summaryrefslogtreecommitdiff
path: root/external
diff options
context:
space:
mode:
authorStephan Bergmann <sbergman@redhat.com>2022-01-26 20:16:02 +0100
committerStephan Bergmann <sbergman@redhat.com>2022-01-27 08:00:48 +0100
commita6f21bc32e746fd89ce963b1567ef78315612669 (patch)
tree8506b26cc7afc2709de40ec1e46f04317714af72 /external
parente82192764485e7599af43c002d658b7b15c01f94 (diff)
external/mdds: Avoid -Werror=use-after-free (GCC 12 trunk)
> In file included from workdir/UnpackedTarball/mdds/include/mdds/flat_segment_tree.hpp:37, > from sc/inc/columnspanset.hxx:16, > from sc/source/core/data/columnspanset.cxx:10: > In function ‘void mdds::__st::intrusive_ptr_add_ref(node<T>*) [with T = mdds::flat_segment_tree<int, bool>]’, > inlined from ‘boost::intrusive_ptr<T>::intrusive_ptr(const boost::intrusive_ptr<T>&) [with T = mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:93:44, > inlined from ‘boost::intrusive_ptr<T>& boost::intrusive_ptr<T>::operator=(const boost::intrusive_ptr<T>&) [with T = mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:154:9, > inlined from ‘mdds::flat_segment_tree<_Key, _Value>::flat_segment_tree(const mdds::flat_segment_tree<_Key, _Value>&) [with _Key = int; _Value = bool]’ at workdir/UnpackedTarball/mdds/include/mdds/flat_segment_tree_def.inl:88:25: > workdir/UnpackedTarball/mdds/include/mdds/node.hpp:244:10: error: pointer used after ‘void operator delete(void*, std::size_t)’ [-Werror=use-after-free] > 244 | ++p->refcount; > | ~~~^~~~~~~~ > In function ‘void mdds::__st::intrusive_ptr_release(node<T>*) [with T = mdds::flat_segment_tree<int, bool>]’, > inlined from ‘void mdds::__st::intrusive_ptr_release(node<T>*) [with T = mdds::flat_segment_tree<int, bool>]’ at workdir/UnpackedTarball/mdds/include/mdds/node.hpp:248:13, > inlined from ‘boost::intrusive_ptr<T>::~intrusive_ptr() [with T = mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:98:44, > inlined from ‘boost::intrusive_ptr<T>& boost::intrusive_ptr<T>::operator=(const boost::intrusive_ptr<T>&) [with T = mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:154:9, > inlined from ‘mdds::flat_segment_tree<_Key, _Value>::flat_segment_tree(const mdds::flat_segment_tree<_Key, _Value>&) [with _Key = int; _Value = bool]’ at workdir/UnpackedTarball/mdds/include/mdds/flat_segment_tree_def.inl:87:19: > workdir/UnpackedTarball/mdds/include/mdds/node.hpp:252:9: note: call to ‘void operator delete(void*, std::size_t)’ here > 252 | delete p; > | ^~~~~~~~ etc. The warning is apparently new in GCC 12 trunk (see <https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=671a283636de75f7ed638ee6b01ed2d44361b8b6> "Add -Wuse-after-free [PR80532]"), and I'm not entirely sure whether this is a true or false positive, but the fix looks somewhat plausible, and at least also my (Clang) ASan+UBSan build does a successful `make check` with (and without) this change. Change-Id: I63fafceba8d1b4e0ddd7cf2e58403a3bc763e53c Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129008 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'external')
-rw-r--r--external/mdds/UnpackedTarball_mdds.mk1
-rw-r--r--external/mdds/use-after-free.patch12
2 files changed, 13 insertions, 0 deletions
diff --git a/external/mdds/UnpackedTarball_mdds.mk b/external/mdds/UnpackedTarball_mdds.mk
index c015f4c13f5a..271d20b0f4d1 100644
--- a/external/mdds/UnpackedTarball_mdds.mk
+++ b/external/mdds/UnpackedTarball_mdds.mk
@@ -14,6 +14,7 @@ $(eval $(call gb_UnpackedTarball_set_tarball,mdds,$(MDDS_TARBALL)))
$(eval $(call gb_UnpackedTarball_set_patchlevel,mdds,0))
$(eval $(call gb_UnpackedTarball_add_patches,mdds,\
+ external/mdds/use-after-free.patch \
))
# vim: set noet sw=4 ts=4:
diff --git a/external/mdds/use-after-free.patch b/external/mdds/use-after-free.patch
new file mode 100644
index 000000000000..981c945821a7
--- /dev/null
+++ b/external/mdds/use-after-free.patch
@@ -0,0 +1,12 @@
+--- include/mdds/flat_segment_tree_def.inl
++++ include/mdds/flat_segment_tree_def.inl
+@@ -84,8 +84,8 @@
+ // Move on to the next destination node, and have the next node point
+ // back to the previous node.
+ node_ptr old_node = dest_node;
++ dest_node->next->prev = old_node;
+ dest_node = dest_node->next;
+- dest_node->prev = old_node;
+
+ if (src_node == r.m_right_leaf.get())
+ {