diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2020-10-28 13:25:25 +0100 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2020-10-28 19:15:28 +0100 |
| commit | db6c7a486395304f38e9ea52951f576f34749cbc (patch) | |
| tree | 3e3874b26a19ce061268fcf5a07e232b66618345 /vcl | |
| parent | 350dbba44ee7703b1da11cc4732a5090ce5efe3d (diff) | |
Use UCB instead of cURL to download https files
Since 7dc6fc32eb618da6defb8a9f330978fa019677b8 "uitest: Check the more icons
dialog opens" started to test the AdditionsDialog code, some ASan builds started
to report use-after-poison from within SearchAndParseThread::execute ->
curlGet -> curl_easy_perform -> ... -> https_connecting -> ... ->
secmod_ModuleInit -> pemC_Initialize -> ..., see the comments starting at
<https://gerrit.libreoffice.org/c/core/+/98226/
10#message-2a55980ab2477e41dc7515e4aeabc7234afc2053> "tdf#133026: Tight
integration of extensions - Adding thread structure".
The exact cause for that ASan use-after-poison is not quite clear to me. First,
I thought it was due to liberal use of curl_easy_init (without a central
curl_global_init) in a multi-threaded process; see
<https://curl.haxx.se/libcurl/c/curl_easy_init.html> for this being considered
"lethal". But then, another issue could be that most of the nss libraries like
instdir/program/libnss3.so (implementing the "... -> secmod_ModuleInit" part)
come from LO's bundled --without-system-nss while /lib64/libnsspem.so
(implementing the "pemC_Initialize -> ..." part) comes from the system, and
there could be some mismatch when mixing these (esp. if the former are built
with ASan).
So whatever the actual cause, the right fix should be to use LO's UCB instead of
directly calling into cURL anyway.
That required a version of utl::UcbStreamHelper::CreateStream that uses a given
XInteractionHandler (which may be null to indicate no interaction handling,
instead reporting all interaction requests as exceptions) instead of internally
creating an XInteractionHandler using the GUI, and which would cause deadlock
in 7dc6fc32eb618da6defb8a9f330978fa019677b8's UITest_sw_options. (And
introducing that additional utl::UcbStreamHelper::CreateStream overload required
css::awt::XWindow to be a complete type now in
vcl/source/graphic/GraphicLoader.cxx, for
> include/com/sun/star/uno/Reference.h:277:18: note: in instantiation of variable template specialization 'std::is_base_of_v<com::sun::star::task::XInteractionHandler, com::sun::star::awt::XWindow>' requested here
> std::is_base_of_v<interface_type, derived_type>
> ^
)
(The removed code in cui/source/dialogs/AdditionsDialog.cxx should have been the
last remaining use of curl in Library_cui. Apparently,
e1e9e2aa16f08a8fd9e38db706d63e8eceeda8d1 "Kill Mozilla personas" had forgotten
to remove it from cui/Library_cui.mk the last time Library_cui had become
curl-free, before the introduction of the AdditionsDialog code.)
(I did not remove the #undef ABSOLUTE FIXME from
cui/source/dialogs/AdditionsDialog.cxx.
c4bee547b02fbe3d07b1e9ee203c73e48f86e6bf "tdf#133026: Additions: Better Search
Function" does not tell whether it had been added to mitigate a macro definition
from the (now removed) #include <curl/curl.h>.)
Change-Id: I1fec7488d36df81c3543d12d97da1291f77712fc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/104938
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'vcl')
| -rw-r--r-- | vcl/source/graphic/GraphicLoader.cxx | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/vcl/source/graphic/GraphicLoader.cxx b/vcl/source/graphic/GraphicLoader.cxx index c26b2b9d0cfe..5c8ccc87d26c 100644 --- a/vcl/source/graphic/GraphicLoader.cxx +++ b/vcl/source/graphic/GraphicLoader.cxx @@ -10,6 +10,7 @@ #include <vcl/GraphicLoader.hxx> +#include <com/sun/star/awt/XWindow.hpp> #include <unotools/ucbstreamhelper.hxx> #include <vcl/graphicfilter.hxx> #include <vcl/weld.hxx> |