Fix stack-use-after-return when moving a slide in the list

Desktop / LibreOffice - Stephan Bergmann [redhat.com] - 11 September 2019 17:26 EDT

...very far, so that the list needs to scroll:

> ==1676==ERROR: AddressSanitizer: stack-use-after-return on address 0x7f039a1e6420 at pc 0x7f03c34e0658 bp 0x7ffede26b140 sp 0x7ffede26b138 > READ of size 8 at 0x7f039a1e6420 thread T0 > #0 in Point::X() const at include/tools/gen.hxx:78:44 (instdir/program/libvcllo.so +0x5cf6657) > #1 in OutputDevice::PixelToLogic(Point const&) const at vcl/source/outdev/map.cxx:1191:47 > #2 in sd::slidesorter::controller::DragAndDropContext::UpdatePosition(Point const&, sd::slidesorter::controller::InsertionIndicatorHandler::Mode, bool) at sd/source/ui/slidesorter/controller/SlsDragAndDropContext.cxx:84:47 > #3 in sd::slidesorter::controller::DragAndDropContext::UpdatePosition(Point const&, sd::slidesorter::controller::InsertionIndicatorHandler::Mode, bool)::$_0::operator()() const at sd/source/ui/slidesorter/controller/SlsDragAndDropContext.cxx:92:34 > #4 in void std::__invoke_impl(std::__invoke_other, sd::slidesorter::controller::DragAndDropContext::UpdatePosition(Point const&, sd::slidesorter::controller::InsertionIndicatorHandler::Mode, bool)::$_0&) at gcc/x86_64-pc-linux-gnu/10.0.0/../../../../include/c++/10.0.0/bits/invoke.h:60:14 > #5 in std::enable_if, void>::type std::__invoke_r(sd::slidesorter::controller::DragAndDropContext::UpdatePosition(Point const&, sd::slidesorter::controller::InsertionIndicatorHandler::Mode, bool)::$_0&) at gcc/x86_64-pc-linux-gnu/10.0.0/../../../../include/c++/10.0.0/bits/invoke.h:110:2 > #6 in std::_Function_handler::_M_invoke(std::_Any_data const&) at gcc/x86_64-pc-linux-gnu/10.0.0/../../../../include/c++/10.0.0/bits/std_function.h:291:9 > #7 in std::function::operator()() const at gcc/x86_64-pc-linux-gnu/10.0.0/../../../../include/c++/10.0.0/bits/std_function.h:622:14 > #8 in sd::slidesorter::controller::ScrollBarManager::RepeatAutoScroll() at sd/source/ui/slidesorter/controller/SlsScrollBarManager.cxx:518:17 > #9 in sd::slidesorter::controller::ScrollBarManager::AutoScrollTimeoutHandler(Timer*) at sd/source/ui/slidesorter/controller/SlsScrollBarManager.cxx:539:5 > #10 in sd::slidesorter::controller::ScrollBarManager::LinkStubAutoScrollTimeoutHandler(void*, Timer*) at sd/source/ui/slidesorter/controller/SlsScrollBarManager.cxx:537:1 > #11 in Link::Call(Timer*) const at include/tools/link.hxx:112:45 > #12 in Timer::Invoke() at vcl/source/app/timer.cxx:75:21 > #13 in Scheduler::ProcessTaskScheduling() at vcl/source/app/scheduler.cxx:479:20 > #14 in Scheduler::CallbackTaskScheduling() at vcl/source/app/scheduler.cxx:287:5 > #15 in SalTimer::CallCallback() at vcl/inc/saltimer.hxx:54:13 > #16 in sal_gtk_timeout_dispatch(_GSource*, int (*)(void*), void*) at vcl/unx/gtk3/gtk3gtkdata.cxx:761:45 > #17 in g_main_dispatch at ../glib/gmain.c:3189:28 > [...] > Address 0x7f039a1e6420 is located in stack of thread T0 at offset 32 in frame > #0 in sd::slidesorter::controller::SelectionFunction::MouseDragged(AcceptDropEvent const&, signed char) at sd/source/ui/slidesorter/controller/SlsSelectionFunction.cxx:630 (instdir/program/../program/libsdlo.so +0x5c22e1f) > This frame has 1 object(s): > [32, 104) 'aEventDescriptor' (line 631) <== Memory access at offset 32 is inside this variable > HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork > (longjmp and C++ exceptions *are* supported)

Presumably a regression introduced with 26912eea7521dd2b84bfac56b322cf0f8b142450 "sd: replace boost::bind with C++11 lambdas and for loops", assuming that boost::bind bound rMousePosition by value.

Change-Id: I4cefc5974b7377ff4918d59b51fc8cda41292702 Reviewed-on: https://gerrit.libreoffice.org/78774

833c23264b53 Fix stack-use-after-return when moving a slide in the list
sd/source/ui/slidesorter/controller/SlsDragAndDropContext.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Upstream: cgit.freedesktop.org


  • Share