diff options
author | Stephan Bergmann <sbergman@redhat.com> | 2022-01-26 20:16:02 +0100 |
---|---|---|
committer | Stephan Bergmann <sbergman@redhat.com> | 2022-01-27 08:00:48 +0100 |
commit | a6f21bc32e746fd89ce963b1567ef78315612669 (patch) | |
tree | 8506b26cc7afc2709de40ec1e46f04317714af72 /external | |
parent | e82192764485e7599af43c002d658b7b15c01f94 (diff) |
external/mdds: Avoid -Werror=use-after-free (GCC 12 trunk)
> In file included from workdir/UnpackedTarball/mdds/include/mdds/flat_segment_tree.hpp:37,
> from sc/inc/columnspanset.hxx:16,
> from sc/source/core/data/columnspanset.cxx:10:
> In function ‘void mdds::__st::intrusive_ptr_add_ref(node<T>*) [with T = mdds::flat_segment_tree<int, bool>]’,
> inlined from ‘boost::intrusive_ptr<T>::intrusive_ptr(const boost::intrusive_ptr<T>&) [with T = mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:93:44,
> inlined from ‘boost::intrusive_ptr<T>& boost::intrusive_ptr<T>::operator=(const boost::intrusive_ptr<T>&) [with T = mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:154:9,
> inlined from ‘mdds::flat_segment_tree<_Key, _Value>::flat_segment_tree(const mdds::flat_segment_tree<_Key, _Value>&) [with _Key = int; _Value = bool]’ at workdir/UnpackedTarball/mdds/include/mdds/flat_segment_tree_def.inl:88:25:
> workdir/UnpackedTarball/mdds/include/mdds/node.hpp:244:10: error: pointer used after ‘void operator delete(void*, std::size_t)’ [-Werror=use-after-free]
> 244 | ++p->refcount;
> | ~~~^~~~~~~~
> In function ‘void mdds::__st::intrusive_ptr_release(node<T>*) [with T = mdds::flat_segment_tree<int, bool>]’,
> inlined from ‘void mdds::__st::intrusive_ptr_release(node<T>*) [with T = mdds::flat_segment_tree<int, bool>]’ at workdir/UnpackedTarball/mdds/include/mdds/node.hpp:248:13,
> inlined from ‘boost::intrusive_ptr<T>::~intrusive_ptr() [with T = mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:98:44,
> inlined from ‘boost::intrusive_ptr<T>& boost::intrusive_ptr<T>::operator=(const boost::intrusive_ptr<T>&) [with T = mdds::__st::node<mdds::flat_segment_tree<int, bool> >]’ at workdir/UnpackedTarball/boost/boost/smart_ptr/intrusive_ptr.hpp:154:9,
> inlined from ‘mdds::flat_segment_tree<_Key, _Value>::flat_segment_tree(const mdds::flat_segment_tree<_Key, _Value>&) [with _Key = int; _Value = bool]’ at workdir/UnpackedTarball/mdds/include/mdds/flat_segment_tree_def.inl:87:19:
> workdir/UnpackedTarball/mdds/include/mdds/node.hpp:252:9: note: call to ‘void operator delete(void*, std::size_t)’ here
> 252 | delete p;
> | ^~~~~~~~
etc. The warning is apparently new in GCC 12 trunk (see
<https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=671a283636de75f7ed638ee6b01ed2d44361b8b6>
"Add -Wuse-after-free [PR80532]"), and I'm not entirely sure whether this
is a true or false positive, but the fix looks somewhat plausible, and at least
also my (Clang) ASan+UBSan build does a successful `make check` with (and
without) this change.
Change-Id: I63fafceba8d1b4e0ddd7cf2e58403a3bc763e53c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129008
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'external')
-rw-r--r-- | external/mdds/UnpackedTarball_mdds.mk | 1 | ||||
-rw-r--r-- | external/mdds/use-after-free.patch | 12 |
2 files changed, 13 insertions, 0 deletions
diff --git a/external/mdds/UnpackedTarball_mdds.mk b/external/mdds/UnpackedTarball_mdds.mk index c015f4c13f5a..271d20b0f4d1 100644 --- a/external/mdds/UnpackedTarball_mdds.mk +++ b/external/mdds/UnpackedTarball_mdds.mk @@ -14,6 +14,7 @@ $(eval $(call gb_UnpackedTarball_set_tarball,mdds,$(MDDS_TARBALL))) $(eval $(call gb_UnpackedTarball_set_patchlevel,mdds,0)) $(eval $(call gb_UnpackedTarball_add_patches,mdds,\ + external/mdds/use-after-free.patch \ )) # vim: set noet sw=4 ts=4: diff --git a/external/mdds/use-after-free.patch b/external/mdds/use-after-free.patch new file mode 100644 index 000000000000..981c945821a7 --- /dev/null +++ b/external/mdds/use-after-free.patch @@ -0,0 +1,12 @@ +--- include/mdds/flat_segment_tree_def.inl ++++ include/mdds/flat_segment_tree_def.inl +@@ -84,8 +84,8 @@ + // Move on to the next destination node, and have the next node point + // back to the previous node. + node_ptr old_node = dest_node; ++ dest_node->next->prev = old_node; + dest_node = dest_node->next; +- dest_node->prev = old_node; + + if (src_node == r.m_right_leaf.get()) + { |