
>    #12 0x7f06fb60eebe in SwDocShell::~SwDocShell() sw/source/uibase/app/docshini.cxx:371:5
>    #13 0x7f06fb60f53f in SwDocShell::~SwDocShell() sw/source/uibase/app/docshini.cxx:361:1
>    #14 0x7f06fb60f6b8 in SwDocShell::~SwDocShell() sw/source/uibase/app/docshini.cxx:361:1
>    #15 0x7f073b7c1081 in SvRefBase::ReleaseRef() include/tools/ref.hxx:163:29
>    #16 0x7f073b7c0c8e in tools::SvRef<SfxObjectShell>::~SvRef() include/tools/ref.hxx:56:36
>    #17 0x7f073ca8b720 in SfxViewFrame::ReleaseObjectShell_Impl() sfx2/source/view/viewfrm.cxx:1149:5
>    #18 0x7f073ca98ad5 in SfxViewFrame::~SfxViewFrame() sfx2/source/view/viewfrm.cxx:1816:5
>    #19 0x7f073ca8fc7c in SfxViewFrame::Close() sfx2/source/view/viewfrm.cxx:1171:5
>    #20 0x7f073c993e6f in SfxFrame::DoClose_Impl() sfx2/source/view/frame.cxx:135:37
>    #21 0x7f073ca1e11e in SfxBaseController::dispose() sfx2/source/view/sfxbasecontroller.cxx:981:28
>    #22 0x7f073e9affb0 in (anonymous namespace)::XFrameImpl::setComponent(com::sun::star::uno::Reference<com::sun::star::awt::XWindow> const&, com::sun::star::uno::Reference<com::sun::star::frame::XController> const&) framework/source/services/frame.cxx:1485:33
>    #23 0x7f073e521cb4 in framework::CloseDispatcher::implts_establishBackingMode() framework/source/dispatch/closedispatcher.cxx:532:13
>    #24 0x7f073e5201d6 in framework::CloseDispatcher::impl_asyncCallback(LinkParamNone*) framework/source/dispatch/closedispatcher.cxx:400:20
>    #25 0x7f073e51ded4 in framework::CloseDispatcher::dispatchWithNotification(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) framework/source/dispatch/closedispatcher.cxx:222:9
>    #26 0x7f073e99ff97 in framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatch> const&, com::sun::star::util::URL const&, bool, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) framework/source/services/dispatchhelper.cxx:163:30
>    #27 0x7f073e99f7a0 in framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatchProvider> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) framework/source/services/dispatchhelper.cxx:120:16
>    #28 0x7f073e9a04e4 in non-virtual thunk to framework::DispatchHelper::executeDispatch(com::sun::star::uno::Reference<com::sun::star::frame::XDispatchProvider> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) framework/source/services/dispatchhelper.cxx
>    #29 0x7f073e854fa0 in framework::LayoutManager::MenuBarClose(void*) framework/source/layoutmanager/layoutmanager.cxx:2549:18
>
>previously allocated by thread T0 here:
>    #0 0x512ec8 in operator new(unsigned long) (instdir/program/soffice.bin+0x512ec8)
>    #1 0x7f06f9b82f11 in SwFormatFrameSize::Clone(SfxItemPool*) const sw/source/core/layout/atrfrm.cxx:256:12
>    #2 0x7f073a619801 in SfxItemPool::PutImpl(SfxPoolItem const&, unsigned short, bool) svl/source/items/itempool.cxx:729:26
>    #3 0x7f073a6c1025 in SfxItemSet::PutImpl(SfxPoolItem const&, unsigned short, bool) svl/source/items/itemset.cxx:494:56
>    #4 0x7f06f8693c9c in SfxItemSet::Put(SfxPoolItem const&, unsigned short) include/svl/itemset.hxx:185:14
>    #5 0x7f06f8687a78 in SfxItemSet::Put(SfxPoolItem const&) include/svl/itemset.hxx:189:42
>    #6 0x7f06fc2e67a2 in FillHdFt(SwFrameFormat*, SfxItemSet const&) sw/source/uibase/utlui/uitool.cxx:241:10
>    #7 0x7f06fc2e5529 in ItemSetToPageDesc(SfxItemSet const&, SwPageDesc&) sw/source/uibase/utlui/uitool.cxx:340:13
>    #8 0x7f06fb6493bb in SwDocStyleSheet::SetItemSet(SfxItemSet const&, bool) sw/source/uibase/app/docstyle.cxx:1700:13
>    #9 0x7f06fada1be5 in (anonymous namespace)::SwXPageStyle::SetPropertyValues_Impl(com::sun::star::uno::Sequence<rtl::OUString> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&) sw/source/core/unocore/unostyle.cxx:3065:33
>    #10 0x7f06fad9d6d2 in (anonymous namespace)::SwXPageStyle::setPropertyValue(rtl::OUString const&, com::sun::star::uno::Any const&) sw/source/core/unocore/unostyle.cxx:3365:5
>    #11 0x7f06f2ca1846 in writerfilter::dmapper::DomainMapper_Impl::PushPageHeaderFooter(bool, writerfilter::dmapper::SectionPropertyMap::PageType) writerfilter/source/dmapper/DomainMapper_Impl.cxx:3170:25
>    #12 0x7f06f2ca28af in writerfilter::dmapper::DomainMapper_Impl::PushPageHeader(writerfilter::dmapper::SectionPropertyMap::PageType) writerfilter/source/dmapper/DomainMapper_Impl.cxx:3197:5
>    #13 0x7f06f2d1ea26 in writerfilter::dmapper::DomainMapper_Impl::substream(unsigned int, tools::SvRef<writerfilter::Reference<writerfilter::Stream> > const&) writerfilter/source/dmapper/DomainMapper_Impl.cxx:8548:13
>    #14 0x7f06f2b732c1 in writerfilter::dmapper::DomainMapper::lcl_substream(unsigned int, tools::SvRef<writerfilter::Reference<writerfilter::Stream> >) writerfilter/source/dmapper/DomainMapper.cxx:4071:14
>    #15 0x7f06f2ed403e in writerfilter::LoggedStream::substream(unsigned int, tools::SvRef<writerfilter::Reference<writerfilter::Stream> >) writerfilter/source/dmapper/LoggedResources.cxx:272:5
>    #16 0x7f06f3162aaa in writerfilter::ooxml::OOXMLDocumentImpl::resolveFastSubStreamWithId(writerfilter::Stream&, tools::SvRef<writerfilter::Reference<writerfilter::Stream> > const&, unsigned int) writerfilter/source/ooxml/OOXMLDocumentImpl.cxx:124:13
>    #17 0x7f06f3167e89 in writerfilter::ooxml::OOXMLDocumentImpl::resolveHeader(writerfilter::Stream&, int, rtl::OUString const&) writerfilter/source/ooxml/OOXMLDocumentImpl.cxx:380:10
>    #18 0x7f06f3190661 in writerfilter::ooxml::OOXMLFastContextHandler::resolveHeader(int, rtl::OUString const&) writerfilter/source/ooxml/OOXMLFastContextHandler.cxx:888:35
>    #19 0x7f06f3154ab8 in writerfilter::ooxml::OOXMLHeaderHandler::finalize() writerfilter/source/ooxml/Handler.cxx:214:20
>    #20 0x7f06f3193795 in writerfilter::ooxml::OOXMLFastContextHandlerProperties::handleHdrFtr() writerfilter/source/ooxml/OOXMLFastContextHandler.cxx:1113:28
>    #21 0x7f06f33a511c in writerfilter::ooxml::OOXMLFactory_wml::endAction(writerfilter::ooxml::OOXMLFastContextHandler*) workdir/CustomTarget/writerfilter/source/ooxml/OOXMLFactory_wml.cxx:7448:26
>    #22 0x7f06f31840eb in writerfilter::ooxml::OOXMLFactory::endAction(writerfilter::ooxml::OOXMLFastContextHandler*) writerfilter/source/ooxml/OOXMLFactory.cxx:157:19
>    #23 0x7f06f318a4b4 in writerfilter::ooxml::OOXMLFastContextHandler::endAction() writerfilter/source/ooxml/OOXMLFastContextHandler.cxx:316:5
>    #24 0x7f06f3192970 in writerfilter::ooxml::OOXMLFastContextHandlerProperties::lcl_endFastElement(int) writerfilter/source/ooxml/OOXMLFastContextHandler.cxx:1034:9
>    #25 0x7f06f3189b55 in writerfilter::ooxml::OOXMLFastContextHandler::endFastElement(int) writerfilter/source/ooxml/OOXMLFastContextHandler.cxx:222:9
>    #26 0x7f0701cc7570 in (anonymous namespace)::Entity::endElement() sax/source/fastparser/fastparser.cxx:515:27
>    #27 0x7f0701cc7217 in sax_fastparser::FastSaxParserImpl::callbackEndElement() sax/source/fastparser/fastparser.cxx:1344:17
>    #28 0x7f0701cbec78 in (anonymous namespace)::call_callbackEndElement(void*, unsigned char const*, unsigned char const*, unsigned char const*) sax/source/fastparser/fastparser.cxx:339:18
>    #29 0x7f0741faa6f4  (/lib64/libxml2.so.2+0x1346f4) (BuildId: aadf5879c68f117634a6bd13135e48749e846fc9)
>
>SUMMARY: AddressSanitizer: heap-use-after-free include/svl/poolitem.hxx:149:53 in SfxPoolItem::Which() const
>Shadow bytes around the buggy address:
>  0x0c088027ae60: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 02 fa
>  0x0c088027ae70: fa fa 00 00 00 00 00 02 fa fa 00 00 00 00 00 fa
>  0x0c088027ae80: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 02 fa
>  0x0c088027ae90: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 05 fa
>  0x0c088027aea0: fa fa 00 00 00 00 00 fa fa fa fd fd fd fd fd fa
>=>0x0c088027aeb0: fa fa fd[fd]fd fd fd fd fa fa fd fd fd fd fd fd
>  0x0c088027aec0: fa fa 00 00 00 00 00 04 fa fa 00 00 00 00 00 04
>  0x0c088027aed0: fa fa fd fd fd fd fd fd fa fa 00 00 00 00 02 fa
>  0x0c088027aee0: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 00 02
>  0x0c088027aef0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 fa
>  0x0c088027af00: fa fa 00 00 00 00 00 fa fa fa 00 00 00 00 06 fa
>Shadow byte legend (one shadow byte represents 8 application bytes):
>  Addressable:           00
>  Partially addressable: 01 02 03 04 05 06 07 
>  Heap left redzone:       fa
>  Freed heap region:       fd
>  Stack left redzone:      f1
>  Stack mid redzone:       f2
>  Stack right redzone:     f3
>  Stack after return:      f5
>  Stack use after scope:   f8
>  Global redzone:          f9
>  Global init order:       f6
>  Poisoned by user:        f7
>  Container overflow:      fc
>  Array cookie:            ac
>  Intra object redzone:    bb
>  ASan internal:           fe
>  Left alloca redzone:     ca
>  Right alloca redzone:    cb
>==465572==ABORTING
>

Actions: View

Attachments on bug 147731: 178622 | 178625 | 178720 | 178723 | 180653 | 181725