INVALID_POOL_ITEM in sfx2::sidebar::ControllerItem::ItmeUpdateReceiverInterface::NotifyItemUpdate

Stephan Bergmann <sbergman -AT- redhat.com>
Thu, 13 Apr 2017 18:17:57 +0200

My local ASan/UBSan build started to fail CppunitTest_sc_macros_test onrecent master versions (see below). What happens is that

void AreaPropertyPanelBase::NotifyItemUpdate(
    sal_uInt16 nSID,
    SfxItemState eState,
    const SfxPoolItem* pState,
    const bool /*bIsEnabled*/)

(svx/source/sidebar/area/AreaPropertyPanelBase.cxx) is called withpState being INVALID_POOL_ITEM (i.e., -1).

Up the call stack, SfxStateCache::SetState_Impl(sfx2/source/control/statcach.cxx) is clearly documented to expect thatpState can be INVALID_POOL_ITEM ("Slot Status, 0 or -1"), and seems tohandle it correctly. And ControllerItem::StateChanged(sfx2/source/sidebar/ControllerItem.cxx) just passes pState through toNotifyItemUpdate without otherwise looking at it.

So it looks like overrides ofsfx2::sidebar::ControllerItem::ItmeUpdateReceiverInterface::NotifyItemUpdate(include/sfx2/sidebar/ControllerItem.hxx) would need to takeIsInvalidItem(pState) into account. But upon at least a verysuperficial audit, they seem to not do that.

I cannot reproduce this failure with a non-ASan/UBSan build. The callis from within Timer::Invoke, so maybe this is timing dependent. And Ihave no idea why this failure only started to happen now. Anybody gotan idea what's going on and where to actually put a fix?

svx/source/sidebar/area/AreaPropertyPanelBase.cxx:1007:21: runtime error: downcast of misaligned 
address 0xffffffffffffffff for type 'const XFillColorItem', which requires 8 byte alignment
0xffffffffffffffff: note: pointer points here
<memory cannot be printed>
    #0 0x2b85b519c69c in svx::sidebar::AreaPropertyPanelBase::NotifyItemUpdate(unsigned short, 
SfxItemState, SfxPoolItem const*, bool) svx/source/sidebar/area/AreaPropertyPanelBase.cxx:1007:21
    #1 0x2b85a920b056 in sfx2::sidebar::ControllerItem::StateChanged(unsigned short, SfxItemState, 
SfxPoolItem const*) sfx2/source/sidebar/ControllerItem.cxx:134:26
    #2 0x2b85a7920912 in SfxStateCache::SetState_Impl(SfxItemState, SfxPoolItem const*, bool) 
sfx2/source/control/statcach.cxx:432:24
    #3 0x2b85a791f414 in SfxStateCache::SetState(SfxItemState, SfxPoolItem const*, bool) 
sfx2/source/control/statcach.cxx:344:5
    #4 0x2b85a75af32a in SfxBindings::UpdateControllers_Impl(SfxFoundCache_Impl const&, SfxPoolItem 
const*, SfxItemState) sfx2/source/control/bindings.cxx:1271:20
    #5 0x2b85a75ab878 in SfxBindings::Update_Impl(SfxStateCache&) 
sfx2/source/control/bindings.cxx:332:17
    #6 0x2b85a75bb744 in SfxBindings::NextJob_Impl(Timer*) sfx2/source/control/bindings.cxx:1344:17
    #7 0x2b85a75ddbb9 in SfxBindings::NextJob(Timer*) sfx2/source/control/bindings.cxx:1289:5
    #8 0x2b85a759d811 in SfxBindings::LinkStubNextJob(void*, Timer*) 
sfx2/source/control/bindings.cxx:1287:1
    #9 0x2b855721f350 in Link<Timer*, void>::Call(Timer*) const include/tools/link.hxx:84:45
    #10 0x2b855721e56d in Timer::Invoke() vcl/source/app/timer.cxx:89:21
    #11 0x2b8557058685 in ImplSchedulerData::Invoke() vcl/source/app/scheduler.cxx:46:13
    #12 0x2b855705baa9 in Scheduler::ProcessTaskScheduling(bool) vcl/source/app/scheduler.cxx:159:22
    #13 0x2b85571aa21c in ImplYield(bool, bool, unsigned long) vcl/source/app/svapp.cxx:508:9
    #14 0x2b85571835be in Application::Reschedule(bool) vcl/source/app/svapp.cxx:522:5
    #15 0x2b85878fad7e in SbiRuntime::Step() basic/source/runtime/runtime.cxx:740:17
    #16 0x2b858747ef9d in SbModule::Run(SbMethod*) basic/source/classes/sbxmod.cxx:1144:25
    #17 0x2b858747a04c in SbModule::Notify(SfxBroadcaster&, SfxHint const&) 
basic/source/classes/sbxmod.cxx:809:21
    #18 0x2b856a5a0ebe in SfxBroadcaster::Broadcast(SfxHint const&) 
svl/source/notify/SfxBroadcaster.cxx:49:24
    #19 0x2b85874ab5f7 in SbMethod::Broadcast(SfxHintId) basic/source/classes/sbxmod.cxx:2126:16
    #20 0x2b8587c7004a in SbxValue::SbxValue(SbxValue const&) basic/source/sbx/sbxvalue.cxx:62:36
    #21 0x2b8587cb6022 in SbxVariable::SbxVariable(SbxVariable const&) 
basic/source/sbx/sbxvar.cxx:73:7
    #22 0x2b8587c2d545 in SbxMethod::SbxMethod(SbxMethod const&) basic/source/sbx/sbxobj.cxx:869:7
    #23 0x2b85879272db in SbiRuntime::FindElement(SbxObject*, unsigned int, unsigned int, unsigned 
long, bool, bool) basic/source/runtime/runtime.cxx:3518:37
    #24 0x2b858792f930 in SbiRuntime::StepFIND_Impl(SbxObject*, unsigned int, unsigned int, 
unsigned long, bool) basic/source/runtime/runtime.cxx:3941:14
    #25 0x2b85878dafa1 in SbiRuntime::StepFIND(unsigned int, unsigned int) 
basic/source/runtime/runtime.cxx:3947:5
    #26 0x2b85878fcccd in SbiRuntime::Step() basic/source/runtime/runtime.cxx:770:13
    #27 0x2b858747ef9d in SbModule::Run(SbMethod*) basic/source/classes/sbxmod.cxx:1144:25
    #28 0x2b858747a04c in SbModule::Notify(SfxBroadcaster&, SfxHint const&) 
basic/source/classes/sbxmod.cxx:809:21
    #29 0x2b856a5a0ebe in SfxBroadcaster::Broadcast(SfxHint const&) 
svl/source/notify/SfxBroadcaster.cxx:49:24
    #30 0x2b85874ab5f7 in SbMethod::Broadcast(SfxHintId) basic/source/classes/sbxmod.cxx:2126:16
    #31 0x2b8587c7004a in SbxValue::SbxValue(SbxValue const&) basic/source/sbx/sbxvalue.cxx:62:36
    #32 0x2b8587cb6022 in SbxVariable::SbxVariable(SbxVariable const&) 
basic/source/sbx/sbxvar.cxx:73:7
    #33 0x2b8587c2d545 in SbxMethod::SbxMethod(SbxMethod const&) basic/source/sbx/sbxobj.cxx:869:7
    #34 0x2b85879272db in SbiRuntime::FindElement(SbxObject*, unsigned int, unsigned int, unsigned 
long, bool, bool) basic/source/runtime/runtime.cxx:3518:37
    #35 0x2b858792f930 in SbiRuntime::StepFIND_Impl(SbxObject*, unsigned int, unsigned int, 
unsigned long, bool) basic/source/runtime/runtime.cxx:3941:14
    #36 0x2b85878dafa1 in SbiRuntime::StepFIND(unsigned int, unsigned int) 
basic/source/runtime/runtime.cxx:3947:5
    #37 0x2b85878fcccd in SbiRuntime::Step() basic/source/runtime/runtime.cxx:770:13
    #38 0x2b858747ef9d in SbModule::Run(SbMethod*) basic/source/classes/sbxmod.cxx:1144:25
    #39 0x2b858747a04c in SbModule::Notify(SfxBroadcaster&, SfxHint const&) 
basic/source/classes/sbxmod.cxx:809:21
    #40 0x2b856a5a0ebe in SfxBroadcaster::Broadcast(SfxHint const&) 
svl/source/notify/SfxBroadcaster.cxx:49:24
    #41 0x2b85874ab5f7 in SbMethod::Broadcast(SfxHintId) basic/source/classes/sbxmod.cxx:2126:16
    #42 0x2b8587c7004a in SbxValue::SbxValue(SbxValue const&) basic/source/sbx/sbxvalue.cxx:62:36
    #43 0x2b8587cb6022 in SbxVariable::SbxVariable(SbxVariable const&) 
basic/source/sbx/sbxvar.cxx:73:7
    #44 0x2b8587c2d545 in SbxMethod::SbxMethod(SbxMethod const&) basic/source/sbx/sbxobj.cxx:869:7
    #45 0x2b85879272db in SbiRuntime::FindElement(SbxObject*, unsigned int, unsigned int, unsigned 
long, bool, bool) basic/source/runtime/runtime.cxx:3518:37
    #46 0x2b858792f930 in SbiRuntime::StepFIND_Impl(SbxObject*, unsigned int, unsigned int, 
unsigned long, bool) basic/source/runtime/runtime.cxx:3941:14
    #47 0x2b85878dafa1 in SbiRuntime::StepFIND(unsigned int, unsigned int) 
basic/source/runtime/runtime.cxx:3947:5
    #48 0x2b85878fcccd in SbiRuntime::Step() basic/source/runtime/runtime.cxx:770:13
    #49 0x2b858747ef9d in SbModule::Run(SbMethod*) basic/source/classes/sbxmod.cxx:1144:25
    #50 0x2b858747a04c in SbModule::Notify(SfxBroadcaster&, SfxHint const&) 
basic/source/classes/sbxmod.cxx:809:21
    #51 0x2b856a5a0ebe in SfxBroadcaster::Broadcast(SfxHint const&) 
svl/source/notify/SfxBroadcaster.cxx:49:24
    #52 0x2b85874ab5f7 in SbMethod::Broadcast(SfxHintId) basic/source/classes/sbxmod.cxx:2126:16
    #53 0x2b8587c77a5c in SbxValue::Get(SbxValues&) const basic/source/sbx/sbxvalue.cxx:287:16
    #54 0x2b858745ee86 in SbMethod::Call(SbxValue*, SbxVariable*) 
basic/source/classes/sbxmod.cxx:2081:5
    #55 0x2b8609c3ab30 in basprov::BasicScriptImpl::invoke(com::sun::star::uno::Sequence<com::sun::star::uno::Any> 
const&, com::sun::star::uno::Sequence<short>&, com::sun::star::uno::Sequence<com::sun::star::uno::Any>&) 
scripting/source/basprov/basscript.cxx:235:35
    #56 0x2b8609c3d192 in non-virtual thunk to 
basprov::BasicScriptImpl::invoke(com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&, 
com::sun::star::uno::Sequence<short>&, com::sun::star::uno::Sequence<com::sun::star::uno::Any>&) 
scripting/source/basprov/basscript.cxx
    #57 0x2b85a8b7df0f in SfxObjectShell::CallXScript(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const&, 
rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&, com::sun::star::uno::Any&, 
com::sun::star::uno::Sequence<short>&, com::sun::star::uno::Sequence<com::sun::star::uno::Any>&, bool, com::sun::star::uno::Any 
const*) sfx2/source/doc/objmisc.cxx:1413:25
    #58 0x2b85788093e0 in ScMacrosTest::testVba() sc/qa/extras/macros-test.cxx:328:9
    #59 0x2b857882b9bb in CppUnit::TestCaller<ScMacrosTest>::runTest() 
workdir/UnpackedTarball/cppunit/include/cppunit/TestCaller.h:166:6
    #60 0x2b8533c66d8b in CppUnit::TestCaseMethodFunctor::operator()() const 
workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:32:5
    #61 0x2b854cf14b0f in (anonymous namespace)::Protector::protect(CppUnit::Functor const&, 
CppUnit::ProtectorContext const&) test/source/vclbootstrapprotector.cxx:39:14
    #62 0x2b8533c253ce in CppUnit::ProtectorChain::ProtectFunctor::operator()() const 
workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
    #63 0x2b854386214f in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, 
CppUnit::ProtectorContext const&) 
unotest/source/cpp/unobootstrapprotector/unobootstrapprotector.cxx:89:12
    #64 0x2b8533c253ce in CppUnit::ProtectorChain::ProtectFunctor::operator()() const 
workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
    #65 0x2b853fafc351 in (anonymous namespace)::Prot::protect(CppUnit::Functor const&, 
CppUnit::ProtectorContext const&) 
unotest/source/cpp/unoexceptionprotector/unoexceptionprotector.cxx:63:16
    #66 0x2b8533c253ce in CppUnit::ProtectorChain::ProtectFunctor::operator()() const 
workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
    #67 0x2b8533ba3350 in CppUnit::DefaultProtector::protect(CppUnit::Functor const&, 
CppUnit::ProtectorContext const&) workdir/UnpackedTarball/cppunit/src/cppunit/DefaultProtector.cpp:15:12
    #68 0x2b8533c253ce in CppUnit::ProtectorChain::ProtectFunctor::operator()() const 
workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:20:25
    #69 0x2b8533c21e70 in CppUnit::ProtectorChain::protect(CppUnit::Functor const&, 
CppUnit::ProtectorContext const&) workdir/UnpackedTarball/cppunit/src/cppunit/ProtectorChain.cpp:77:18
    #70 0x2b8533ce10f5 in CppUnit::TestResult::protect(CppUnit::Functor const&, CppUnit::Test*, 
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) 
workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:181:28
    #71 0x2b8533c64fa4 in CppUnit::TestCase::run(CppUnit::TestResult*) 
workdir/UnpackedTarball/cppunit/src/cppunit/TestCase.cpp:91:13
    #72 0x2b8533c697a7 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) 
workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
    #73 0x2b8533c68819 in CppUnit::TestComposite::run(CppUnit::TestResult*) 
workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
    #74 0x2b8533c697a7 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) 
workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:64:30
    #75 0x2b8533c68819 in CppUnit::TestComposite::run(CppUnit::TestResult*) 
workdir/UnpackedTarball/cppunit/src/cppunit/TestComposite.cpp:23:3
    #76 0x2b8533d1f5c9 in CppUnit::TestRunner::WrappingSuite::run(CppUnit::TestResult*) 
workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:47:27
    #77 0x2b8533cdf40d in CppUnit::TestResult::runTest(CppUnit::Test*) 
workdir/UnpackedTarball/cppunit/src/cppunit/TestResult.cpp:148:9
    #78 0x2b8533d2089b in CppUnit::TestRunner::run(CppUnit::TestResult&, std::__cxx11::basic_string<char, 
std::char_traits<char>, std::allocator<char> > const&) 
workdir/UnpackedTarball/cppunit/src/cppunit/TestRunner.cpp:96:14
    #79 0x532fb4 in (anonymous namespace)::ProtectedFixtureFunctor::run() const 
sal/cppunittester/cppunittester.cxx:306:20
    #80 0x52e7c3 in sal_main() sal/cppunittester/cppunittester.cxx:456:20
    #81 0x52cb6f in main sal/cppunittester/cppunittester.cxx:363:1
    #82 0x2b85358d1400 in __libc_start_main 
/usr/src/debug/glibc-2.24-33-ge9e69e4/csu/../csu/libc-start.c:289
    #83 0x438019 in _start (workdir/LinkTarget/Executable/cppunittester+0x438019)

Context

INVALID_POOL_ITEM in sfx2::sidebar::ControllerItem::ItmeUpdateReceiverInterface::NotifyItemUpdate · Stephan Bergmann
- Re: INVALID_POOL_ITEM in sfx2::sidebar::ControllerItem::ItmeUpdateReceiverInterface::NotifyItemUpdate · Caolán McNamara
- Re: INVALID_POOL_ITEM in sfx2::sidebar::ControllerItem::ItmeUpdateReceiverInterface::NotifyItemUpdate · Caolán McNamara
  - Re: INVALID_POOL_ITEM in sfx2::sidebar::ControllerItem::ItmeUpdateReceiverInterface::NotifyItemUpdate · Stephan Bergmann

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.