lok: don't crash accessing an invalid ObjectContact cache

Fix description: Avoid storing a reference to the object-contact (sdr::contact::ObjectContact) of the page-window (SdrPageWindow) related to ScDrawView in the "proxy" object-contact. In the current setup there is no way to invalidate the proxy object when the original object-contact and its page-window are destroyed (in this case it seems during a sheet-switch). Instead query the real object contact just in time when the grid offsets are requested from the proxy object-contact. Performance: Behaviour of offset computation is not affected. It is still cached in the "real" object contact and it is only computed after it gets invalidated (because of change in zoom) Crasher reproduction(LOK): 1. Create a spreadsheet with two sheets - one with a table of texts and shapes and other may be empty. 2. In first sheet select a single row(via header) and press Ctrl+X. 3. Go to the empty sheet, and paste (Ctrl+V) and save immediately using Ctrl+S. ---Relevant part of backtrace----------------- <signal handler called> 0x00007ff96781cc70 in main_arena () from /lib64/libc.so.6 0x00007ff964f2f47b in sdr::contact::ViewObjectContact::getGridOffset (this=0x6f01f20) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewobjectcontact.cxx:456 0x00007ff95cffac5a in (anonymous namespace)::ScLOKProxyObjectContact::calculateGridOffsetForViewOjectContact (this=0x6fb00a0, rTarget=..., rClient=...) at /opt/libreoffice/co-2021/sc/source/ui/view/gridwin4.cxx:1315 0x00007ff964f2f493 in sdr::contact::ViewObjectContact::getGridOffset (this=this@entry=0x5e0c5e0) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewobjectcontact.cxx:459 0x00007ff964f30732 in sdr::contact::ViewObjectContact::getPrimitive2DSequence (this=0x5e0c5e0, rDisplayInfo=...) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewobjectcontact.cxx:364 0x00007ff964f30a82 in sdr::contact::ViewObjectContact::getObjectRange (this=0x5e0c5e0) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewobjectcontact.cxx:198 0x00007ff964f30d00 in sdr::contact::ViewObjectContact::ActionChanged (this=0x5e0c5e0) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewobjectcontact.cxx:220 0x00007ff964f20294 in sdr::contact::ViewContact::ActionChildInserted (this=0x5dd83a0, rChild=...) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewcontact.cxx:180 0x00007ff96506628a in SdrObjList::impChildInserted (rChild=...) at /opt/libreoffice/co-2021/svx/source/svdraw/svdpage.cxx:288 0x00007ff9650692f8 in SdrObjList::NbcInsertObject (this=this@entry=0x5de80d0, pObj=pObj@entry=0x6f48040, nPos=0, nPos@entry=18446744073709551615) at /opt/libreoffice/co-2021/svx/source/svdraw/svdpage.cxx:309 0x00007ff9650696b5 in SdrObjList::NbcInsertObject (nPos=<optimized out>, pObj=0x6f48040, this=0x5de80d0) at /opt/libreoffice/co-2021/svx/source/svdraw/svdpage.cxx:295 SdrObjList::InsertObject (this=0x5de80d0, pObj=0x6f48040, nPos=18446744073709551615) at /opt/libreoffice/co-2021/svx/source/svdraw/svdpage.cxx:359 0x00007ff9652bc391 in FmFormPage::InsertObject (this=0x5de80d0, pObj=0x6f48040, nPos=<optimized out>) at /opt/libreoffice/co-2021/svx/source/form/fmpage.cxx:79 0x00007ff95c8e26b5 in (anonymous namespace)::ScNoteCaptionCreator::ScNoteCaptionCreator (this=0x7fff5432ec60, rDoc=..., rPos=..., rNoteData=...) at /opt/libreoffice/co-2021/sc/source/core/data/postit.cxx:430 0x00007ff95c8e3425 in ScPostIt::CreateCaptionFromInitData (this=0x5f0c760, rPos=...) at /opt/libreoffice/co-2021/sc/source/core/data/postit.cxx:1043 0x00007ff95c8e4419 in ScPostIt::GetOrCreateCaption (this=0x5f0c760, rPos=...) at /opt/libreoffice/co-2021/sc/source/core/data/postit.cxx:952 0x00007ff95c7a05f8 in (anonymous namespace)::NoteCaptionCreator::operator() (p=<optimized out>, nRow=0, this=0x7fff5432ed68) at /opt/libreoffice/co-2021/sc/source/core/data/column4.cxx:647 sc::EachElem<mdds::mtv::noncopyable_managed_element_block<55, ScPostIt>, gnu_cxx::normal_iterator<ScPostIt**, std::vector<ScPostIt*, std::allocator<ScPostIt*> > >, mdds::detail::mtv::iterator_value_node<unsigned long, mdds::mtv::base_element_block>, (anonymous namespace)::NoteCaptionCreator> (rNode=<error reading variable: access outside bounds of object referenced via synthetic pointer>, rNode=<error reading variable: access outside bounds of object referenced via synthetic pointer>, rFuncElem=...) at /opt/libreoffice/co-2021/sc/inc/mtvfunctions.hxx:120 sc::ProcessElements1<mdds::multi_type_vector<mdds::mtv::custom_block_func1<mdds::mtv::noncopyable_managed_element_block<55, ScPostIt> > >, mdds::mtv::noncopyable_managed_element_block<55, ScPostIt>, (anonymous namespace)::NoteCaptionCreator, sc::FuncElseNoOp<unsigned long> > (rFuncElse=<synthetic pointer>..., rFuncElem=..., rStore=...) at /opt/libreoffice/co-2021/sc/inc/mtvfunctions.hxx:320 sc::ProcessNote<(anonymous namespace)::NoteCaptionCreator> (rFunc=..., rStore=...) at /opt/libreoffice/co-2021/sc/inc/mtvcellfunc.hxx:148 ScColumn::CreateAllNoteCaptions (this=<optimized out>) at /opt/libreoffice/co-2021/sc/source/core/data/column4.cxx:668 0x00007ff95c901bf0 in ScTable::CreateAllNoteCaptions (this=0x5adcb60) at /opt/libreoffice/co-2021/sc/source/core/data/table2.cxx:1698 0x00007ff95c808bcd in ScDocument::CreateAllNoteCaptions (this=<optimized out>) at /opt/libreoffice/co-2021/sc/source/core/data/document.cxx:6614 0x00007ff95cbedcc5 in ScXMLImportWrapper::Export (this=this@entry=0x7fff5432f110, bStylesOnly=bStylesOnly@entry=false) at /opt/libreoffice/co-2021/sc/source/filter/xml/xmlwrap.cxx:730 0x00007ff95ccfd896 in ScDocShell::SaveXML (this=0x5c4c330, pSaveMedium=<optimized out>, xStor=...) at /opt/libreoffice/co-2021/sc/source/ui/docshell/docsh.cxx:556 0x00007ff95cd009c7 in ScDocShell::SaveAs (this=0x5c4c330, rMedium=...) at /opt/libreoffice/co-2021/sc/source/ui/docshell/docsh.cxx:1801 0x00007ff965eac870 in SfxObjectShell::SaveAsOwnFormat (this=0x5c4c330, rMedium=...) at /opt/libreoffice/co-2021/sfx2/source/doc/objstor.cxx:3170 0x00007ff965eaf621 in SfxObjectShell::SaveTo_Impl (this=0x5c4c330, rMedium=..., pSet=0x6fb2930) at /opt/libreoffice/co-2021/sfx2/source/doc/objstor.cxx:1446 0x00007ff965eb0a2d in SfxObjectShell::DoSave_Impl (this=0x5c4c330, pArgs=0x6fb2930) at /opt/libreoffice/co-2021/sfx2/source/doc/objstor.cxx:2579 0x00007ff965ee3c76 in SfxBaseModel::storeSelf (this=0x5c491c0, aSeqArgs=...) at /opt/libreoffice/co-2021/sfx2/source/doc/sfxbasemodel.cxx:1631 0x00007ff965e78a5f in SfxStoringHelper::GUIStoreModel (this=this@entry=0x7fff5432fb30, xModel=..., aSlotName="Save", aArgsSequence=..., bPreselectPassword=bPreselectPassword@entry=false, nDocumentSignatureState=nDocumentSignatureState@entry=SignatureState::NOSIGNATURES) at /opt/libreoffice/co-2021/sfx2/source/doc/guisaveas.cxx:281 0x00007ff965e98964 in SfxObjectShell::ExecFile_Impl (this=0x5c4c330, rReq=...) at /opt/libreoffice/co-2021/sfx2/source/doc/objserv.cxx:965 0x00007ff965d44d2c in SfxShell::CallExec (rReq=..., pFunc=<optimized out>, this=0x5c4c330) at /opt/libreoffice/co-2021/include/sfx2/shell.hxx:197 SfxShell::ExecuteSlot (this=0x5c4c330, rReq=..., pIF=0x5c3c640, pIF@entry=0x0) at /opt/libreoffice/co-2021/sfx2/source/control/shell.cxx:440 0x00007ff95d081af4 in ScTabViewShell::ExecuteSave (this=0x5e9b100, rReq=...) at /opt/libreoffice/co-2021/sc/source/ui/inc/viewdata.hxx:354 0x00007ff965d249bf in SfxShell::CallExec (rReq=..., pFunc=<optimized out>, this=0x5e9b100) at /opt/libreoffice/co-2021/include/sfx2/shell.hxx:197 SfxDispatcher::Call_Impl (this=0x6017d30, rShell=..., rSlot=..., rReq=..., bRecord=<optimized out>) at /opt/libreoffice/co-2021/sfx2/source/control/dispatch.cxx:252 0x00007ff965d2cb02 in SfxDispatcher::Execute (this=0x6017d30, nSlot=<optimized out>, nCall=nCall@entry=SfxCallMode::SYNCHRON, pArgs=pArgs@entry=0x7d33110, pInternalArgs=pInternalArgs@entry=0x7fff5432ffd0, nModi=nModi@entry=0) at /opt/libreoffice/co-2021/sfx2/source/control/dispatch.cxx:810 0x00007ff965d71ab4 in SfxDispatchController_Impl::dispatch (this=0x7230170, aURL=..., aArgs=..., rListener=...) at /opt/libreoffice/co-2021/include/sfx2/ctrlitem.hxx:63 0x00007ff965d71f57 in SfxOfficeDispatch::dispatchWithNotification (this=0x6f0a210, aURL=..., aArgs=..., rListener=...) at /usr/include/c++/11/bits/unique_ptr.h:173 ----------------------------------------- Change-Id: I00eac440546624bc448dcd30499957dea7c1de87 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126468 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
author: Dennis Francis <dennis.francis@collabora.com> 2021-12-07 14:32:57 +0530
committer: Michael Meeks <michael.meeks@collabora.com> 2021-12-08 13:07:28 +0100
commit: 9da28334d6acaae9d69819a8b53aae029460f206 (patch)
tree: fafd667cd5bda6d9f90bee4fc2e40ecd6840b69f
parent: 962f906395d4b73291df25558dd259af2cb549fc (diff)
1 files changed, 18 insertions, 13 deletions
diff --git a/sc/source/ui/view/gridwin4.cxx b/sc/source/ui/view/gridwin4.cxx
index a348e6eca898..4128a8ca596a 100644
--- a/sc/source/ui/view/gridwin4.cxx
+++ b/sc/source/ui/view/gridwin4.cxx
@@ -1292,15 +1292,15 @@ namespace
     class ScLOKProxyObjectContact final : public sdr::contact::ObjectContactOfPageView
     {
     private:
-        sdr::contact::ObjectContact& mrRealObjectContact;
+        ScDrawView* pScDrawView;
 
     public:
         explicit ScLOKProxyObjectContact(
-            sdr::contact::ObjectContact& rRealOC,
+            ScDrawView* pDrawView,
             SdrPageWindow& rPageWindow,
             const char* pDebugName) :
             ObjectContactOfPageView(rPageWindow, pDebugName),
-            mrRealObjectContact(rRealOC)
+            pScDrawView(pDrawView)
         {
         }
 
@@ -1310,9 +1310,22 @@ namespace
             basegfx::B2DVector& rTarget,
             const sdr::contact::ViewObjectContact& rClient) const override
         {
+            if (!pScDrawView)
+                return;
+
+            SdrPageView* pPageView(pScDrawView->GetSdrPageView());
+            if (!pPageView)
+                return;
+
+            SdrPageWindow* pSdrPageWindow = pPageView->GetPageWindow(0);
+            if (!pSdrPageWindow)
+                return;
+
+            sdr::contact::ObjectContact& rObjContact(pSdrPageWindow->GetObjectContact());
+
             SdrObject* pTargetSdrObject(rClient.GetViewContact().TryToGetSdrObject());
             if (pTargetSdrObject)
-                rTarget = pTargetSdrObject->GetViewContact().GetViewObjectContact(mrRealObjectContact).getGridOffset();
+                rTarget = pTargetSdrObject->GetViewContact().GetViewObjectContact(rObjContact).getGridOffset();
         }
     };
 
@@ -1331,15 +1344,7 @@ namespace
             if (!pScDrawView)
                 return SdrView::createViewSpecificObjectContact(rPageWindow, pDebugName);
 
-            SdrPageView* pPageView(pScDrawView->GetSdrPageView());
-            if (!pPageView)
-                return SdrView::createViewSpecificObjectContact(rPageWindow, pDebugName);
-
-            SdrPageWindow* pSdrPageWindow = pPageView->GetPageWindow(0);
-            if (!pSdrPageWindow)
-                return SdrView::createViewSpecificObjectContact(rPageWindow, pDebugName);
-
-            return new ScLOKProxyObjectContact(pSdrPageWindow->GetObjectContact(), rPageWindow, pDebugName);
+            return new ScLOKProxyObjectContact(pScDrawView, rPageWindow, pDebugName);
         }
 
     private:
author	Dennis Francis <dennis.francis@collabora.com>	2021-12-07 14:32:57 +0530
committer	Michael Meeks <michael.meeks@collabora.com>	2021-12-08 13:07:28 +0100
commit	9da28334d6acaae9d69819a8b53aae029460f206 (patch)
tree	fafd667cd5bda6d9f90bee4fc2e40ecd6840b69f
parent	962f906395d4b73291df25558dd259af2cb549fc (diff)