source

Noel Grandin (via logerrit) Thu, 23 Feb 2023 07:53:00 -0800

 sc/inc/docpool.hxx             |    4 ++++
 sc/source/core/data/column.cxx |    2 ++
 2 files changed, 6 insertions(+)


New commits:
commit cacd5a0cd263dbf072d5ad36dc651ad1e7df5826
Author:     Noel Grandin <noel.gran...@collabora.co.uk>
AuthorDate: Thu Feb 23 14:03:58 2023 +0200
Commit:     Noel Grandin <noel.gran...@collabora.co.uk>
CommitDate: Thu Feb 23 15:52:29 2023 +0000

    attempted fix for CppunitTest_sc_uicalc
    
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior 
include/svl/setitem.hxx:47:51 in
    =================================================================
    ==357324==ERROR: AddressSanitizer: heap-use-after-free on address 
0x60c001c9c340 at pc 0x7fa4bb883389 bp 0x7ffc2482f5f0 sp 0x7ffc2482f5e8
    READ of size 2 at 0x60c001c9c340 thread T0
        #1 in SfxItemSet::Get(unsigned short, bool) const 
svl/source/items/itemset.cxx:801:26
        #2 in SfxUInt32Item const& 
SfxItemSet::Get<SfxUInt32Item>(TypedWhichId<SfxUInt32Item>, bool) const 
include/svl/itemset.hxx:102:38
        #3 in (anonymous namespace)::getNumberFormatKey(SfxItemSet const&) 
sc/source/core/data/patattr.cxx:1291:17
        #4 in ScPatternAttr::GetNumberFormat(SvNumberFormatter*, SfxItemSet 
const*) const sc/source/core/data/patattr.cxx:1335:19
        #5 in ScColumn::UpdateScriptType() 
sc/source/core/data/column3.cxx:871:36
        #6 in ScColumn::GetRangeScriptType(...) 
sc/source/core/data/column2.cxx:2338:17
        #7 in ScTable::GetRangeScriptType(sc::ColumnBlockPosition&, short, int, 
int) sc/source/core/data/table1.cxx:2487:23
        #8 in ScDocument::GetRangeScriptType(sc::ColumnBlockPosition&, 
ScAddress const&, int) sc/source/core/data/documen6.cxx:189:32
        #9 in (anonymous namespace)::ScriptTypeAggregator::execute(ScAddress 
const&, int, bool) sc/source/core/data/documen6.cxx:175:31
        #10 in sc::ColumnSpanSet::executeAction(ScDocument&, 
sc::ColumnSpanSet::Action&) const sc/source/core/data/columnspanset.cxx:176:20
        #11 in ScDocument::GetRangeScriptType(ScRangeList const&) 
sc/source/core/data/documen6.cxx:206:10
        #12 in ScViewFunc::GetSelectionScriptType() 
sc/source/ui/view/viewfunc.cxx:898:24
        #13 in ScFormatShell::GetAttrState(SfxItemSet&) 
sc/source/ui/view/formatsh.cxx:2001:34
        ...
        #61 in main2() sal/cppunittester/cppunittester.cxx:483:16
    
    0x60c001c9c340 is located 64 bytes inside of 120-byte region 
[0x60c001c9c300,0x60c001c9c378)
    freed by thread T0 here:
        #0 in operator delete(void*, unsigned long) 
/home/noel/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:164:3
        #1 in ScPatternAttr::~ScPatternAttr() sc/inc/patattr.hxx:53:20
        #2 in SfxItemPool::Remove(SfxPoolItem const&) 
svl/source/items/itempool.cxx:805:13
        #3 in ScAttrArray::SetPatternAreaImpl(int, int, ScPatternAttr const*, 
bool, ScEditDataArray*, bool) sc/source/core/data/attarray.cxx:574:31
        #4 in ScAttrArray::SetPattern(int, ScPatternAttr const*, bool) 
sc/inc/attarray.hxx:148:7
        #5 in ScColumn::ApplyAttr(int, SfxPoolItem const&) 
sc/source/core/data/column.cxx:633:21
        #6 in ScColumn::SetNumberFormat(int, unsigned int) 
sc/source/core/data/column2.cxx:3282:5
        #7 in ScTable::SetNumberFormat(short, int, unsigned int) 
sc/source/core/data/table2.cxx:2278:35
        #8 in ScDocument::SetNumberFormat(ScAddress const&, unsigned int) 
sc/source/core/data/document.cxx:3739:19
        #9 in ScFormulaCell::InterpretTail(ScInterpreterContext&, 
ScFormulaCell::ScInterpretTailParameter) 
sc/source/core/data/formulacell.cxx:2157:31
        #10 in ScFormulaCell::Interpret(int, int) 
sc/source/core/data/formulacell.cxx:1619:13
        #11 in ScFormulaCell::MaybeInterpret() sc/inc/formulacell.hxx:468:17
        #12 in ScFormulaCell::IsValue() 
sc/source/core/data/formulacell.cxx:2760:5
        #13 in lcl_GetCellContent(ScRefCellValue&, bool, double&, 
rtl::OUString&, ScDocument const*) sc/source/core/data/conditio.cxx:744:40
        #14 in ScConditionEntry::IsCellValid(ScRefCellValue&, ScAddress const&) 
const sc/source/core/data/conditio.cxx:1243:17
        #15 in ScConditionalFormat::GetCellStyle(ScRefCellValue&, ScAddress 
const&) const sc/source/core/data/conditio.cxx:1812:24
        #16 in ScDocument::GetCondResult(ScRefCellValue&, ScAddress const&, 
ScConditionalFormatList const&, o3tl::sorted_vector<unsigned int, 
std::less<unsigned int>, o3tl::find_unique, true> const&) const 
sc/source/core/data/documen4.cxx:828:41
        #17 in ScColumn::UpdateScriptType(sc::CellTextAttr&, int, 
mdds::mtv::soa::detail::iterator_base<mdds::mtv::soa::multi_type_vector<sc::CellStoreTraits>::iterator_trait>&)
 sc/source/core/data/column3.cxx:865:30
        #18 in ScColumn::GetRangeScriptType(int, 
mdds::mtv::soa::detail::iterator_base<mdds::mtv::soa::multi_type_vector<sc::CellStoreTraits>::iterator_trait>
 const&) sc/source/core/data/column2.cxx:2338:17
        #19 in ScTable::GetRangeScriptType(sc::ColumnBlockPosition&, short, 
int, int)
            sc/source/core/data/table1.cxx:2487:23
    
    previously allocated by thread T60 here:
        #0 in operator new(unsigned long) 
/home/noel/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:95:3
        #1 in ScAttrArray::AddCondFormat(int, int, unsigned int)
           sc/source/core/data/attarray.cxx:296:32
        #2 in ScColumn::AddCondFormat(int, int, unsigned int)
           sc/inc/column.hxx:974:17
        #3 in ScTable::AddCondFormatData(ScRangeList const&, unsigned int)
           sc/source/core/data/table2.cxx:2967:43
        #4 in ScDocument::AddCondFormatData(ScRangeList const&, short, unsigned 
int)
           sc/source/core/data/document.cxx:4893:19
        #5 in oox::xls::CondFormat::finalizeImport()
           sc/source/filter/oox/condformatbuffer.cxx:1065:10
        #6 in oox::xls::CondFormatBuffer::finalizeImport()
           sc/source/filter/oox/condformatbuffer.cxx:1189:27
        #7 in oox::xls::WorksheetGlobals::finalizeWorksheetImport()
           sc/source/filter/oox/worksheethelper.cxx:942:22
        #8 in oox::xls::WorksheetHelper::finalizeWorksheetImport()
           sc/source/filter/oox/worksheethelper.cxx:1622:17
        #9 in oox::xls::WorksheetFragment::finalizeImport()
           sc/source/filter/oox/worksheetfragment.cxx:632:5
        #10 0x7fa4511cbf2a in oox::core::FragmentHandler2::endDocument()
           oox/source/core/fragmenthandler2.cxx:53:5
    
    Change-Id: I8d806fd410d1d3a9c06ab141b035153649cf7062
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147513
    Tested-by: Jenkins
    Reviewed-by: Noel Grandin <noel.gran...@collabora.co.uk>

diff --git a/sc/inc/docpool.hxx b/sc/inc/docpool.hxx
index 9280fb3602b0..9a2e24796e80 100644
--- a/sc/inc/docpool.hxx
+++ b/sc/inc/docpool.hxx
@@ -22,6 +22,7 @@
 #include <rtl/ustring.hxx>
 #include <svl/itempool.hxx>
 #include "scdllapi.h"
+#include <mutex>
 
 class ScStyleSheet;
 class ScDocument;
@@ -32,6 +33,9 @@ class SC_DLLPUBLIC ScDocumentPool final : public SfxItemPool
     sal_uInt64 mnCurrentMaxKey;
 
 public:
+    // used when doing loading in parallel to prevent concurrent mutation of 
the pool
+    std::mutex maPoolMutex;
+
             ScDocumentPool();
 private:
             virtual ~ScDocumentPool() override;
diff --git a/sc/source/core/data/column.cxx b/sc/source/core/data/column.cxx
index fea2f84e5be0..d2506074070b 100644
--- a/sc/source/core/data/column.cxx
+++ b/sc/source/core/data/column.cxx
@@ -624,6 +624,8 @@ void ScColumn::ApplyAttr( SCROW nRow, const SfxPoolItem& 
rAttr )
 
     ScDocumentPool* pDocPool = GetDoc().GetPool();
 
+    std::unique_lock aGuard(pDocPool->maPoolMutex);
+
     const ScPatternAttr* pOldPattern = pAttrArray->GetPattern( nRow );
     ScPatternAttr aTemp(*pOldPattern);
     aTemp.GetItemSet().Put(rAttr);

[Libreoffice-commits] core.git: sc/inc sc/source

Reply via email to