To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=105124 Issue #|105124 Summary|[sw] use-after-free in SwDoc::CreateLinkSource Component|Word processor Version|DEV300m58 Platform|All URL| OS/Version|All Status|NEW Status whiteboard| Keywords| Resolution| Issue type|DEFECT Priority|P2 Subcomponent|code Assigned to|mst Reported by|mst
------- Additional comments from m...@openoffice.org Wed Sep 16 13:32:46 +0000 2009 ------- unoapi test sw.SwXTextSection fails; it may crash, and valgrind complains about memory corruption (use-after-free): ==30234== Thread 8: ==30234== Invalid read of size 4 ==30234== at 0x17EB8F26: String::Len() const (string.hxx:568) ==30234== by 0x17F32BE1: CharClass::lower(String const&) const (charclass.hxx:231) ==30234== by 0x182170C3: lcl_FindSection(SwSectionFmt* const&, void*, bool) (docdde.cxx:100) ==30234== by 0x182171DB: lcl_FindSectionCaseInsensitive(SwSectionFmt* const&, void*) (docdde.cxx:124) ==30234== by 0x794B82F: SvPtrarr::_ForEach(unsigned short, unsigned short, unsigned char (*)(void* const&, void*), void*) (in /net/x42-so29/export/home/ms216673/inst/SO_m58_DEV300_li/opt/openoffice.org/basis3.2/program/libsvlli.so) ==30234== by 0x1821874E: SwSectionFmts::ForEach(unsigned short, unsigned short, unsigned char (*)(SwSectionFmt* const&, void*), void*) (docary.hxx:85) ==30234== by 0x18217EB9: SwDoc::CreateLinkSource(String const&) (docdde.cxx:254) ==30234== by 0x182F48D3: SwIntrnlSectRefLink::DataChanged(String const&, com::sun::star::uno::Any const&) (section.cxx:1399) ==30234== by 0x74ACD2A: sfx2::SvBaseLink::Update() (in /net/x42-so29/export/home/ms216673/inst/SO_m58_DEV300_li/opt/openoffice.org/basis3.2/program/libsfxli.so) ==30234== by 0x182F34FA: SwSection::CreateLink(LinkCreateType) (section.cxx:1647) ==30234== by 0x182C1828: SwDoc::ChgSection(unsigned short, SwSection const&, SfxItemSet const*, unsigned char) (ndsect.cxx:721) ==30234== by 0x18348B87: SwXTextSection::SetPropertyValues_Impl(com::sun::star::uno::Sequence<rtl::OUString> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&) (unosect.cxx:867) ==30234== Address 0x17766ab4 is 4 bytes inside a block of size 18 free'd ==30234== at 0x4CA0DFA: free (vg_replace_malloc.c:323) ==30234== by 0x6D8D1B3: rtl_freeMemory (alloc_global.c:315) ==30234== by 0x6D75508: rtl_uString_release (strtmpl.c:1022) ==30234== by 0x7F322AF: String::~String() (in /net/x42-so29/export/home/ms216673/inst/SO_m58_DEV300_li/opt/openoffice.org/basis3.2/program/libtlli.so) ==30234== by 0x18217E5E: SwDoc::CreateLinkSource(String const&) (docdde.cxx:252) ==30234== by 0x182F48D3: SwIntrnlSectRefLink::DataChanged(String const&, com::sun::star::uno::Any const&) (section.cxx:1399) ==30234== by 0x74ACD2A: sfx2::SvBaseLink::Update() (in /net/x42-so29/export/home/ms216673/inst/SO_m58_DEV300_li/opt/openoffice.org/basis3.2/program/libsfxli.so) ==30234== by 0x182F34FA: SwSection::CreateLink(LinkCreateType) (section.cxx:1647) ==30234== by 0x182C1828: SwDoc::ChgSection(unsigned short, SwSection const&, SfxItemSet const*, unsigned char) (ndsect.cxx:721) ==30234== by 0x18348B87: SwXTextSection::SetPropertyValues_Impl(com::sun::star::uno::Sequence<rtl::OUString> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&) (unosect.cxx:867) ==30234== by 0x18348DE5: SwXTextSection::setPropertyValue(rtl::OUString const&, com::sun::star::uno::Any const&) (unosect.cxx:931) ==30234== by 0xC74DD98: (within /net/x42-so29/export/home/ms216673/inst/SO_m58_DEV300_li/opt/openoffice.org/ure/lib/libgcc3_uno.so) --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@sw.openoffice.org For additional commands, e-mail: issues-h...@sw.openoffice.org --------------------------------------------------------------------- To unsubscribe, e-mail: allbugs-unsubscr...@openoffice.org For additional commands, e-mail: allbugs-h...@openoffice.org
