...
==15622==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000629690 at pc 0x2b4bec6e1e2f bp 0x7fff96f22930 sp 0x7fff96f22928 READ of size 8 at 0x604000629690 thread T0 #0 0x2b4bec6e1e2e in BigPtrEntry::GetArray() const sw/inc/bparr.hxx:103:21 #1 0x2b4bec6e17d6 in SwNode::GetNodes() sw/inc/node.hxx:703:34 #2 0x2b4bec6a526d in SwNodeIndex::~SwNodeIndex() sw/inc/ndindex.hxx:83:28 #3 0x2b4bec69eb0a in SwUiWriterTest::testUnoCursorPointer() sw/qa/extras/uiwriter/uiwriter.cxx:1045:1 #4 0x2b4bec787d4f in CppUnit::TestCaller<SwUiWriterTest>::runTest() workdir/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:166:6 #5 0x2b4bae30775d in CppUnit::TestCaseMethodFunctor::operator()() const workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32:5 #6 0x2b4bc6319816 in (anonymous namespace)::Protector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) test/source/vclbootstrapprotector.cxx:57:14 #7 0x2b4bae2c34b7 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:12 #8 0x2b4bbd74e126 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) unotest/source/cpp/unobootstrapprotector/unobootstrapprotector.cxx:88:12 #9 0x2b4bae2c34b7 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:12 #10 0x2b4bb9ad5e54 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) unotest/source/cpp/unoexceptionprotector/unoexceptionprotector.cxx:63:16 #11 0x2b4bae2c34b7 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:12 #12 0x2b4bae24c70c in CppUnit::DefaultProtector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) workdir/UnpackedTarball/cppunit/src/cppunit/DefaultProtector.cpp:15:12 #13 0x2b4bae2c34b7 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:12 #14 0x2b4bae2bf475 in CppUnit::ProtectorChain::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:77:18 #15 0x2b4bae387ed5 in CppUnit::TestResult::protect(CppUnit::Functor const&, CppUnit::Test*, std::string const&) workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:181:10 #16 0x2b4bae3042b6 in CppUnit::TestCase::run(CppUnit::TestResult*) workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:91:5 #17 0x2b4bae30acf3 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:5 #18 0x2b4bae309c5d in CppUnit::TestComposite::run(CppUnit::TestResult*) workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3 #19 0x2b4bae30acf3 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:5 #20 0x2b4bae309c5d in CppUnit::TestComposite::run(CppUnit::TestResult*) workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3 #21 0x2b4bae3c6ad6 in CppUnit::TestRunner::WrappingSuite::run(CppUnit::TestResult*) workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:47:5 #22 0x2b4bae385d59 in CppUnit::TestResult::runTest(CppUnit::Test*) workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:148:3 #23 0x2b4bae3c8096 in CppUnit::TestRunner::run(CppUnit::TestResult&, std::string const&) workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:96:3 #24 0x4ff258 in (anonymous namespace)::ProtectedFixtureFunctor::run() const sal/cppunittester/cppunittester.cxx:276:13 #25 0x4fa0dd in sal_main() sal/cppunittester/cppunittester.cxx:379:14 #26 0x4f8312 in main sal/cppunittester/cppunittester.cxx:297:1 #27 0x2b4baff05fdf in __libc_start_main (/lib64/libc.so.6+0x1ffdf) #28 0x42e604 in _start (workdir/LinkTarget/Executable/cppunittester+0x42e604)0x604000629690 is located 0 bytes inside of 40-byte region [0x604000629690,0x6040006296b8) freed by thread T0 here: #0 0x4f6170 in operator delete(void*) /home/sbergman/clang/trunk/src/projects/compiler-rt/lib/asan/asan_new_delete.cc:94 #1 0x2b4c0ecffa18 in BigPtrArray::~BigPtrArray() sw/source/core/bastyp/bparr.cxx:64:13 #2 0x2b4c10cd0b68 in SwNodes::~SwNodes() sw/source/core/docnode/nodes.cxx:115:1 #3 0x2b4c0fc6dd6f in void boost::checked_delete<SwNodes>(SwNodes*) workdir/UnpackedTarball/boost/boost/checked_delete.hpp:34:5 #4 0x2b4c0fc1ffe0 in boost::scoped_ptr<SwNodes>::~scoped_ptr() workdir/UnpackedTarball/boost/boost/smart_ptr/scoped_ptr.hpp:87:9 #5 0x2b4c0fbe8d02 in SwDoc::~SwDoc() sw/source/core/doc/docnew.cxx:593:1 #6 0x2b4c0fbeaaff in SwDoc::~SwDoc() sw/source/core/doc/docnew.cxx:385:1 #7 0x2b4c15bd9890 in SwDocShell::RemoveLink() sw/source/uibase/app/docshini.cxx:466:13 #8 0x2b4c15bd7276 in SwDocShell::~SwDocShell() sw/source/uibase/app/docshini.cxx:388:5 #9 0x2b4c15bd9c26 in SwDocShell::~SwDocShell() sw/source/uibase/app/docshini.cxx:378:1 #10 0x2b4c15bda05f in SwDocShell::~SwDocShell() sw/source/uibase/app/docshini.cxx:378:1 #11 0x2b4c15bda1a6 in virtual thunk to SwDocShell::~SwDocShell() sw/source/uibase/app/docshini.cxx:377:13 #12 0x2b4bf2203a77 in SvRefBase::ReleaseRef() include/tools/ref.hxx:196:29 #13 0x2b4bf21f5628 in tools::SvRef<SfxObjectShell>::~SvRef() include/tools/ref.hxx:52:24 #14 0x2b4bf43c255e in IMPL_SfxBaseModel_DataContainer::~IMPL_SfxBaseModel_DataContainer() sfx2/source/doc/sfxbasemodel.cxx:247:5 #15 0x2b4bf43c276f in IMPL_SfxBaseModel_DataContainer::~IMPL_SfxBaseModel_DataContainer() sfx2/source/doc/sfxbasemodel.cxx:246:5 #16 0x2b4bf42ac396 in SfxBaseModel::dispose() sfx2/source/doc/sfxbasemodel.cxx:795:5 #17 0x2b4c1733b561 in SwXTextDocument::dispose() sw/source/uibase/uno/unotxdoc.cxx:588:5 #18 0x2b4c1733b5db in non-virtual thunk to SwXTextDocument::dispose() sw/source/uibase/uno/unotxdoc.cxx:586:23 #19 0x2b4bf42d1a1c in SfxBaseModel::close(unsigned char) sfx2/source/doc/sfxbasemodel.cxx:1418:5 #20 0x2b4c1733beda in SwXTextDocument::close(unsigned char) sw/source/uibase/uno/unotxdoc.cxx:596:5 #21 0x2b4c1733c295 in non-virtual thunk to SwXTextDocument::close(unsigned char) sw/source/uibase/uno/unotxdoc.cxx:591:23 #22 0x2b4bf42a8f03 in SfxBaseModel::dispose() sfx2/source/doc/sfxbasemodel.cxx:754:13 #23 0x2b4c1733b561 in SwXTextDocument::dispose() sw/source/uibase/uno/unotxdoc.cxx:588:5 #24 0x2b4c1733b5b8 in non-virtual thunk to SwXTextDocument::dispose() sw/source/uibase/uno/unotxdoc.cxx:586:23 #25 0x2b4bec69de41 in SwUiWriterTest::testUnoCursorPointer() sw/qa/extras/uiwriter/uiwriter.cxx:1043:5 #26 0x2b4bec787d4f in CppUnit::TestCaller<SwUiWriterTest>::runTest() workdir/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:166:6 #27 0x2b4bae30775d in CppUnit::TestCaseMethodFunctor::operator()() const workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32:5 #28 0x2b4bc6319816 in (anonymous namespace)::Protector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) test/source/vclbootstrapprotector.cxx:57:14 #29 0x2b4bae2c34b7 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:12 previously allocated by thread T0 here: #0 0x4f5b70 in operator new(unsigned long) /home/sbergman/clang/trunk/src/projects/compiler-rt/lib/asan/asan_new_delete.cc:62 #1 0x2b4c0ed0a127 in BigPtrArray::InsBlock(unsigned short) sw/source/core/bastyp/bparr.cxx:176:20 #2 0x2b4c0ed02148 in BigPtrArray::Insert(BigPtrEntry* const&, unsigned long) sw/source/core/bastyp/bparr.cxx:215:13 #3 0x2b4c10d2ece4 in SwNodes::InsertNode(SwNode*, unsigned long) sw/source/core/docnode/nodes.cxx:2319:5 #4 0x2b4c10c6f802 in SwStartNode::SwStartNode(SwNodes&, unsigned long) sw/source/core/docnode/node.cxx:899:9 #5 0x2b4c10cce59c in SwNodes::SwNodes(SwDoc*) sw/source/core/docnode/nodes.cxx:69:31 #6 0x2b4c0fbc5aeb in SwDoc::SwDoc() sw/source/core/doc/docnew.cxx:204:21 #7 0x2b4c14cf0e41 in SwDocFac::GetDoc() sw/source/filter/basflt/docfact.cxx:46:20 #8 0x2b4c15bc8939 in SwDocShell::AddLink() sw/source/uibase/app/docshini.cxx:417:18 #9 0x2b4c15bdd2b5 in SwDocShell::Load(SfxMedium&) sw/source/uibase/app/docshini.cxx:493:9 #10 0x2b4bf40730de in SfxObjectShell::LoadOwnFormat(SfxMedium&) sfx2/source/doc/objstor.cxx:3067:20 #11 0x2b4bf407b66e in SfxObjectShell::DoLoad(SfxMedium*) sfx2/source/doc/objstor.cxx:724:40 #12 0x2b4bf4305b53 in SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) sfx2/source/doc/sfxbasemodel.cxx:1859:11 #13 0x2b4bf430e6ce in non-virtual thunk to SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) sfx2/source/doc/sfxbasemodel.cxx:1810:29 #14 0x2b4bf4b37537 in (anonymous namespace)::SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) sfx2/source/view/frmload.cxx:703:17 #15 0x2b4bf4b3a723 in non-virtual thunk to (anonymous namespace)::SfxFrameLoader_Impl::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const&) sfx2/source/view/frmload.cxx:615:40 #16 0x2b4c4f52db08 in framework::LoadEnv::impl_loadContent() framework/source/loadenv/loadenv.cxx:1122:24 #17 0x2b4c4f51287a in framework::LoadEnv::startLoading() framework/source/loadenv/loadenv.cxx:383:20 #18 0x2b4c4f50a8f3 in framework::LoadEnv::loadComponentFromURL(com::sun::star::uno::Reference<com::sun::star::frame::XComponentLoader> const&, com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> const&, rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) framework/source/loadenv/loadenv.cxx:164:9 #19 0x2b4c4f70d7f4 in framework::Desktop::loadComponentFromURL(rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) framework/source/services/desktop.cxx:566:12 #20 0x2b4c4f70daea in non-virtual thunk to framework::Desktop::loadComponentFromURL(rtl::OUString const&, rtl::OUString const&, int, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) framework/source/services/desktop.cxx:552:64 #21 0x2b4c1fcc1805 in unotest::MacrosTest::loadFromDesktop(rtl::OUString const&, rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) unotest/source/cpp/macros_test.cxx:50:51 #22 0x2b4bec69baf8 in SwUiWriterTest::testUnoCursorPointer() sw/qa/extras/uiwriter/uiwriter.cxx:1031:24 #23 0x2b4bec787d4f in CppUnit::TestCaller<SwUiWriterTest>::runTest() workdir/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:166:6 #24 0x2b4bae30775d in CppUnit::TestCaseMethodFunctor::operator()() const workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32:5 #25 0x2b4bc6319816 in (anonymous namespace)::Protector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) test/source/vclbootstrapprotector.cxx:57:14 #26 0x2b4bae2c34b7 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:12 #27 0x2b4bbd74e126 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) unotest/source/cpp/unobootstrapprotector/unobootstrapprotector.cxx:88:12 #28 0x2b4bae2c34b7 in CppUnit::ProtectorChain::ProtectFunctor::operator()() const workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:12 #29 0x2b4bb9ad5e54 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) unotest/source/cpp/unoexceptionprotector/unoexceptionprotector.cxx:63:16 SUMMARY: AddressSanitizer: heap-use-after-free sw/inc/bparr.hxx:103:21 in BigPtrEntry::GetArray() const Shadow bytes around the buggy address: 0x0c08800bd280: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa 0x0c08800bd290: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa 0x0c08800bd2a0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa 0x0c08800bd2b0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd 0x0c08800bd2c0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa =>0x0c08800bd2d0: fa fa[fd]fd fd fd fd fa fa fa fd fd fd fd fd fa 0x0c08800bd2e0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa 0x0c08800bd2f0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa 0x0c08800bd300: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa 0x0c08800bd310: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa 0x0c08800bd320: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==15622==ABORTING Error: a unit test failed, please do one of: export DEBUGCPPUNIT=TRUE # for exception catching export CPPUNITTRACE="gdb --args" # for interactive debugging on Linux export VALGRIND=memcheck # for memory checking and retry using: make CppunitTest_sw_uiwriter
_______________________________________________ LibreOffice mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice
