-
Caolán McNamara yazdı
so if there are still ScXMLDatabaseRangesContext on the import stack, i.e. exception thrown during ScXMLDatabaseRanges import, then stuff crashes ================================================================= ==23249==ERROR: AddressSanitizer: heap-use-after-free READ of size 8 at 0x6020001c3190 thread T0 SolarMutexGuard::~SolarMutexGuard() /src/libreoffice/include/vcl/svapp.hxx:1420:9 ScXMLImport::UnlockSolarMutex() /src/libreoffice/sc/source/filter/xml/xmlimprt.cxx:1916:13 ScXMLDatabaseRangesContext::~ScXMLDatabaseRangesContext() /src/libreoffice/sc/source/filter/xml/xmldrani.cxx:64:19 ScXMLDatabaseRangesContext::~ScXMLDatabaseRangesContext() /src/libreoffice/sc/source/filter/xml/xmldrani.cxx:63:1 destroy /usr/local/bin/../include/c++/v1/memory:1838:64 __destroy<rtl::Reference<SvXMLImportContext> > /usr/local/bin/../include/c++/v1/memory:1706 destroy<rtl::Reference<SvXMLImportContext> > /usr/local/bin/../include/c++/v1/memory:1574 std::__1::deque<rtl::Reference<SvXMLImportContext>, std::__1::allocator<rtl::Reference<SvXMLImportContext> > >::pop_back() /usr/local/bin/../include/c++/v1/deque:2604 pop /usr/local/bin/../include/c++/v1/stack:212:19 SvXMLImport::~SvXMLImport() /src/libreoffice/xmloff/source/core/xmlimp.cxx:418 ScXMLImport::~ScXMLImport() /src/libreoffice/sc/source/filter/xml/xmlimprt.cxx:769:1 freed by thread T0 here: #0 0x6164a0 in operator delete(void*) /src/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:126 #1 0x6254e3 in ScXMLImport::~ScXMLImport() /src/libreoffice/sc/source/filter/xml/xmlimprt.cxx:787:5 #2 0x6259cc in ScXMLImport::~ScXMLImport() /src/libreoffice/sc/source/filter/xml/xmlimprt.cxx:769:1 Change-Id: Ia72284f99e2e2efe4f1f9e57b1483c0f1333274d Reviewed-on: https://gerrit.libreoffice.org/42502Tested-by:Jenkins <ci@libreoffice.org> Reviewed-by:
Caolán McNamara <caolanm@redhat.com> Tested-by:
81c73116
