diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2017-01-06 10:32:56 +0000 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2017-01-06 11:02:19 +0000 |
| commit | 22e1fc5402c17c8459873e621f7630674d2b98f1 (patch) | |
| tree | c9a2d0c5c16fd3d998a2740f4b1a6b39724bdf88 | |
| parent | 0a4c1ed2e8b1f443a12a185b2da5ceea46a1038c (diff) | |
lsan+wmffuzzer shows a circular reference leading to a leak
graphic gets a context set on it which has a shallow copy
of the graphic in it.
==37==ERROR: LeakSanitizer: detected memory leaks
Indirect leak of 1024 byte(s) in 1 object(s) allocated from:
#0 0x6170b0 in operator new[](unsigned long) /src/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:84
#1 0x91361b in BitmapPalette::BitmapPalette(unsigned short) /src/libreoffice/include/vcl/salbtype.hxx:467:56
#2 0x9029f0 in GIFReader::GIFReader(SvStream&) /src/libreoffice/vcl/source/filter/igif/gifread.cxx:114:7
#3 0x91648d in std::__1::__libcpp_compressed_pair_imp<std::__1::allocator<GIFReader>, GIFReader, 1u>::__libcpp_compressed_pair_imp<std::__1::allocator<GIFReader>&, SvStream&, 0ul, 0ul>(std::__1::piecewise_construct_t, std::__1::tuple<std::__1::allocator<GIFReader>&>, std::__1::tuple<SvStream&>, std::__1::__tuple_indices<0ul>, std::__1::__tuple_indices<0ul>) /usr/local/bin/../include/c++/v1/memory:2173:15
#4 0x91648d in std::__1::__compressed_pair<std::__1::allocator<GIFReader>, GIFReader>::__compressed_pair<std::__1::allocator<GIFReader>&, SvStream&>(std::__1::piecewise_construct_t, std::__1::tuple<std::__1::allocator<GIFReader>&>, std::__1::tuple<SvStream&>) /usr/local/bin/../include/c++/v1/memory:2330
#5 0x91648d in std::__1::__shared_ptr_emplace<GIFReader, std::__1::allocator<GIFReader> >::__shared_ptr_emplace<SvStream&>(std::__1::allocator<GIFReader>, SvStream&) /usr/local/bin/../include/c++/v1/memory:3827
#6 0x91648d in std::__1::shared_ptr<GIFReader> std::__1::shared_ptr<GIFReader>::make_shared<SvStream&>(SvStream&) /usr/local/bin/../include/c++/v1/memory:4443
#7 0x91284b in _ZNSt3__111make_sharedI9GIFReaderJR8SvStreamEEENS_9enable_ifIXntsr8is_arrayIT_EE5valueENS_10shared_ptrIS5_EEE4typeEDpOT0_ /usr/local/bin/../include/c++/v1/memory:4807:12
#8 0x91284b in ImportGIF(SvStream&, Graphic&) /src/libreoffice/vcl/source/filter/igif/gifread.cxx:889
#9 0x61c85c in LLVMFuzzerTestOneInput /src/libreoffice/vcl/workben/giffuzzer.cxx:18:11
#10 0x575ef58 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:546:13
#11 0x575fcb4 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:497:3
#12 0x577e43a in fuzzer::Fuzzer::RunOne(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&) /src/libfuzzer/FuzzerInternal.h:119:41
#13 0x575e5ad in fuzzer::Fuzzer::ShuffleAndMinimize(std::__1::vector<std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >, std::__1::allocator<std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > > >*) /src/libfuzzer/FuzzerLoop.cpp:476:30
#14 0x5708588 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:534:6
#15 0x56fb3c8 in main /src/libfuzzer/FuzzerMain.cpp:20:10
#16 0x7fb5f13da82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Change-Id: I1384f4ced094e79a27e7d15b569c88f129cd115a
| -rw-r--r-- | vcl/source/filter/igif/gifread.cxx | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/vcl/source/filter/igif/gifread.cxx b/vcl/source/filter/igif/gifread.cxx index 4cd29943eaf4..3789ebbc8093 100644 --- a/vcl/source/filter/igif/gifread.cxx +++ b/vcl/source/filter/igif/gifread.cxx @@ -49,7 +49,6 @@ class SvStream; class GIFReader : public GraphicReader { - Graphic aImGraphic; Animation aAnimation; Bitmap aBmp8; Bitmap aBmp1; @@ -103,10 +102,9 @@ class GIFReader : public GraphicReader public: ReadState ReadGIF( Graphic& rGraphic ); - const Graphic& GetIntermediateGraphic(); + Graphic GetIntermediateGraphic(); explicit GIFReader( SvStream& rStm ); - virtual ~GIFReader() override; }; GIFReader::GIFReader( SvStream& rStm ) @@ -145,11 +143,6 @@ GIFReader::GIFReader( SvStream& rStm ) ClearImageExtensions(); } -GIFReader::~GIFReader() -{ - aImGraphic.SetContext( nullptr ); -} - void GIFReader::ClearImageExtensions() { nGCDisposalMethod = 0; @@ -651,8 +644,10 @@ void GIFReader::CreateNewBitmaps() } } -const Graphic& GIFReader::GetIntermediateGraphic() +Graphic GIFReader::GetIntermediateGraphic() { + Graphic aImGraphic; + // only create intermediate graphic, if data is available // but graphic still not completely read if ( bImGraphicReady && !aAnimation.Count() ) |