ScXMLImport dtor deleted pSolarMutex before SvXMLImport dtor is called

so if there are still ScXMLDatabaseRangesContext on the import stack, i.e. exception thrown during ScXMLDatabaseRanges import, then stuff crashes ================================================================= ==23249==ERROR: AddressSanitizer: heap-use-after-free READ of size 8 at 0x6020001c3190 thread T0 SolarMutexGuard::~SolarMutexGuard() /src/libreoffice/include/vcl/svapp.hxx:1420:9 ScXMLImport::UnlockSolarMutex() /src/libreoffice/sc/source/filter/xml/xmlimprt.cxx:1916:13 ScXMLDatabaseRangesContext::~ScXMLDatabaseRangesContext() /src/libreoffice/sc/source/filter/xml/xmldrani.cxx:64:19 ScXMLDatabaseRangesContext::~ScXMLDatabaseRangesContext() /src/libreoffice/sc/source/filter/xml/xmldrani.cxx:63:1 destroy /usr/local/bin/../include/c++/v1/memory:1838:64 __destroy<rtl::Reference<SvXMLImportContext> > /usr/local/bin/../include/c++/v1/memory:1706 destroy<rtl::Reference<SvXMLImportContext> > /usr/local/bin/../include/c++/v1/memory:1574 std::__1::deque<rtl::Reference<SvXMLImportContext>, std::__1::allocator<rtl::Reference<SvXMLImportContext> > >::pop_back() /usr/local/bin/../include/c++/v1/deque:2604 pop /usr/local/bin/../include/c++/v1/stack:212:19 SvXMLImport::~SvXMLImport() /src/libreoffice/xmloff/source/core/xmlimp.cxx:418 ScXMLImport::~ScXMLImport() /src/libreoffice/sc/source/filter/xml/xmlimprt.cxx:769:1 freed by thread T0 here: #0 0x6164a0 in operator delete(void*) /src/llvm/projects/compiler-rt/lib/asan/asan_new_delete.cc:126 #1 0x6254e3 in ScXMLImport::~ScXMLImport() /src/libreoffice/sc/source/filter/xml/xmlimprt.cxx:787:5 #2 0x6259cc in ScXMLImport::~ScXMLImport() /src/libreoffice/sc/source/filter/xml/xmlimprt.cxx:769:1 Change-Id: Ia72284f99e2e2efe4f1f9e57b1483c0f1333274d Reviewed-on: https://gerrit.libreoffice.org/42502 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2017-09-19 20:41:28 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2017-09-21 09:54:22 +0200
commit: 81c7311609d5c9b5ebf7348e805276a8864dadcf (patch)
tree: 72f7b9ed72830d9123e30f23a5290848c6633bfa /include
parent: ca09ee972cfcdc1642f73f95bfc02481102a724d (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/xmloff/xmlimp.hxx b/include/xmloff/xmlimp.hxx
index 390c3d511349..b6552a297843 100644
--- a/include/xmloff/xmlimp.hxx
+++ b/include/xmloff/xmlimp.hxx
@@ -281,6 +281,8 @@ public:
         OUString const & implementationName,
         SvXMLImportFlags nImportFlags = SvXMLImportFlags::ALL );
 
+    void cleanup() throw();
+
     virtual ~SvXMLImport() throw() override;
 
     // css::xml::sax::XDocumentHandler
author	Caolán McNamara <caolanm@redhat.com>	2017-09-19 20:41:28 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2017-09-21 09:54:22 +0200
commit	81c7311609d5c9b5ebf7348e805276a8864dadcf (patch)
tree	72f7b9ed72830d9123e30f23a5290848c6633bfa /include
parent	ca09ee972cfcdc1642f73f95bfc02481102a724d (diff)