diff options
author | Dennis Francis <dennis.francis@collabora.com> | 2021-12-07 14:32:57 +0530 |
---|---|---|
committer | Michael Meeks <michael.meeks@collabora.com> | 2021-12-08 13:07:28 +0100 |
commit | 9da28334d6acaae9d69819a8b53aae029460f206 (patch) | |
tree | fafd667cd5bda6d9f90bee4fc2e40ecd6840b69f /sc/source | |
parent | 962f906395d4b73291df25558dd259af2cb549fc (diff) |
lok: don't crash accessing an invalid ObjectContact cache
Fix description:
Avoid storing a reference to the object-contact
(sdr::contact::ObjectContact) of the page-window (SdrPageWindow) related
to ScDrawView in the "proxy" object-contact. In the current setup there
is no way to invalidate the proxy object when the original
object-contact and its page-window are destroyed (in this case it seems
during a sheet-switch). Instead query the real object contact just in
time when the grid offsets are requested from the proxy object-contact.
Performance:
Behaviour of offset computation is not affected. It is still cached in
the "real" object contact and it is only computed after it gets
invalidated (because of change in zoom)
Crasher reproduction(LOK):
1. Create a spreadsheet with two sheets - one with a table of texts and
shapes and other may be empty.
2. In first sheet select a single row(via header) and press Ctrl+X.
3. Go to the empty sheet, and paste (Ctrl+V) and save immediately using
Ctrl+S.
---Relevant part of backtrace-----------------
<signal handler called>
0x00007ff96781cc70 in main_arena () from /lib64/libc.so.6
0x00007ff964f2f47b in sdr::contact::ViewObjectContact::getGridOffset (this=0x6f01f20) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewobjectcontact.cxx:456
0x00007ff95cffac5a in (anonymous namespace)::ScLOKProxyObjectContact::calculateGridOffsetForViewOjectContact (this=0x6fb00a0, rTarget=..., rClient=...) at /opt/libreoffice/co-2021/sc/source/ui/view/gridwin4.cxx:1315
0x00007ff964f2f493 in sdr::contact::ViewObjectContact::getGridOffset (this=this@entry=0x5e0c5e0) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewobjectcontact.cxx:459
0x00007ff964f30732 in sdr::contact::ViewObjectContact::getPrimitive2DSequence (this=0x5e0c5e0, rDisplayInfo=...) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewobjectcontact.cxx:364
0x00007ff964f30a82 in sdr::contact::ViewObjectContact::getObjectRange (this=0x5e0c5e0) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewobjectcontact.cxx:198
0x00007ff964f30d00 in sdr::contact::ViewObjectContact::ActionChanged (this=0x5e0c5e0) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewobjectcontact.cxx:220
0x00007ff964f20294 in sdr::contact::ViewContact::ActionChildInserted (this=0x5dd83a0, rChild=...) at /opt/libreoffice/co-2021/svx/source/sdr/contact/viewcontact.cxx:180
0x00007ff96506628a in SdrObjList::impChildInserted (rChild=...) at /opt/libreoffice/co-2021/svx/source/svdraw/svdpage.cxx:288
0x00007ff9650692f8 in SdrObjList::NbcInsertObject (this=this@entry=0x5de80d0, pObj=pObj@entry=0x6f48040, nPos=0, nPos@entry=18446744073709551615) at /opt/libreoffice/co-2021/svx/source/svdraw/svdpage.cxx:309
0x00007ff9650696b5 in SdrObjList::NbcInsertObject (nPos=<optimized out>, pObj=0x6f48040, this=0x5de80d0) at /opt/libreoffice/co-2021/svx/source/svdraw/svdpage.cxx:295
SdrObjList::InsertObject (this=0x5de80d0, pObj=0x6f48040, nPos=18446744073709551615) at /opt/libreoffice/co-2021/svx/source/svdraw/svdpage.cxx:359
0x00007ff9652bc391 in FmFormPage::InsertObject (this=0x5de80d0, pObj=0x6f48040, nPos=<optimized out>) at /opt/libreoffice/co-2021/svx/source/form/fmpage.cxx:79
0x00007ff95c8e26b5 in (anonymous namespace)::ScNoteCaptionCreator::ScNoteCaptionCreator (this=0x7fff5432ec60, rDoc=..., rPos=..., rNoteData=...) at /opt/libreoffice/co-2021/sc/source/core/data/postit.cxx:430
0x00007ff95c8e3425 in ScPostIt::CreateCaptionFromInitData (this=0x5f0c760, rPos=...) at /opt/libreoffice/co-2021/sc/source/core/data/postit.cxx:1043
0x00007ff95c8e4419 in ScPostIt::GetOrCreateCaption (this=0x5f0c760, rPos=...) at /opt/libreoffice/co-2021/sc/source/core/data/postit.cxx:952
0x00007ff95c7a05f8 in (anonymous namespace)::NoteCaptionCreator::operator() (p=<optimized out>, nRow=0, this=0x7fff5432ed68) at /opt/libreoffice/co-2021/sc/source/core/data/column4.cxx:647
sc::EachElem<mdds::mtv::noncopyable_managed_element_block<55, ScPostIt>, gnu_cxx::normal_iterator<ScPostIt**, std::vector<ScPostIt*, std::allocator<ScPostIt*> > >, mdds::detail::mtv::iterator_value_node<unsigned long, mdds::mtv::base_element_block>, (anonymous namespace)::NoteCaptionCreator> (rNode=<error reading variable: access outside bounds of object referenced via synthetic pointer>, rNode=<error reading variable: access outside bounds of object referenced via synthetic pointer>, rFuncElem=...) at /opt/libreoffice/co-2021/sc/inc/mtvfunctions.hxx:120
sc::ProcessElements1<mdds::multi_type_vector<mdds::mtv::custom_block_func1<mdds::mtv::noncopyable_managed_element_block<55, ScPostIt> > >, mdds::mtv::noncopyable_managed_element_block<55, ScPostIt>, (anonymous namespace)::NoteCaptionCreator, sc::FuncElseNoOp<unsigned long> > (rFuncElse=<synthetic pointer>..., rFuncElem=..., rStore=...) at /opt/libreoffice/co-2021/sc/inc/mtvfunctions.hxx:320
sc::ProcessNote<(anonymous namespace)::NoteCaptionCreator> (rFunc=..., rStore=...) at /opt/libreoffice/co-2021/sc/inc/mtvcellfunc.hxx:148
ScColumn::CreateAllNoteCaptions (this=<optimized out>) at /opt/libreoffice/co-2021/sc/source/core/data/column4.cxx:668
0x00007ff95c901bf0 in ScTable::CreateAllNoteCaptions (this=0x5adcb60) at /opt/libreoffice/co-2021/sc/source/core/data/table2.cxx:1698
0x00007ff95c808bcd in ScDocument::CreateAllNoteCaptions (this=<optimized out>) at /opt/libreoffice/co-2021/sc/source/core/data/document.cxx:6614
0x00007ff95cbedcc5 in ScXMLImportWrapper::Export (this=this@entry=0x7fff5432f110, bStylesOnly=bStylesOnly@entry=false) at /opt/libreoffice/co-2021/sc/source/filter/xml/xmlwrap.cxx:730
0x00007ff95ccfd896 in ScDocShell::SaveXML (this=0x5c4c330, pSaveMedium=<optimized out>, xStor=...) at /opt/libreoffice/co-2021/sc/source/ui/docshell/docsh.cxx:556
0x00007ff95cd009c7 in ScDocShell::SaveAs (this=0x5c4c330, rMedium=...) at /opt/libreoffice/co-2021/sc/source/ui/docshell/docsh.cxx:1801
0x00007ff965eac870 in SfxObjectShell::SaveAsOwnFormat (this=0x5c4c330, rMedium=...) at /opt/libreoffice/co-2021/sfx2/source/doc/objstor.cxx:3170
0x00007ff965eaf621 in SfxObjectShell::SaveTo_Impl (this=0x5c4c330, rMedium=..., pSet=0x6fb2930) at /opt/libreoffice/co-2021/sfx2/source/doc/objstor.cxx:1446
0x00007ff965eb0a2d in SfxObjectShell::DoSave_Impl (this=0x5c4c330, pArgs=0x6fb2930) at /opt/libreoffice/co-2021/sfx2/source/doc/objstor.cxx:2579
0x00007ff965ee3c76 in SfxBaseModel::storeSelf (this=0x5c491c0, aSeqArgs=...) at /opt/libreoffice/co-2021/sfx2/source/doc/sfxbasemodel.cxx:1631
0x00007ff965e78a5f in SfxStoringHelper::GUIStoreModel (this=this@entry=0x7fff5432fb30, xModel=..., aSlotName="Save", aArgsSequence=..., bPreselectPassword=bPreselectPassword@entry=false, nDocumentSignatureState=nDocumentSignatureState@entry=SignatureState::NOSIGNATURES) at /opt/libreoffice/co-2021/sfx2/source/doc/guisaveas.cxx:281
0x00007ff965e98964 in SfxObjectShell::ExecFile_Impl (this=0x5c4c330, rReq=...) at /opt/libreoffice/co-2021/sfx2/source/doc/objserv.cxx:965
0x00007ff965d44d2c in SfxShell::CallExec (rReq=..., pFunc=<optimized out>, this=0x5c4c330) at /opt/libreoffice/co-2021/include/sfx2/shell.hxx:197
SfxShell::ExecuteSlot (this=0x5c4c330, rReq=..., pIF=0x5c3c640, pIF@entry=0x0) at /opt/libreoffice/co-2021/sfx2/source/control/shell.cxx:440
0x00007ff95d081af4 in ScTabViewShell::ExecuteSave (this=0x5e9b100, rReq=...) at /opt/libreoffice/co-2021/sc/source/ui/inc/viewdata.hxx:354
0x00007ff965d249bf in SfxShell::CallExec (rReq=..., pFunc=<optimized out>, this=0x5e9b100) at /opt/libreoffice/co-2021/include/sfx2/shell.hxx:197
SfxDispatcher::Call_Impl (this=0x6017d30, rShell=..., rSlot=..., rReq=..., bRecord=<optimized out>) at /opt/libreoffice/co-2021/sfx2/source/control/dispatch.cxx:252
0x00007ff965d2cb02 in SfxDispatcher::Execute (this=0x6017d30, nSlot=<optimized out>, nCall=nCall@entry=SfxCallMode::SYNCHRON, pArgs=pArgs@entry=0x7d33110, pInternalArgs=pInternalArgs@entry=0x7fff5432ffd0, nModi=nModi@entry=0) at /opt/libreoffice/co-2021/sfx2/source/control/dispatch.cxx:810
0x00007ff965d71ab4 in SfxDispatchController_Impl::dispatch (this=0x7230170, aURL=..., aArgs=..., rListener=...) at /opt/libreoffice/co-2021/include/sfx2/ctrlitem.hxx:63
0x00007ff965d71f57 in SfxOfficeDispatch::dispatchWithNotification (this=0x6f0a210, aURL=..., aArgs=..., rListener=...) at /usr/include/c++/11/bits/unique_ptr.h:173
-----------------------------------------
Change-Id: I00eac440546624bc448dcd30499957dea7c1de87
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/126468
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Diffstat (limited to 'sc/source')
-rw-r--r-- | sc/source/ui/view/gridwin4.cxx | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/sc/source/ui/view/gridwin4.cxx b/sc/source/ui/view/gridwin4.cxx index a348e6eca898..4128a8ca596a 100644 --- a/sc/source/ui/view/gridwin4.cxx +++ b/sc/source/ui/view/gridwin4.cxx @@ -1292,15 +1292,15 @@ namespace class ScLOKProxyObjectContact final : public sdr::contact::ObjectContactOfPageView { private: - sdr::contact::ObjectContact& mrRealObjectContact; + ScDrawView* pScDrawView; public: explicit ScLOKProxyObjectContact( - sdr::contact::ObjectContact& rRealOC, + ScDrawView* pDrawView, SdrPageWindow& rPageWindow, const char* pDebugName) : ObjectContactOfPageView(rPageWindow, pDebugName), - mrRealObjectContact(rRealOC) + pScDrawView(pDrawView) { } @@ -1310,9 +1310,22 @@ namespace basegfx::B2DVector& rTarget, const sdr::contact::ViewObjectContact& rClient) const override { + if (!pScDrawView) + return; + + SdrPageView* pPageView(pScDrawView->GetSdrPageView()); + if (!pPageView) + return; + + SdrPageWindow* pSdrPageWindow = pPageView->GetPageWindow(0); + if (!pSdrPageWindow) + return; + + sdr::contact::ObjectContact& rObjContact(pSdrPageWindow->GetObjectContact()); + SdrObject* pTargetSdrObject(rClient.GetViewContact().TryToGetSdrObject()); if (pTargetSdrObject) - rTarget = pTargetSdrObject->GetViewContact().GetViewObjectContact(mrRealObjectContact).getGridOffset(); + rTarget = pTargetSdrObject->GetViewContact().GetViewObjectContact(rObjContact).getGridOffset(); } }; @@ -1331,15 +1344,7 @@ namespace if (!pScDrawView) return SdrView::createViewSpecificObjectContact(rPageWindow, pDebugName); - SdrPageView* pPageView(pScDrawView->GetSdrPageView()); - if (!pPageView) - return SdrView::createViewSpecificObjectContact(rPageWindow, pDebugName); - - SdrPageWindow* pSdrPageWindow = pPageView->GetPageWindow(0); - if (!pSdrPageWindow) - return SdrView::createViewSpecificObjectContact(rPageWindow, pDebugName); - - return new ScLOKProxyObjectContact(pSdrPageWindow->GetObjectContact(), rPageWindow, pDebugName); + return new ScLOKProxyObjectContact(pScDrawView, rPageWindow, pDebugName); } private: |