Apache OpenOffice (AOO) Bugzilla – Issue 68365
Valgrind ID:175, Invalid read of size 4
Last modified: 2017-05-20 10:48:15 UTC
This task has been generated by valgrind checks. Source code candidate: sd/source/ui/inc/DrawViewShell.hxx ErrorType: Invalid read ErrorText: Invalid read of size 4 Stack: sd::outliner::OutlinerContainer::CreateDocumentIterator(SdDrawDocument*, sd::DrawViewShell*, bool, sd::outliner::IteratorLocation) DrawViewShell.hxx:262 0xB0C9585 sd::outliner::OutlinerContainer::CreateIterator(sd::outliner::IteratorLocation) OutlinerIterator.cxx:244 0xB0C9648 sd::outliner::OutlinerContainer::current() OutlinerIterator.cxx:225 0xB0C9663 sd::Outliner::Initialize(bool) Outliner.cxx:635 0xB0C5CE0 sd::Outliner::StartSearchAndReplace(SvxSearchItem const*) srchitem.hxx:161 0xB0C85F4 sd::FuSearch::SearchAndReplace(SvxSearchItem const*) fusearch.cxx:182 0xB12A7C4 sd::DrawDocShell::Execute(SfxRequest&) ref.hxx:179 0xB13B71D SfxStubDrawDocShellExecute(SfxShell*, SfxRequest&) sdslots.hxx:14997 0xB1380FD SfxDispatcher::Call_Impl(SfxShell&, SfxSlot const&, SfxRequest&, unsigned char) shell.hxx:226 0x9E5A272 SfxDispatcher::_Execute(SfxShell&, SfxSlot const&, SfxRequest&, unsigned short) dispatch.cxx:1073 0x9E5A794 SfxBindings::Execute_Impl(SfxRequest&, SfxSlot const*, SfxShell*) bindings.cxx:1727 0x9E508EC SfxBindings::Execute_Impl(unsigned short, SfxPoolItem const**, unsigned short, unsigned short, SfxPoolItem const**, unsigned char) bindings.cxx:1623 0x9E52585 Address allocation Stack: ADDR: Address 0xCE8D0E4 is not stack'd, malloc'd or (recently) free'd TESTS: g_findreplace
Accepted.
wrong component
set target to 3.x
In a Valgrind run on BEA300.m2 (VID 148), the following occurred which I assume to be a related probem? Detailed Valgrind Info: Invalid read of size 2 TabBar::GetCurPageId() const tabbar.hxx:450 0xBF30DE6 sd::DrawViewShell::GetCurPageId() DrawViewShell.hxx:280 0xBF34F39 sd::outliner::OutlinerContainer::GetPageIndex(SdDrawDocument*, sd::DrawViewShell*, PageKind, EditMode, bool, sd::outliner::IteratorLocation) OutlinerIterator.cxx:363 0xBF92811 sd::outliner::OutlinerContainer::CreateDocumentIterator(SdDrawDocument*, sd::DrawViewShell*, bool, sd::outliner::IteratorLocation) OutlinerIterator.cxx:328 0xBF9271C sd::outliner::OutlinerContainer::CreateIterator(sd::outliner::IteratorLocation) OutlinerIterator.cxx:225 0xBF92494 sd::outliner::OutlinerContainer::current() OutlinerIterator.cxx:207 0xBF923E2 sd::Outliner::Initialize(bool) Outliner.cxx:586 0xBF8DF9A sd::Outliner::StartSearchAndReplace(SvxSearchItem const*) Outliner.cxx:552 0xBF8DE6D sd::FuSearch::SearchAndReplace(SvxSearchItem const*) fusearch.cxx:161 0xC1F04CF sd::DrawDocShell::Execute(SfxRequest&) docshel3.cxx:183 0xBFDE9A0 SfxStubDrawDocShellExecute(SfxShell*, SfxRequest&) sdslots.hxx:14683 0xBFDA40B SfxShell::CallExec(void (*)(SfxShell*, SfxRequest&), SfxRequest&) shell.hxx:204 0x4ACA9B1 ADDR: Address 0x6871098 is not stack'd, malloc'd or (recently) free'd TESTS: g_findreplace Changed prio and target, becasue this is a potential crash.
get on cc
Well, the last seems to be nearer to i68366. But the following two findings (VIDs 146, 147) in the Valgrind run on BEA300m2 may relate to this: Invalid read of size 4 sd::DrawViewShell::GetEditMode() const DrawViewShell.hxx:245 0xBF34F1C sd::outliner::OutlinerContainer::CreateDocumentIterator(SdDrawDocument*, sd::DrawViewShell*, bool, sd::outliner::IteratorLocation) OutlinerIterator.cxx:307 0xBF926A2 sd::outliner::OutlinerContainer::CreateIterator(sd::outliner::IteratorLocation) OutlinerIterator.cxx:225 0xBF92494 sd::outliner::OutlinerContainer::current() OutlinerIterator.cxx:207 0xBF923E2 sd::Outliner::Initialize(bool) Outliner.cxx:586 0xBF8DF9A sd::Outliner::StartSearchAndReplace(SvxSearchItem const*) Outliner.cxx:552 0xBF8DE6D sd::FuSearch::SearchAndReplace(SvxSearchItem const*) fusearch.cxx:161 0xC1F04CF sd::DrawDocShell::Execute(SfxRequest&) docshel3.cxx:183 0xBFDE9A0 SfxStubDrawDocShellExecute(SfxShell*, SfxRequest&) sdslots.hxx:14683 0xBFDA40B SfxShell::CallExec(void (*)(SfxShell*, SfxRequest&), SfxRequest&) shell.hxx:204 0x4ACA9B1 SfxDispatcher::Call_Impl(SfxShell&, SfxSlot const&, SfxRequest&, unsigned char) dispatch.cxx:306 0x4AC4A27 SfxDispatcher::_Execute(SfxShell&, SfxSlot const&, SfxRequest&, unsigned short) dispatch.cxx:1073 0x4AC5FF7 ADDR: Address 0x687112c is not stack'd, malloc'd or (recently) free'd TEST: g_findreplace Invalid read of size 4 sd::DrawViewShell::GetPageKind() DrawViewShell.hxx:239 0xBF34F0E sd::outliner::OutlinerContainer::CreateDocumentIterator(SdDrawDocument*, sd::DrawViewShell*, bool, sd::outliner::IteratorLocation) OutlinerIterator.cxx:306 0xBF92694 sd::outliner::OutlinerContainer::CreateIterator(sd::outliner::IteratorLocation) OutlinerIterator.cxx:225 0xBF92494 sd::outliner::OutlinerContainer::current() OutlinerIterator.cxx:207 0xBF923E2 sd::Outliner::Initialize(bool) Outliner.cxx:586 0xBF8DF9A sd::Outliner::StartSearchAndReplace(SvxSearchItem const*) Outliner.cxx:552 0xBF8DE6D sd::FuSearch::SearchAndReplace(SvxSearchItem const*) fusearch.cxx:161 0xC1F04CF sd::DrawDocShell::Execute(SfxRequest&) docshel3.cxx:183 0xBFDE9A0 SfxStubDrawDocShellExecute(SfxShell*, SfxRequest&) sdslots.hxx:14683 0xBFDA40B SfxShell::CallExec(void (*)(SfxShell*, SfxRequest&), SfxRequest&) shell.hxx:204 0x4ACA9B1 SfxDispatcher::Call_Impl(SfxShell&, SfxSlot const&, SfxRequest&, unsigned char) dispatch.cxx:306 0x4AC4A27 SfxDispatcher::_Execute(SfxShell&, SfxSlot const&, SfxRequest&, unsigned short) dispatch.cxx:1073 0x4AC5FF7 ADDR: Address 0x6871130 is not stack'd, malloc'd or (recently) free'd TEST: g_findreplace Maybe, i68365 and i68366 have the same origin?
@np: Please do not include further valgrind stacks that are not duplicates. This is rather confusing. Please use references to the respective issues instead. By the way. Can you provide the issue ids for the mentioned valgrind ids 146 - 148?
np->af: The first added one (148) was an error to add. But the other ones to me seem to be the same bug. And VID 148 of the new run IMHO obviusly relates to i68366. Therefore there are no new issue ids. If you find out, they are indeed different, we can create new tasks for them.
The valgrind problems reported above are caused by an invalid static_cast in sd/source/ui/view/OutlinerIterator.cxx. In the OutlinerContainer::CreateIterator(.) method an OutlinerViewShell object is casted to DrawViewShell even though DrawViewShell is not derived from OutlinerViewShell (but both have a common base class.) This is ugly and may lead to wrong behavior when searching in the Impress outline view. But it is unlikely that this will result in a crash: even though the cast is wrong, it is applied to a valid object (no NULL pointer) and only integers and enum values are read. The only problem may result from processing the wrong values but this will unlikely result in a crash. The fix for this will probably no be simple and may introduce regression issues. Therefore I reduce target and priority.
*** Issue 68366 has been marked as a duplicate of this issue. ***
Setting target to OOo 3.2 due to time constraints.
Setting target to OOo 3.3.
Changing target due to time constraints.
Reset assigne to the default "issues@openoffice.apache.org".