diff options
| author | Noel Grandin <noel.grandin@collabora.co.uk> | 2023-02-23 14:03:58 +0200 |
|---|---|---|
| committer | Noel Grandin <noel.grandin@collabora.co.uk> | 2023-02-23 15:52:29 +0000 |
| commit | cacd5a0cd263dbf072d5ad36dc651ad1e7df5826 (patch) | |
| tree | e47261776b67e0bc3ef7d561029b9f982297ebff | |
| parent | d9865bd5276542ebeea8df79cc1724ae7fbbc2e8 (diff) | |
attempted fix for CppunitTest_sc_uicalc
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior include/svl/setitem.hxx:47:51 in
=================================================================
==357324==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c001c9c340 at pc 0x7fa4bb883389 bp 0x7ffc2482f5f0 sp 0x7ffc2482f5e8
READ of size 2 at 0x60c001c9c340 thread T0
#1 in SfxItemSet::Get(unsigned short, bool) const svl/source/items/itemset.cxx:801:26
#2 in SfxUInt32Item const& SfxItemSet::Get<SfxUInt32Item>(TypedWhichId<SfxUInt32Item>, bool) const include/svl/itemset.hxx:102:38
#3 in (anonymous namespace)::getNumberFormatKey(SfxItemSet const&) sc/source/core/data/patattr.cxx:1291:17
#4 in ScPatternAttr::GetNumberFormat(SvNumberFormatter*, SfxItemSet const*) const sc/source/core/data/patattr.cxx:1335:19
#5 in ScColumn::UpdateScriptType() sc/source/core/data/column3.cxx:871:36
#6 in ScColumn::GetRangeScriptType(...) sc/source/core/data/column2.cxx:2338:17
#7 in ScTable::GetRangeScriptType(sc::ColumnBlockPosition&, short, int, int) sc/source/core/data/table1.cxx:2487:23
#8 in ScDocument::GetRangeScriptType(sc::ColumnBlockPosition&, ScAddress const&, int) sc/source/core/data/documen6.cxx:189:32
#9 in (anonymous namespace)::ScriptTypeAggregator::execute(ScAddress const&, int, bool) sc/source/core/data/documen6.cxx:175:31
#10 in sc::ColumnSpanSet::executeAction(ScDocument&, sc::ColumnSpanSet::Action&) const sc/source/core/data/columnspanset.cxx:176:20
#11 in ScDocument::GetRangeScriptType(ScRangeList const&) sc/source/core/data/documen6.cxx:206:10
#12 in ScViewFunc::GetSelectionScriptType() sc/source/ui/view/viewfunc.cxx:898:24
#13 in ScFormatShell::GetAttrState(SfxItemSet&) sc/source/ui/view/formatsh.cxx:2001:34
...
#61 in main2() sal/cppunittester/cppunittester.cxx:483:16
0x60c001c9c340 is located 64 bytes inside of 120-byte region [0x60c001c9c300,0x60c001c9c378)
freed by thread T0 here:
#0 in operator delete(void*, unsigned long) /home/noel/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:164:3
#1 in ScPatternAttr::~ScPatternAttr() sc/inc/patattr.hxx:53:20
#2 in SfxItemPool::Remove(SfxPoolItem const&) svl/source/items/itempool.cxx:805:13
#3 in ScAttrArray::SetPatternAreaImpl(int, int, ScPatternAttr const*, bool, ScEditDataArray*, bool) sc/source/core/data/attarray.cxx:574:31
#4 in ScAttrArray::SetPattern(int, ScPatternAttr const*, bool) sc/inc/attarray.hxx:148:7
#5 in ScColumn::ApplyAttr(int, SfxPoolItem const&) sc/source/core/data/column.cxx:633:21
#6 in ScColumn::SetNumberFormat(int, unsigned int) sc/source/core/data/column2.cxx:3282:5
#7 in ScTable::SetNumberFormat(short, int, unsigned int) sc/source/core/data/table2.cxx:2278:35
#8 in ScDocument::SetNumberFormat(ScAddress const&, unsigned int) sc/source/core/data/document.cxx:3739:19
#9 in ScFormulaCell::InterpretTail(ScInterpreterContext&, ScFormulaCell::ScInterpretTailParameter) sc/source/core/data/formulacell.cxx:2157:31
#10 in ScFormulaCell::Interpret(int, int) sc/source/core/data/formulacell.cxx:1619:13
#11 in ScFormulaCell::MaybeInterpret() sc/inc/formulacell.hxx:468:17
#12 in ScFormulaCell::IsValue() sc/source/core/data/formulacell.cxx:2760:5
#13 in lcl_GetCellContent(ScRefCellValue&, bool, double&, rtl::OUString&, ScDocument const*) sc/source/core/data/conditio.cxx:744:40
#14 in ScConditionEntry::IsCellValid(ScRefCellValue&, ScAddress const&) const sc/source/core/data/conditio.cxx:1243:17
#15 in ScConditionalFormat::GetCellStyle(ScRefCellValue&, ScAddress const&) const sc/source/core/data/conditio.cxx:1812:24
#16 in ScDocument::GetCondResult(ScRefCellValue&, ScAddress const&, ScConditionalFormatList const&, o3tl::sorted_vector<unsigned int, std::less<unsigned int>, o3tl::find_unique, true> const&) const sc/source/core/data/documen4.cxx:828:41
#17 in ScColumn::UpdateScriptType(sc::CellTextAttr&, int, mdds::mtv::soa::detail::iterator_base<mdds::mtv::soa::multi_type_vector<sc::CellStoreTraits>::iterator_trait>&) sc/source/core/data/column3.cxx:865:30
#18 in ScColumn::GetRangeScriptType(int, mdds::mtv::soa::detail::iterator_base<mdds::mtv::soa::multi_type_vector<sc::CellStoreTraits>::iterator_trait> const&) sc/source/core/data/column2.cxx:2338:17
#19 in ScTable::GetRangeScriptType(sc::ColumnBlockPosition&, short, int, int)
sc/source/core/data/table1.cxx:2487:23
previously allocated by thread T60 here:
#0 in operator new(unsigned long) /home/noel/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:95:3
#1 in ScAttrArray::AddCondFormat(int, int, unsigned int)
sc/source/core/data/attarray.cxx:296:32
#2 in ScColumn::AddCondFormat(int, int, unsigned int)
sc/inc/column.hxx:974:17
#3 in ScTable::AddCondFormatData(ScRangeList const&, unsigned int)
sc/source/core/data/table2.cxx:2967:43
#4 in ScDocument::AddCondFormatData(ScRangeList const&, short, unsigned int)
sc/source/core/data/document.cxx:4893:19
#5 in oox::xls::CondFormat::finalizeImport()
sc/source/filter/oox/condformatbuffer.cxx:1065:10
#6 in oox::xls::CondFormatBuffer::finalizeImport()
sc/source/filter/oox/condformatbuffer.cxx:1189:27
#7 in oox::xls::WorksheetGlobals::finalizeWorksheetImport()
sc/source/filter/oox/worksheethelper.cxx:942:22
#8 in oox::xls::WorksheetHelper::finalizeWorksheetImport()
sc/source/filter/oox/worksheethelper.cxx:1622:17
#9 in oox::xls::WorksheetFragment::finalizeImport()
sc/source/filter/oox/worksheetfragment.cxx:632:5
#10 0x7fa4511cbf2a in oox::core::FragmentHandler2::endDocument()
oox/source/core/fragmenthandler2.cxx:53:5
Change-Id: I8d806fd410d1d3a9c06ab141b035153649cf7062
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147513
Tested-by: Jenkins
Reviewed-by: Noel Grandin <noel.grandin@collabora.co.uk>
| -rw-r--r-- | sc/inc/docpool.hxx | 4 | ||||
| -rw-r--r-- | sc/source/core/data/column.cxx | 2 |
2 files changed, 6 insertions, 0 deletions
diff --git a/sc/inc/docpool.hxx b/sc/inc/docpool.hxx index 9280fb3602b0..9a2e24796e80 100644 --- a/sc/inc/docpool.hxx +++ b/sc/inc/docpool.hxx @@ -22,6 +22,7 @@ #include <rtl/ustring.hxx> #include <svl/itempool.hxx> #include "scdllapi.h" +#include <mutex> class ScStyleSheet; class ScDocument; @@ -32,6 +33,9 @@ class SC_DLLPUBLIC ScDocumentPool final : public SfxItemPool sal_uInt64 mnCurrentMaxKey; public: + // used when doing loading in parallel to prevent concurrent mutation of the pool + std::mutex maPoolMutex; + ScDocumentPool(); private: virtual ~ScDocumentPool() override; diff --git a/sc/source/core/data/column.cxx b/sc/source/core/data/column.cxx index fea2f84e5be0..d2506074070b 100644 --- a/sc/source/core/data/column.cxx +++ b/sc/source/core/data/column.cxx @@ -624,6 +624,8 @@ void ScColumn::ApplyAttr( SCROW nRow, const SfxPoolItem& rAttr ) ScDocumentPool* pDocPool = GetDoc().GetPool(); + std::unique_lock aGuard(pDocPool->maPoolMutex); + const ScPatternAttr* pOldPattern = pAttrArray->GetPattern( nRow ); ScPatternAttr aTemp(*pOldPattern); aTemp.GetItemSet().Put(rAttr); |