Revert "Move SwFntCache link from SwModify down to SwFormat"

This reverts commit 8dd78873a9de028c0d9f1f1aee537e85f74d2300, as it caused heap-use-after-free during CppunitTest_sw_uiwriter: > ==864890==ERROR: AddressSanitizer: heap-use-after-free on address 0x604000e6a89c at pc 0x7f92775c8dd9 bp 0x7ffeb01b18d0 sp 0x7ffeb01b18c8 > READ of size 2 at 0x604000e6a89c thread T0 > #0 in SfxPoolItem::Which() const at include/svl/poolitem.hxx:151:53 > #1 in SwAttrHandler::FontChg(SfxPoolItem const&, SwFont&, bool) at sw/source/core/text/atrstck.cxx:571:20 > #2 in SwAttrHandler::ActivateTop(SwFont&, unsigned short) at sw/source/core/text/atrstck.cxx:515:9 > #3 in SwAttrHandler::PopAndChg(SwTextAttr const&, SwFont&) at sw/source/core/text/atrstck.cxx:450:17 > #4 in SwAttrIter::Rst(SwTextAttr const*) at sw/source/core/text/itratr.cxx:113:24 > #5 in SwAttrIter::SeekFwd(int, int) at sw/source/core/text/itratr.cxx:275:52 > #6 in SwAttrIter::Seek(o3tl::strong_int<int, Tag_TextFrameIndex>) at sw/source/core/text/itratr.cxx:418:13 > #7 in SwAttrIter::SeekAndChgAttrIter(o3tl::strong_int<int, Tag_TextFrameIndex>, OutputDevice*) at sw/source/core/text/itratr.cxx:158:11 > #8 in SwTextIter::SeekAndChg(SwTextSizeInfo&) at sw/source/core/text/itrtxt.hxx:312:12 > #9 in SwTextFormatter::CalcAscent(SwTextFormatInfo&, SwLinePortion*) at sw/source/core/text/itrform2.cxx:815:24 > #10 in SwTextFormatter::NewPortion(SwTextFormatInfo&) at sw/source/core/text/itrform2.cxx:1537:9 > #11 in SwTextFormatter::BuildPortions(SwTextFormatInfo&) at sw/source/core/text/itrform2.cxx:707:16 [...] > 0x604000e6a89c is located 12 bytes inside of 48-byte region [0x604000e6a890,0x604000e6a8c0) > freed by thread T0 here: > #0 in operator delete(void*, unsigned long) at ~/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:172:3 > #1 in SvxFontItem::~SvxFontItem() at include/editeng/fontitem.hxx:29:25 > #2 in SfxItemPool::SetPoolDefaultItem(SfxPoolItem const&) at svl/source/items/itempool.cxx:543:13 > #3 in SwDoc::SetDefault(SfxItemSet const&) at sw/source/core/doc/docfmt.cxx:550:23 > #4 in SwDoc::SetDefault(SfxPoolItem const&) at sw/source/core/doc/docfmt.cxx:531:5 > #5 in SwXTextDefaults::setPropertyValue(rtl::OUString const&, com::sun::star::uno::Any const&) at sw/source/core/unocore/SwXTextDefaults.cxx:118:17 > #6 in writerfilter::dmapper::DomainMapper::DomainMapper(com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> const&, com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&, com::sun::star::uno::Reference<com::sun::star::lang::XComponent> const&, bool, writerfilter::dmapper::SourceDocumentType, utl::MediaDescriptor const&) at writerfilter/source/dmapper/DomainMapper.cxx:161:24 > #7 in writerfilter::dmapper::DomainMapperFactory::createMapper(com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> const&, com::sun::star::uno::Reference<com::sun::star::io::XInputStream> const&, com::sun::star::uno::Reference<com::sun::star::lang::XComponent> const&, bool, writerfilter::dmapper::SourceDocumentType, utl::MediaDescriptor const&) at writerfilter/source/dmapper/domainmapperfactory.cxx:33:34 > #8 in (anonymous namespace)::WriterFilter::filter(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) at writerfilter/source/filter/WriterFilter.cxx:185:13 > #9 in SwDOCXReader::Read(SwDoc&, rtl::OUString const&, SwPaM&, rtl::OUString const&) at sw/source/filter/docx/swdocxreader.cxx:86:18 > #10 in SwReader::Read(Reader const&) at sw/source/filter/basflt/shellio.cxx:191:22 > #11 in SwView::InsertMedium(unsigned short, std::unique_ptr<SfxMedium, std::default_delete<SfxMedium> >, short) at sw/source/uibase/uiview/view2.cxx:2309:40 [...] > previously allocated by thread T0 here: > #0 in operator new(unsigned long) at ~/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:99:3 > #1 in SvxFontItem::Clone(SfxItemPool*) const at editeng/source/items/textitem.cxx:297:12 > #2 in SfxItemPool::SetPoolDefaultItem(SfxPoolItem const&) at svl/source/items/itempool.cxx:538:42 > #3 in SwDoc::SetDefault(SfxItemSet const&) at sw/source/core/doc/docfmt.cxx:550:23 > #4 in SwDoc::SetDefault(SfxPoolItem const&) at sw/source/core/doc/docfmt.cxx:531:5 > #5 in SwXTextDefaults::setPropertyValue(rtl::OUString const&, com::sun::star::uno::Any const&) at sw/source/core/unocore/SwXTextDefaults.cxx:118:17 > #6 in SvXMLImportPropertyMapper::FillPropertySet_(std::__debug::vector<XMLPropertyState, std::allocator<XMLPropertyState> > const&, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> const&, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySetInfo> const&, rtl::Reference<XMLPropertySetMapper> const&, SvXMLImport&, ContextID_Index_Pair*) at xmloff/source/style/xmlimppr.cxx:509:27 > #7 in SvXMLImportPropertyMapper::FillPropertySet(std::__debug::vector<XMLPropertyState, std::allocator<XMLPropertyState> > const&, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> const&, ContextID_Index_Pair*) const at xmloff/source/style/xmlimppr.cxx:466:20 > #8 in XMLTextStyleContext::FillPropertySet(com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> const&) at xmloff/source/text/txtstyli.cxx:456:20 > #9 in XMLTextStyleContext::SetDefaults() at xmloff/source/text/txtstyli.cxx:234:17 > #10 in SvXMLStylesContext::CopyStylesToDoc(bool, bool) at xmloff/source/style/xmlstyle.cxx:752:37 > #11 in SwXMLImport::InsertStyles(bool) at sw/source/filter/xml/xmlfmt.cxx:999:22 [...] Change-Id: I4df8db29054da3eb543e5524fec6cb79e8568b66 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/109363 Tested-by: Jenkins Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
author: Stephan Bergmann <sbergman@redhat.com> 2021-01-15 13:46:12 +0100
committer: Stephan Bergmann <sbergman@redhat.com> 2021-01-15 18:54:23 +0100
commit: 2e29dc20b96f2d96f5b64e9ed5efb79e342b3f54 (patch)
tree: 5f65f614bf346503c307cbafa6589a35d9abb723 /sw/inc
parent: 0e3e4b89d752221f795f793d0baf5610c31c6cd3 (diff)
2 files changed, 5 insertions, 23 deletions
diff --git a/sw/inc/calbck.hxx b/sw/inc/calbck.hxx
index b5b6ff9a3e30..31df9791291b 100644
--- a/sw/inc/calbck.hxx
+++ b/sw/inc/calbck.hxx
@@ -178,6 +178,7 @@ class SW_DLLPUBLIC SwModify: public SwClient
     sw::WriterListener* m_pWriterListeners;                // the start of the linked list of clients
     bool m_bModifyLocked : 1;         // don't broadcast changes now
     bool m_bInCache   : 1;
+    bool m_bInSwFntCache : 1;
 
     SwModify(SwModify const &) = delete;
     SwModify &operator =(const SwModify&) = delete;
@@ -185,7 +186,7 @@ protected:
     virtual void SwClientNotify(const SwModify&, const SfxHint& rHint) override;
 public:
     SwModify()
-        : SwClient(), m_pWriterListeners(nullptr), m_bModifyLocked(false), m_bInCache(false)
+        : SwClient(), m_pWriterListeners(nullptr), m_bModifyLocked(false), m_bInCache(false), m_bInSwFntCache(false)
     {}
 
     // broadcasting mechanism
@@ -203,9 +204,11 @@ public:
     void LockModify()                   { m_bModifyLocked = true;  }
     void UnlockModify()                 { m_bModifyLocked = false; }
     void SetInCache( bool bNew )        { m_bInCache = bNew;       }
+    void SetInSwFntCache( bool bNew )   { m_bInSwFntCache = bNew;  }
     void SetInDocDTOR();
     bool IsModifyLocked() const     { return m_bModifyLocked;  }
     bool IsInCache()      const     { return m_bInCache;       }
+    bool IsInSwFntCache() const     { return m_bInSwFntCache;  }
 
     void CheckCaching( const sal_uInt16 nWhich );
     bool HasOnlyOneListener() const { return m_pWriterListeners && m_pWriterListeners->IsLast(); }
diff --git a/sw/inc/format.hxx b/sw/inc/format.hxx
index 96e03b342eec..e596a26bb882 100644
--- a/sw/inc/format.hxx
+++ b/sw/inc/format.hxx
@@ -22,7 +22,6 @@
 #include "swdllapi.h"
 #include "swatrset.hxx"
 #include "calbck.hxx"
-#include "hintids.hxx"
 #include <memory>
 
 class IDocumentSettingAccess;
@@ -60,25 +59,7 @@ class SW_DLLPUBLIC SwFormat : public sw::BroadcastingModify
     bool   m_bAutoUpdateFormat : 1;/**< TRUE: Set attributes of a whole paragraph
                                        at format (UI-side!). */
     bool m_bHidden : 1;
-    bool m_bInSwFntCache : 1;
     std::shared_ptr<SfxGrabBagItem> m_pGrabBagItem; ///< Style InteropGrabBag.
-    void InvalidateInSwFntCache(sal_uInt16 nWhich)
-    {
-        if(isCHRATR(nWhich))
-        {
-            m_bInSwFntCache = false;
-        }
-        else
-        {
-            switch(nWhich)
-            {
-                case RES_OBJECTDYING:
-                case RES_FMT_CHG:
-                case RES_ATTRSET_CHG:
-                    m_bInSwFntCache = false;
-            }
-        }
-    };
 
 protected:
     SwFormat( SwAttrPool& rPool, const char* pFormatNm,
@@ -94,9 +75,7 @@ public:
     SwFormat &operator=(const SwFormat&);
 
     /// for Querying of Writer-functions.
-    sal_uInt16 Which() const { return m_nWhichId; };
-    bool IsInSwFntCache() const { return m_bInSwFntCache; };
-    void SetInSwFntCache() { m_bInSwFntCache = true; };
+    sal_uInt16 Which() const { return m_nWhichId; }
 
     /// Copy attributes even among documents.
     void CopyAttrs( const SwFormat& );
author	Stephan Bergmann <sbergman@redhat.com>	2021-01-15 13:46:12 +0100
committer	Stephan Bergmann <sbergman@redhat.com>	2021-01-15 18:54:23 +0100
commit	2e29dc20b96f2d96f5b64e9ed5efb79e342b3f54 (patch)
tree	5f65f614bf346503c307cbafa6589a35d9abb723 /sw/inc
parent	0e3e4b89d752221f795f793d0baf5610c31c6cd3 (diff)