Skip to content

Commit

Permalink
crashtesting: crash on reexport of tdf118346-1.odg to odg
Browse files Browse the repository at this point in the history 
make a copy of m_pImpGraphicList because if we swap out a svg, the svg filter
may create more temp Graphics which are auto-added to m_pImpGraphicList
invalidating a loop over m_pImpGraphicList

 #0  0x00007ffff0d25ae5 in vcl::graphic::Manager::reduceGraphicMemory() (this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
    at vcl/source/graphic/Manager.cxx:88
 #1  0x00007ffff0d25ee9 in vcl::graphic::Manager::registerGraphic(std::shared_ptr<ImpGraphic> const&, rtl::OUString const&)
    (this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>, pImpGraphic=std::shared_ptr<ImpGraphic> (use count 1, weak count 0) = {...})
    at vcl/source/graphic/Manager.cxx:139
 #2  0x00007ffff0d26406 in vcl::graphic::Manager::newInstance() (this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
    at vcl/source/graphic/Manager.cxx:184
 #3  0x00007ffff0b6735c in Graphic::Graphic() (this=0x7fffffff84f0) at vcl/source/gdi/graph.cxx:182
 #4  0x00007fffdc526600 in svgio::svgreader::SvgImageNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
    (this=0x555556817940, rTarget=...) at svgio/source/svgreader/svgimagenode.cxx:219
 #5  0x00007fffdc52e75d in svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
    (this=0x55555a6a93d0, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgnode.cxx:529
 #6  0x00007fffdc522339 in svgio::svgreader::SvgGNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
    (this=0x55555a6a93d0, rTarget=..., bReferenced=false) at svgio/source/svgreader/svggnode.cxx:106
 #7  0x00007fffdc52e75d in svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
    (this=0x55555a6a9070, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgnode.cxx:529
 #8  0x00007fffdc522339 in svgio::svgreader::SvgGNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
    (this=0x55555a6a9070, rTarget=..., bReferenced=false) at svgio/source/svgreader/svggnode.cxx:106
 #9  0x00007fffdc52e75d in svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
    (this=0x55555a5f9150, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgnode.cxx:529
 #10 0x00007fffdc54d19f in svgio::svgreader::SvgSvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const
    (this=0x55555a5f9150, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgsvgnode.cxx:304
 #11 0x00007fffdc571373 in svgio::svgreader::(anonymous namespace)::XSvgParser::getDecomposition(com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&, rtl::OUString const&) (this=0x55555a69c6d0, xSVGStream=uno::Reference to (comphelper::SequenceInputStream *) 0x555557480668, aAbsolutePath="")
    at svgio/source/svguno/xsvgparser.cxx:160
 #12 0x00007ffff0cf849b in VectorGraphicData::ensureSequenceAndRange() (this=0x555556ea7540)
    at vcl/source/gdi/vectorgraphicdata.cxx:196
 #13 0x00007ffff0cf9124 in VectorGraphicData::getRange() const (this=0x555556ea7540)
    at vcl/source/gdi/vectorgraphicdata.cxx:323
 #14 0x00007ffff0b74da7 in ImpGraphic::ImplGetPrefSize() const (this=0x5555588b00f0) at vcl/source/gdi/impgraph.cxx:778
 #15 0x00007ffff0b76623 in ImpGraphic::ImplWriteEmbedded(SvStream&) (this=0x5555588b00f0, rOStm=...)
    at vcl/source/gdi/impgraph.cxx:1235
 #16 0x00007ffff0b770a1 in ImpGraphic::ImplSwapOut(SvStream*) (this=0x5555588b00f0, xOStm=0x55555826b7d0)
    at vcl/source/gdi/impgraph.cxx:1377
 #17 0x00007ffff0b76bdb in ImpGraphic::ImplSwapOut() (this=0x5555588b00f0) at vcl/source/gdi/impgraph.cxx:1328
 #18 0x00007ffff0d25c88 in vcl::graphic::Manager::reduceGraphicMemory() (this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
    at vcl/source/graphic/Manager.cxx:107
 #19 0x00007ffff0d25ee9 in vcl::graphic::Manager::registerGraphic(std::shared_ptr<ImpGraphic> const&, rtl::OUString const&)
    (this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>, pImpGraphic=std::shared_ptr<ImpGraphic> (use count 1, weak count 0) = {...})
    at vcl/source/graphic/Manager.cxx:139
 #20 0x00007ffff0d26406 in vcl::graphic::Manager::newInstance() (this=0x7ffff1bc4760 <vcl::graphic::Manager::get()::gStaticManager>)
    at vcl/source/graphic/Manager.cxx:184
 #21 0x00007ffff0b6735c in Graphic::Graphic() (this=0x555556d5ea68) at vcl/source/gdi/graph.cxx:182

Change-Id: I4e1ffcb12ead0d53b7ca2f369154e9c753af77d8
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91650
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
  • Loading branch information
Caolán McNamara committed Apr 3, 2020
1 parent 820a515 commit 6fa2891
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion vcl/source/graphic/Manager.cxx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,12 @@ void Manager::reduceGraphicMemory()

std::scoped_lock<std::recursive_mutex> aGuard(maMutex);

for (ImpGraphic* pEachImpGraphic : m_pImpGraphicList)
// make a copy of m_pImpGraphicList because if we swap out a svg, the svg
// filter may create more temp Graphics which are auto-added to
// m_pImpGraphicList invalidating a loop over m_pImpGraphicList, e.g.
// reexport of tdf118346-1.odg
o3tl::sorted_vector<ImpGraphic*> aImpGraphicList = m_pImpGraphicList;
for (ImpGraphic* pEachImpGraphic : aImpGraphicList)
{
if (mnUsedSize < mnMemoryLimit * 0.7)
return;
Expand Down

0 comments on commit 6fa2891

Please sign in to comment.