crashtesting: crash on reexport of tdf118346-1.odg to odg

Desktop / LibreOffice - Caolán McNamara [redhat.com] - 3 April 2020 18:02 UTC

make a copy of m_pImpGraphicList because if we swap out a svg, the svg filter may create more temp Graphics which are auto-added to m_pImpGraphicList invalidating a loop over m_pImpGraphicList

#0 0x00007ffff0d25ae5 in vcl::graphic::Manager::reduceGraphicMemory() (this=0x7ffff1bc4760 ) at vcl/source/graphic/Manager.cxx:88 #1 0x00007ffff0d25ee9 in vcl::graphic::Manager::registerGraphic(std::shared_ptr const&, rtl::OUString const&) (this=0x7ffff1bc4760 , pImpGraphic=std::shared_ptr (use count 1, weak count 0) = {...}) at vcl/source/graphic/Manager.cxx:139 #2 0x00007ffff0d26406 in vcl::graphic::Manager::newInstance() (this=0x7ffff1bc4760 ) at vcl/source/graphic/Manager.cxx:184 #3 0x00007ffff0b6735c in Graphic::Graphic() (this=0x7fffffff84f0) at vcl/source/gdi/graph.cxx:182 #4 0x00007fffdc526600 in svgio::svgreader::SvgImageNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const (this=0x555556817940, rTarget=...) at svgio/source/svgreader/svgimagenode.cxx:219 #5 0x00007fffdc52e75d in svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const (this=0x55555a6a93d0, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgnode.cxx:529 #6 0x00007fffdc522339 in svgio::svgreader::SvgGNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const (this=0x55555a6a93d0, rTarget=..., bReferenced=false) at svgio/source/svgreader/svggnode.cxx:106 #7 0x00007fffdc52e75d in svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const (this=0x55555a6a9070, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgnode.cxx:529 #8 0x00007fffdc522339 in svgio::svgreader::SvgGNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const (this=0x55555a6a9070, rTarget=..., bReferenced=false) at svgio/source/svgreader/svggnode.cxx:106 #9 0x00007fffdc52e75d in svgio::svgreader::SvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const (this=0x55555a5f9150, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgnode.cxx:529 #10 0x00007fffdc54d19f in svgio::svgreader::SvgSvgNode::decomposeSvgNode(drawinglayer::primitive2d::Primitive2DContainer&, bool) const (this=0x55555a5f9150, rTarget=..., bReferenced=false) at svgio/source/svgreader/svgsvgnode.cxx:304 #11 0x00007fffdc571373 in svgio::svgreader::(anonymous namespace)::XSvgParser::getDecomposition(com::sun::star::uno::Reference const&, rtl::OUString const&) (this=0x55555a69c6d0, xSVGStream=uno::Reference to (comphelper::SequenceInputStream *) 0x555557480668, aAbsolutePath="") at svgio/source/svguno/xsvgparser.cxx:160 #12 0x00007ffff0cf849b in VectorGraphicData::ensureSequenceAndRange() (this=0x555556ea7540) at vcl/source/gdi/vectorgraphicdata.cxx:196 #13 0x00007ffff0cf9124 in VectorGraphicData::getRange() const (this=0x555556ea7540) at vcl/source/gdi/vectorgraphicdata.cxx:323 #14 0x00007ffff0b74da7 in ImpGraphic::ImplGetPrefSize() const (this=0x5555588b00f0) at vcl/source/gdi/impgraph.cxx:778 #15 0x00007ffff0b76623 in ImpGraphic::ImplWriteEmbedded(SvStream&) (this=0x5555588b00f0, rOStm=...) at vcl/source/gdi/impgraph.cxx:1235 #16 0x00007ffff0b770a1 in ImpGraphic::ImplSwapOut(SvStream*) (this=0x5555588b00f0, xOStm=0x55555826b7d0) at vcl/source/gdi/impgraph.cxx:1377 #17 0x00007ffff0b76bdb in ImpGraphic::ImplSwapOut() (this=0x5555588b00f0) at vcl/source/gdi/impgraph.cxx:1328 #18 0x00007ffff0d25c88 in vcl::graphic::Manager::reduceGraphicMemory() (this=0x7ffff1bc4760 ) at vcl/source/graphic/Manager.cxx:107 #19 0x00007ffff0d25ee9 in vcl::graphic::Manager::registerGraphic(std::shared_ptr const&, rtl::OUString const&) (this=0x7ffff1bc4760 , pImpGraphic=std::shared_ptr (use count 1, weak count 0) = {...}) at vcl/source/graphic/Manager.cxx:139 #20 0x00007ffff0d26406 in vcl::graphic::Manager::newInstance() (this=0x7ffff1bc4760 ) at vcl/source/graphic/Manager.cxx:184 #21 0x00007ffff0b6735c in Graphic::Graphic() (this=0x555556d5ea68) at vcl/source/gdi/graph.cxx:182

Change-Id: I4e1ffcb12ead0d53b7ca2f369154e9c753af77d8 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/91650

6fa2891da485 crashtesting: crash on reexport of tdf118346-1.odg to odg
vcl/source/graphic/Manager.cxx | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

Upstream: cgit.freedesktop.org


  • Share