Skip to content

Fix pong requests #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix pong requests #1

wants to merge 1 commit into from

Conversation

elringus
Copy link

@elringus elringus commented Mar 12, 2016
edited
Loading

Sorry for creating a PR into a read-only repo, but I wasn't able to find any other way to propose the fix.

Been fighting with the same issue for the whole day in my own project and this repo was the only open-source code for handling pongs with POCO websockets I was able to find :)

It appears you just need to add a FIN flag in order for the pong frame to be handled correctly.

@fitojb
Copy link
Contributor

fitojb commented Apr 2, 2016

Hi, and sorry for not noticing this pull request earlier (after all, we don’t monitor GitHub!)

We host our Git repositories by ourselves, and we use a web application called Gerrit to handle patch submission and code review. Please visit https://wiki.documentfoundation.org/Development/gerrit for more details.

cc @kendy

@elringus
Copy link
Author

elringus commented Apr 3, 2016

Well, I’ve tried to get my head around using Gerrit, but the change is so minor that it seemed like it wasn’t worth it, after all.
It’s just I wasn’t able to find any working examples on how to correctly handle pong requests with POCO and at the same time this repo was always popping up in search results. So, after finally finding a solution, I’ve just wanted to share it :) Sorry for bothering you with this.

@pranavk
Copy link
Contributor

pranavk commented Jul 19, 2016

I can commit the patch for you after testing and fixing the conflicts, but before that we would need your license statement to be sent to libreoffice mailing list: see https://wiki.documentfoundation.org/Development/GetInvolved#Connect_to_our_communication_channels

Thanks.

@elringus
Copy link
Author

Oh, thanks! In case the fix is still relevant, it would be nice if you could help with the commit.
I’ve sent the license statement.

ghost pushed a commit that referenced this pull request Jul 27, 2016
@elringus @pranavk
loolwsd: Remove pong frame hack
85d275a 
#1
@pranavk
Copy link
Contributor

pranavk commented Jul 27, 2016

This looks fine to me; works well. I have committed for you. Congrats on your first LO commit :)

https://gerrit.libreoffice.org/gitweb?p=online.git;a=commit;h=85d275ab1afb05ed937c55cb9ed9c2462a4a7f89

@elringus
Copy link
Author

Thank you! :)

ghost pushed a commit that referenced this pull request Nov 7, 2016
@Ashod
loolwsd: extend the lifetime of lokit to avoid destroying
86fb4dc 
Lokit's destroy is prone to throw (at least in dbgutil).

This exception brings the binary down with a core-dump.

To avoid this, we extend the lifetime of lokit to the end
of the process, where we invoke std::_Exit to promptly
kill the process and exit.

For reference, the exception is thrown as follows:
 #0  0x00007f0ba5a43bcd in __cxa_throw () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #1  0x00007f0b76303248 in (anonymous namespace)::ModuleManager::identify (this=0x7f0b5328e6d0, xModule=empty uno::Reference) at /home/ash/prjx/cp51/framework/source/services/modulemanager.cxx:198
 #2  0x00007f0b762606dc in (anonymous namespace)::JobExecutor::notifyEvent (this=0x7f0b77176b30, aEvent=...) at /home/ash/prjx/cp51/framework/source/jobs/jobexecutor.cxx:274
 #3  0x00007f0ba13ea455 in (anonymous namespace)::SfxGlobalEvents_Impl::implts_notifyJobExecution (this=0x7f0b77176a30, aEvent=...) at /home/ash/prjx/cp51/sfx2/source/notify/globalevents.cxx:397
 #4  0x00007f0ba13e9346 in (anonymous namespace)::SfxGlobalEvents_Impl::documentEventOccured (this=0x7f0b77176a30, _Event=...) at /home/ash/prjx/cp51/sfx2/source/notify/globalevents.cxx:241
 #5  0x00007f0ba0fe5717 in SfxTerminateListener_Impl::notifyTermination (this=0x7f0b772462c8, aEvent=...) at /home/ash/prjx/cp51/sfx2/source/appl/appinit.cxx:125
 #6  0x00007f0b762ebc39 in framework::Desktop::terminate (this=0x7f0b7721d530) at /home/ash/prjx/cp51/framework/source/services/desktop.cxx:330
 #7  0x00007f0ba47940ce in lo_destroy (pThis=0x154de60) at /home/ash/prjx/cp51/desktop/source/lib/init.cxx:2926
 #8  0x0000000000429681 in lok::Office::~Office (this=<optimized out>, __in_chrg=<optimized out>) at LibreOfficeKit.hpp:516
 #9  __gnu_cxx::new_allocator<lok::Office>::destroy<lok::Office> (this=<optimized out>, __p=<optimized out>) at /usr/include/c++/5/ext/new_allocator.h:124
 #10 std::allocator_traits<std::allocator<lok::Office> >::_S_destroy<lok::Office> (__p=<optimized out>, __a=...) at /usr/include/c++/5/bits/alloc_traits.h:285
 #11 std::allocator_traits<std::allocator<lok::Office> >::destroy<lok::Office> (__a=..., __p=<optimized out>) at /usr/include/c++/5/bits/alloc_traits.h:414
 #12 std::_Sp_counted_ptr_inplace<lok::Office, std::allocator<lok::Office>, (__gnu_cxx::_Lock_policy)2>::_M_dispose (this=0xb04f40) at /usr/include/c++/5/bits/shared_ptr_base.h:531
 #13 0x000000000042dfb6 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release (this=0xb04f40) at /usr/include/c++/5/bits/shared_ptr_base.h:150
 #14 0x0000000000425797 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count (this=0x7ffce7430468, __in_chrg=<optimized out>) at /usr/include/c++/5/bits/shared_ptr_base.h:659
 #15 std::__shared_ptr<lok::Office, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr (this=0x7ffce7430460, __in_chrg=<optimized out>) at /usr/include/c++/5/bits/shared_ptr_base.h:925
 #16 std::shared_ptr<lok::Office>::~shared_ptr (this=0x7ffce7430460, __in_chrg=<optimized out>) at /usr/include/c++/5/bits/shared_ptr.h:93
 #17 lokit_main (childRoot="/home/ash/prj/lo/online/loolwsd/test/../jails/", sysTemplate="/home/ash/prj/lo/online/loolwsd/test/../systemplate", loTemplate="/home/ash/prj/lo/instdir", loSubPath="lo", noCapabilities=<optimized out>, queryVersion=queryVersion@entry=true, displayVersion=false) at LOOLKit.cpp:1441
 #18 0x000000000041df41 in createLibreOfficeKit (childRoot="/home/ash/prj/lo/online/loolwsd/test/../jails/", sysTemplate="/home/ash/prj/lo/online/loolwsd/test/../systemplate", loTemplate="/home/ash/prj/lo/instdir", loSubPath="lo", queryVersion=queryVersion@entry=true) at LOOLForKit.cpp:228
 #19 0x000000000041aea4 in main (argc=7, argv=0x7ffce7431ec8) at LOOLForKit.cpp:389

194         {
195             throw css::lang::IllegalArgumentException(
196                     OUString("Given module is not a frame nor a window, controller or model."),
197                     static_cast< ::cppu::OWeakObject* >(this),
198                     1);
199         }

Change-Id: Idaef5e0a28021a73f4c03ee3bee80968d9c57bd5
Reviewed-on: https://gerrit.libreoffice.org/30642
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
ghost pushed a commit that referenced this pull request Nov 7, 2016
@Ashod @timar
loolwsd: extend the lifetime of lokit to avoid destroying
6849bed 
Lokit's destroy is prone to throw (at least in dbgutil).

This exception brings the binary down with a core-dump.

To avoid this, we extend the lifetime of lokit to the end
of the process, where we invoke std::_Exit to promptly
kill the process and exit.

For reference, the exception is thrown as follows:
 #0  0x00007f0ba5a43bcd in __cxa_throw () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #1  0x00007f0b76303248 in (anonymous namespace)::ModuleManager::identify (this=0x7f0b5328e6d0, xModule=empty uno::Reference) at /home/ash/prjx/cp51/framework/source/services/modulemanager.cxx:198
 #2  0x00007f0b762606dc in (anonymous namespace)::JobExecutor::notifyEvent (this=0x7f0b77176b30, aEvent=...) at /home/ash/prjx/cp51/framework/source/jobs/jobexecutor.cxx:274
 #3  0x00007f0ba13ea455 in (anonymous namespace)::SfxGlobalEvents_Impl::implts_notifyJobExecution (this=0x7f0b77176a30, aEvent=...) at /home/ash/prjx/cp51/sfx2/source/notify/globalevents.cxx:397
 #4  0x00007f0ba13e9346 in (anonymous namespace)::SfxGlobalEvents_Impl::documentEventOccured (this=0x7f0b77176a30, _Event=...) at /home/ash/prjx/cp51/sfx2/source/notify/globalevents.cxx:241
 #5  0x00007f0ba0fe5717 in SfxTerminateListener_Impl::notifyTermination (this=0x7f0b772462c8, aEvent=...) at /home/ash/prjx/cp51/sfx2/source/appl/appinit.cxx:125
 #6  0x00007f0b762ebc39 in framework::Desktop::terminate (this=0x7f0b7721d530) at /home/ash/prjx/cp51/framework/source/services/desktop.cxx:330
 #7  0x00007f0ba47940ce in lo_destroy (pThis=0x154de60) at /home/ash/prjx/cp51/desktop/source/lib/init.cxx:2926
 #8  0x0000000000429681 in lok::Office::~Office (this=<optimized out>, __in_chrg=<optimized out>) at LibreOfficeKit.hpp:516
 #9  __gnu_cxx::new_allocator<lok::Office>::destroy<lok::Office> (this=<optimized out>, __p=<optimized out>) at /usr/include/c++/5/ext/new_allocator.h:124
 #10 std::allocator_traits<std::allocator<lok::Office> >::_S_destroy<lok::Office> (__p=<optimized out>, __a=...) at /usr/include/c++/5/bits/alloc_traits.h:285
 #11 std::allocator_traits<std::allocator<lok::Office> >::destroy<lok::Office> (__a=..., __p=<optimized out>) at /usr/include/c++/5/bits/alloc_traits.h:414
 #12 std::_Sp_counted_ptr_inplace<lok::Office, std::allocator<lok::Office>, (__gnu_cxx::_Lock_policy)2>::_M_dispose (this=0xb04f40) at /usr/include/c++/5/bits/shared_ptr_base.h:531
 #13 0x000000000042dfb6 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release (this=0xb04f40) at /usr/include/c++/5/bits/shared_ptr_base.h:150
 #14 0x0000000000425797 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count (this=0x7ffce7430468, __in_chrg=<optimized out>) at /usr/include/c++/5/bits/shared_ptr_base.h:659
 #15 std::__shared_ptr<lok::Office, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr (this=0x7ffce7430460, __in_chrg=<optimized out>) at /usr/include/c++/5/bits/shared_ptr_base.h:925
 #16 std::shared_ptr<lok::Office>::~shared_ptr (this=0x7ffce7430460, __in_chrg=<optimized out>) at /usr/include/c++/5/bits/shared_ptr.h:93
 #17 lokit_main (childRoot="/home/ash/prj/lo/online/loolwsd/test/../jails/", sysTemplate="/home/ash/prj/lo/online/loolwsd/test/../systemplate", loTemplate="/home/ash/prj/lo/instdir", loSubPath="lo", noCapabilities=<optimized out>, queryVersion=queryVersion@entry=true, displayVersion=false) at LOOLKit.cpp:1441
 #18 0x000000000041df41 in createLibreOfficeKit (childRoot="/home/ash/prj/lo/online/loolwsd/test/../jails/", sysTemplate="/home/ash/prj/lo/online/loolwsd/test/../systemplate", loTemplate="/home/ash/prj/lo/instdir", loSubPath="lo", queryVersion=queryVersion@entry=true) at LOOLForKit.cpp:228
 #19 0x000000000041aea4 in main (argc=7, argv=0x7ffce7431ec8) at LOOLForKit.cpp:389

194         {
195             throw css::lang::IllegalArgumentException(
196                     OUString("Given module is not a frame nor a window, controller or model."),
197                     static_cast< ::cppu::OWeakObject* >(this),
198                     1);
199         }

Change-Id: Idaef5e0a28021a73f4c03ee3bee80968d9c57bd5
Reviewed-on: https://gerrit.libreoffice.org/30642
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
(cherry picked from commit 86fb4dc)
@DarkStar1
Copy link

I just wanted to make a suggestion here as we can't open issues. Would it be possible to reflect, for instance, the current lib version the latest commit is compatible with in the readme? The last time I build this the poco libs from collabora were incompatible but the latest version from the offical site was.

ghost pushed a commit that referenced this pull request Mar 6, 2017
@mmeeks
Start #1
d7d7a91
@ghost ghost force-pushed the master branch from 93b2fd0 to 9af9ce9 Compare March 6, 2017 21:31
@smehrbrodt smehrbrodt closed this Apr 1, 2019
tdf-gerrit pushed a commit that referenced this pull request May 24, 2019
@vmiklos
wsd: avoid UB in DocumentBroker::cancelTileRequests()
1a41e36 
With this, it's possible to open a document and type keys with
sanitizers enabled.

/home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:323:9: runtime error: reference binding to null pointer of type 'TileCache'
    #0 0x911996 in std::unique_ptr<TileCache, std::default_delete<TileCache> >::operator*() const /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:323:2
    #1 0x8ecb2a in DocumentBroker::tileCache() /home/vmiklos/lode/dev/online/./wsd/DocumentBroker.hpp:265:37
    #2 0x8c6a63 in DocumentBroker::cancelTileRequests(std::shared_ptr<ClientSession> const&) /home/vmiklos/lode/dev/online/wsd/DocumentBroker.cpp:1586:37
    #3 0xb32b0e in ClientSession::_handleInput(char const*, int) /home/vmiklos/lode/dev/online/wsd/ClientSession.cpp:194:20
    #4 0xd45d3c in Session::handleMessage(bool, WSOpCode, std::vector<char, std::allocator<char> >&) /home/vmiklos/lode/dev/online/common/Session.cpp:219:13
    #5 0x768080 in WebSocketHandler::handleTCPStream(std::shared_ptr<StreamSocket> const&) /home/vmiklos/lode/dev/online/./net/WebSocketHandler.hpp:368:13
    #6 0x6f800d in WebSocketHandler::handleIncomingMessage(SocketDisposition&) /home/vmiklos/lode/dev/online/./net/WebSocketHandler.hpp:419:20
    #7 0xb2c644 in ClientSession::handleIncomingMessage(SocketDisposition&) /home/vmiklos/lode/dev/online/wsd/ClientSession.cpp:74:14
    #8 0xa6f641 in StreamSocket::handlePoll(SocketDisposition&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >, int) /home/vmiklos/lode/dev/online/./net/Socket.hpp:1037:29
    #9 0x6ec63d in SocketPoll::poll(int) /home/vmiklos/lode/dev/online/./net/Socket.hpp:570:34
    #10 0x83af99 in DocumentBroker::pollThread() /home/vmiklos/lode/dev/online/wsd/DocumentBroker.cpp:387:16
    #11 0x8fc778 in DocumentBroker::DocumentBrokerPoll::pollingThread() /home/vmiklos/lode/dev/online/wsd/DocumentBroker.cpp:165:20
    #12 0xdff935 in SocketPoll::pollingThreadEntry() /home/vmiklos/lode/dev/online/net/Socket.cpp:184:9
    #13 0xe487bd in void std::__invoke_impl<void, void (SocketPoll::*)(), SocketPoll*>(std::__invoke_memfun_deref, void (SocketPoll::*&&)(), SocketPoll*&&) /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:73:14
    #14 0xe482ca in std::__invoke_result<void (SocketPoll::*)(), SocketPoll*>::type std::__invoke<void (SocketPoll::*)(), SocketPoll*>(void (SocketPoll::*&&)(), SocketPoll*&&) /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:95:14
    #15 0xe4817d in decltype(std::__invoke(_S_declval<0ul>(), _S_declval<1ul>())) std::thread::_Invoker<std::tuple<void (SocketPoll::*)(), SocketPoll*> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/thread:234:13
    #16 0xe47f87 in std::thread::_Invoker<std::tuple<void (SocketPoll::*)(), SocketPoll*> >::operator()() /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/thread:243:11
    #17 0xe4734a in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (SocketPoll::*)(), SocketPoll*> > >::_M_run() /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/thread:186:13
    #18 0x7f5c2ce55e2e in execute_native_thread_routine /home/vmiklos/lode/packages/gccbuild/x86_64-pc-linux-gnu/libstdc++-v3/src/c++11/../../../../../gcc-7.3.0/libstdc++-v3/src/c++11/thread.cc:83
    #19 0x7f5c2c832558 in start_thread (/lib64/libpthread.so.0+0x7558)
    #20 0x7f5c2bf4682e in clone (/lib64/libc.so.6+0xf882e)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/unique_ptr.h:323:9 in

Change-Id: Ief574a11c838c77f7f159b1133beeef0deada201
tdf-gerrit pushed a commit that referenced this pull request Jul 29, 2019
@vmiklos @smehrbrodt
net: avoid UB in WebSocketHandler::readPayload()
43457a0 
Seen when closing a Writer document.

/home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_vector.h:798:9: runtime error: reference binding to null pointer of type 'char'
    #0 0x6ff633 in std::vector<char, std::allocator<char> >::operator[](unsigned long) /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_vector.h:798:2
    #1 0x770d0c in WebSocketHandler::readPayload(unsigned char*, unsigned long, unsigned char*, std::vector<char, std::allocator<char> >&) /home/vmiklos/lode/dev/online/./net/WebSocketHandler.hpp:611:29
    #2 0x759324 in WebSocketHandler::handleTCPStream(std::shared_ptr<StreamSocket> const&) /home/vmiklos/lode/dev/online/./net/WebSocketHandler.hpp:251:13
    #3 0x6f820d in WebSocketHandler::handleIncomingMessage(SocketDisposition&) /home/vmiklos/lode/dev/online/./net/WebSocketHandler.hpp:419:20
    #4 0xb2da64 in ClientSession::handleIncomingMessage(SocketDisposition&) /home/vmiklos/lode/dev/online/wsd/ClientSession.cpp:74:14
    #5 0xa70a61 in StreamSocket::handlePoll(SocketDisposition&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >, int) /home/vmiklos/lode/dev/online/./net/Socket.hpp:1037:29
    #6 0x6ec83d in SocketPoll::poll(int) /home/vmiklos/lode/dev/online/./net/Socket.hpp:570:34
    #7 0x830019 in DocumentBroker::pollThread() /home/vmiklos/lode/dev/online/wsd/DocumentBroker.cpp:286:16
    #8 0x8fdb38 in DocumentBroker::DocumentBrokerPoll::pollingThread() /home/vmiklos/lode/dev/online/wsd/DocumentBroker.cpp:165:20
    #9 0xe00e75 in SocketPoll::pollingThreadEntry() /home/vmiklos/lode/dev/online/net/Socket.cpp:184:9
    #10 0xe49cfd in void std::__invoke_impl<void, void (SocketPoll::*)(), SocketPoll*>(std::__invoke_memfun_deref, void (SocketPoll::*&&)(), SocketPoll*&&) /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:73:14
    #11 0xe4980a in std::__invoke_result<void (SocketPoll::*)(), SocketPoll*>::type std::__invoke<void (SocketPoll::*)(), SocketPoll*>(void (SocketPoll::*&&)(), SocketPoll*&&) /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/invoke.h:95:14
    #12 0xe496bd in decltype(std::__invoke(_S_declval<0ul>(), _S_declval<1ul>())) std::thread::_Invoker<std::tuple<void (SocketPoll::*)(), SocketPoll*> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/thread:234:13
    #13 0xe494c7 in std::thread::_Invoker<std::tuple<void (SocketPoll::*)(), SocketPoll*> >::operator()() /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/thread:243:11
    #14 0xe4888a in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (SocketPoll::*)(), SocketPoll*> > >::_M_run() /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/thread:186:13
    #15 0x7f2c5805fe2e in execute_native_thread_routine /home/vmiklos/lode/packages/gccbuild/x86_64-pc-linux-gnu/libstdc++-v3/src/c++11/../../../../../gcc-7.3.0/libstdc++-v3/src/c++11/thread.cc:83
    #16 0x7f2c57a3c558 in start_thread (/lib64/libpthread.so.0+0x7558)
    #17 0x7f2c5715082e in clone (/lib64/libc.so.6+0xf882e)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/vmiklos/lode/opt_private/gcc-7.3.0/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../include/c++/7.3.0/bits/stl_vector.h:798:9 in

Change-Id: Ifaf6b193e9bba480587c2e184df55aa0728bb370
Reviewed-on: https://gerrit.libreoffice.org/76331
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt@cib.de>
tdf-gerrit pushed a commit that referenced this pull request Aug 9, 2019
@vmiklos
common: wrap DumpGlobalState in a getter function to avoid ODR violation
35646b7 
Otherwise both loolwsd and unit-copy-paste.so would have a
DumpGlobalState:

==5783==ERROR: AddressSanitizer: odr-violation (0x00000208f7a0):
  [1] size=1 'DumpGlobalState' ../common/SigUtil.cpp:49:19
  [2] size=1 'DumpGlobalState' common/SigUtil.cpp:49:19
These globals were registered at these points:
  [1]:
    #0 0x5f9a08 in __asan_register_globals.part.13 /home/vmiklos/git/libreoffice/lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_globals.cc:365
    #1 0x7f5c5edf1c9b in asan.module_ctor (/home/vmiklos/git/libreoffice/online-san/test/../test/.libs/unit-copy-paste.so+0x60ac9b)

  [2]:
    #0 0x5f9a08 in __asan_register_globals.part.13 /home/vmiklos/git/libreoffice/lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_globals.cc:365
    #1 0xe2b98e in asan.module_ctor (/home/vmiklos/git/libreoffice/online-san/loolwsd+0xe2b98e)

Change-Id: I4b7b0238eb9b38a30875e8788c1dcb27f1d1643f
tdf-gerrit pushed a commit that referenced this pull request Nov 18, 2019
@Ashod @mmeeks
test: thread-safe common shared test data
1ae9ce8 
This protects against memory corruptions,
and a cascade of issues, such as the following:

 Attaching to process 56245
 [New LWP 56246]
 [New LWP 56252]
 [New LWP 56253]
 [New LWP 56254]
 [New LWP 56362]
 [New LWP 56364]
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
 0x00007fda228f7d2d in __GI___pthread_timedjoin_ex (threadid=140574279595776, thread_return=0x0, abstime=0x0, block=<optimized out>) at pthread_join_common.c:89
 89	pthread_join_common.c: No such file or directory.

 Thread 7 (Thread 0x7fda197fa700 (LWP 56364)):
 #0  __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
 #1  0x00007fda228f9023 in __GI___pthread_mutex_lock (mutex=0x55e9937567e0 <SigHandlerTrap>) at ../nptl/pthread_mutex_lock.c:78
 #2  0x000055e9934cd4fe in __gthread_mutex_lock (__mutex=0x55e9937567e0 <SigHandlerTrap>) at /usr/include/x86_64-linux-gnu/c++/7/bits/gthr-default.h:748
 #3  std::mutex::lock (this=0x55e9937567e0 <SigHandlerTrap>) at /usr/include/c++/7/bits/std_mutex.h:103
 #4  std::unique_lock<std::mutex>::lock (this=<synthetic pointer>) at /usr/include/c++/7/bits/std_mutex.h:267
 #5  std::unique_lock<std::mutex>::unique_lock (__m=..., this=<synthetic pointer>) at /usr/include/c++/7/bits/std_mutex.h:197
 #6  SigUtil::handleFatalSignal (signal=11) at common/SigUtil.cpp:214
 #7  <signal handler called>
 #8  std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_capacity (this=<optimized out>, __capacity=0) at /usr/include/c++/7/bits/basic_string.h:200
 #9  std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string (__str=..., this=<optimized out>) at /usr/include/c++/7/bits/basic_string.h:542
 #10 std::_Construct<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > (
     __p=<optimized out>) at /usr/include/c++/7/bits/stl_construct.h:75
 #11 std::__uninitialized_copy<false>::__uninit_copy<std::move_iterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*> (__result=0x7fd9f40017b0, __last=..., __first=...) at /usr/include/c++/7/bits/stl_uninitialized.h:83
 #12 std::uninitialized_copy<std::move_iterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*> (__result=<optimized out>, __last=..., __first=...) at /usr/include/c++/7/bits/stl_uninitialized.h:134
 #13 std::__uninitialized_copy_a<std::move_iterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > (__result=<optimized out>, __last=..., __first=...)
     at /usr/include/c++/7/bits/stl_uninitialized.h:289
 #14 std::__uninitialized_move_if_noexcept_a<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > (__alloc=..., __result=<optimized out>, __last=0x55e995662850,
     __first=<optimized out>) at /usr/include/c++/7/bits/stl_uninitialized.h:312
 #15 std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_realloc_insert<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&> (
     this=this@entry=0x55e9937566f0 <FileUtil::getTempFilePath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::fileDeleter>,
     __position=<error: Cannot access memory at address 0x3735003238323a>, __args#0="/tmp/loadTorture_viewcursor.odp_725a6013_viewcursor.odp") at /usr/include/c++/7/bits/vector.tcc:424
 #16 0x000055e9934aa829 in std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::push_back (__x="/tmp/loadTorture_viewcursor.odp_725a6013_viewcursor.odp",
     this=0x55e9937566f0 <FileUtil::getTempFilePath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::fileDeleter>) at /usr/include/c++/7/bits/stl_vector.h:948
 #17 (anonymous namespace)::FileDeleter::registerForDeletion (file="/tmp/loadTorture_viewcursor.odp_725a6013_viewcursor.odp",
     this=0x55e9937566f0 <FileUtil::getTempFilePath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::fileDeleter>) at common/FileUtil.cpp:69
 #18 FileUtil::getTempFilePath (srcDir=..., srcFilename=..., dstFilenamePrefix=...) at common/FileUtil.cpp:97
 #19 0x00007fda216b51c9 in helpers::getDocumentPathAndURL (docFilename="viewcursor.odp", documentPath="", documentURL="", prefix="loadTorture_viewcursor.odp_") at ./helpers.hpp:151
 #20 0x00007fda216ad007 in UnitLoadTorture::loadTorture (this=<optimized out>, testname="loadTorture_viewcursor.odp ", docName="viewcursor.odp", thread_count=thread_count@entry=3,
     max_jitter_ms=<optimized out>, max_jitter_ms@entry=75) at UnitLoadTorture.cpp:41
 #21 0x00007fda216ad7dd in UnitLoadTorture::<lambda()>::operator() (__closure=0x55e994dbc758) at UnitLoadTorture.cpp:186
 #22 std::__invoke_impl<void, UnitLoadTorture::testLoadTorture()::<lambda()> > (__f=...) at /usr/include/c++/7/bits/invoke.h:60
 #23 std::__invoke<UnitLoadTorture::testLoadTorture()::<lambda()> > (__fn=...) at /usr/include/c++/7/bits/invoke.h:95
 #24 std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > >::_M_invoke<0> (this=0x55e994dbc758) at /usr/include/c++/7/thread:234
 #25 std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > >::operator() (this=0x55e994dbc758) at /usr/include/c++/7/thread:243
 #26 std::thread::_State_impl<std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > > >::_M_run(void) (this=0x55e994dbc750) at /usr/include/c++/7/thread:186
 #27 0x00007fda22de366f in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #28 0x00007fda228f66db in start_thread (arg=0x7fda197fa700) at pthread_create.c:463
 #29 0x00007fda2261f88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

 Thread 6 (Thread 0x7fd9fffff700 (LWP 56362)):
  #0  __lll_lock_wait_private () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
 #1  0x00007fda225952db in __GI___libc_malloc (bytes=bytes@entry=3635) at malloc.c:3063
 #2  0x00007fda2262f364 in __backtrace_symbols (array=array@entry=0x7fd9ffffc540, size=size@entry=26) at backtracesyms.c:69
 #3  0x000055e9934cc439 in SigUtil::dumpBacktrace () at common/SigUtil.cpp:253
 #4  0x000055e9934cd5ae in SigUtil::handleFatalSignal (signal=6) at common/SigUtil.cpp:236
 #5  <signal handler called>
 #6  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
 #7  0x00007fda2253e801 in __GI_abort () at abort.c:79
 #8  0x00007fda22587897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fda226b4b9a "%s
") at ../sysdeps/posix/libc_fatal.c:181
 #9  0x00007fda2258e90a in malloc_printerr (str=str@entry=0x7fda226b2e0e "malloc(): memory corruption") at malloc.c:5350
 #10 0x00007fda22592994 in _int_malloc (av=av@entry=0x7fda00000020, bytes=bytes@entry=32) at malloc.c:3738
 #11 0x00007fda225952ed in __GI___libc_malloc (bytes=32) at malloc.c:3065
 #12 0x00007fda22db9258 in operator new(unsigned long) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #13 0x00007fda244adaae in __gnu_cxx::new_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::allocate (this=0x7fd9ffffe740, __n=1)
     at /usr/include/c++/5/ext/new_allocator.h:104
 #14 0x00007fda244ad300 in __gnu_cxx::__alloc_traits<std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::allocate (__a=..., __n=1)
     at /usr/include/c++/5/ext/alloc_traits.h:182
 #15 0x00007fda244ac858 in std::_Vector_base<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_allocate (this=0x7fd9ffffe740, __n=1) at /usr/include/c++/5/bits/stl_vector.h:170
 #16 0x00007fda244ab7c7 in std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_insert_aux (this=0x7fd9ffffe740, __position=non-dereferenceable iterator for std::vector, __x="home") at /usr/include/c++/5/bits/vector.tcc:353
 #17 0x00007fda244aada2 in std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::push_back (this=0x7fd9ffffe740, __x="home") at /usr/include/c++/5/bits/stl_vector.h:925
 #18 0x00007fda2350ddcb in Poco::Path::pushDirectory (this=0x7fd9ffffe6c0, dir="home") at src/Path.cpp:471
 #19 0x00007fda2350ea27 in Poco::Path::parseUnix (this=0x7fd9ffffe6c0, path="/home/ash/prj/lo/online/test/") at src/Path.cpp:671
 #20 0x00007fda2350cd6b in Poco::Path::assign (this=0x7fd9ffffe6c0, path="/home/ash/prj/lo/online/test/") at src/Path.cpp:182
 #21 0x00007fda2350c1be in Poco::Path::Path (this=0x7fd9ffffe6c0, path="/home/ash/prj/lo/online/test/") at src/Path.cpp:54
 #22 0x00007fda2350d33a in Poco::Path::makeAbsolute (this=0x7fd9ffffe8f0) at src/Path.cpp:318
 #23 0x00007fda216b52ca in helpers::getDocumentPathAndURL (docFilename="setclientpart.ods", documentPath="/tmp/loadTorture_setclientpart.ods_ae70d2e_setclientpart.ods", documentURL="",
     prefix="loadTorture_setclientpart.ods_") at ./helpers.hpp:153
 #24 0x00007fda216ad007 in UnitLoadTorture::loadTorture (this=<optimized out>, testname="loadTorture_setclientpart.ods ", docName="setclientpart.ods", thread_count=thread_count@entry=3,
     max_jitter_ms=<optimized out>, max_jitter_ms@entry=75) at UnitLoadTorture.cpp:41
 #25 0x00007fda216ad7dd in UnitLoadTorture::<lambda()>::operator() (__closure=0x55e994cffe18) at UnitLoadTorture.cpp:186
 #26 std::__invoke_impl<void, UnitLoadTorture::testLoadTorture()::<lambda()> > (__f=...) at /usr/include/c++/7/bits/invoke.h:60
 #27 std::__invoke<UnitLoadTorture::testLoadTorture()::<lambda()> > (__fn=...) at /usr/include/c++/7/bits/invoke.h:95
 #28 std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > >::_M_invoke<0> (this=0x55e994cffe18) at /usr/include/c++/7/thread:234
 #29 std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > >::operator() (this=0x55e994cffe18) at /usr/include/c++/7/thread:243
 #30 std::thread::_State_impl<std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > > >::_M_run(void) (this=0x55e994cffe10) at /usr/include/c++/7/thread:186
 #31 0x00007fda22de366f in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #32 0x00007fda228f66db in start_thread (arg=0x7fd9fffff700) at pthread_create.c:463
 #33 0x00007fda2261f88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Change-Id: Ib60954e49e692082e686cb3fdc5fc9d5cfbc83c9
Reviewed-on: https://gerrit.libreoffice.org/83047
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
tdf-gerrit pushed a commit that referenced this pull request Jan 20, 2020
@Ashod @timar
test: thread-safe common shared test data
538c83e 
This protects against memory corruptions,
and a cascade of issues, such as the following:

 Attaching to process 56245
 [New LWP 56246]
 [New LWP 56252]
 [New LWP 56253]
 [New LWP 56254]
 [New LWP 56362]
 [New LWP 56364]
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
 0x00007fda228f7d2d in __GI___pthread_timedjoin_ex (threadid=140574279595776, thread_return=0x0, abstime=0x0, block=<optimized out>) at pthread_join_common.c:89
 89	pthread_join_common.c: No such file or directory.

 Thread 7 (Thread 0x7fda197fa700 (LWP 56364)):
 #0  __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
 #1  0x00007fda228f9023 in __GI___pthread_mutex_lock (mutex=0x55e9937567e0 <SigHandlerTrap>) at ../nptl/pthread_mutex_lock.c:78
 #2  0x000055e9934cd4fe in __gthread_mutex_lock (__mutex=0x55e9937567e0 <SigHandlerTrap>) at /usr/include/x86_64-linux-gnu/c++/7/bits/gthr-default.h:748
 #3  std::mutex::lock (this=0x55e9937567e0 <SigHandlerTrap>) at /usr/include/c++/7/bits/std_mutex.h:103
 #4  std::unique_lock<std::mutex>::lock (this=<synthetic pointer>) at /usr/include/c++/7/bits/std_mutex.h:267
 #5  std::unique_lock<std::mutex>::unique_lock (__m=..., this=<synthetic pointer>) at /usr/include/c++/7/bits/std_mutex.h:197
 #6  SigUtil::handleFatalSignal (signal=11) at common/SigUtil.cpp:214
 #7  <signal handler called>
 #8  std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_capacity (this=<optimized out>, __capacity=0) at /usr/include/c++/7/bits/basic_string.h:200
 #9  std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string (__str=..., this=<optimized out>) at /usr/include/c++/7/bits/basic_string.h:542
 #10 std::_Construct<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > (
     __p=<optimized out>) at /usr/include/c++/7/bits/stl_construct.h:75
 #11 std::__uninitialized_copy<false>::__uninit_copy<std::move_iterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*> (__result=0x7fd9f40017b0, __last=..., __first=...) at /usr/include/c++/7/bits/stl_uninitialized.h:83
 #12 std::uninitialized_copy<std::move_iterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*> (__result=<optimized out>, __last=..., __first=...) at /usr/include/c++/7/bits/stl_uninitialized.h:134
 #13 std::__uninitialized_copy_a<std::move_iterator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > (__result=<optimized out>, __last=..., __first=...)
     at /usr/include/c++/7/bits/stl_uninitialized.h:289
 #14 std::__uninitialized_move_if_noexcept_a<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > (__alloc=..., __result=<optimized out>, __last=0x55e995662850,
     __first=<optimized out>) at /usr/include/c++/7/bits/stl_uninitialized.h:312
 #15 std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_realloc_insert<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&> (
     this=this@entry=0x55e9937566f0 <FileUtil::getTempFilePath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::fileDeleter>,
     __position=<error: Cannot access memory at address 0x3735003238323a>, __args#0="/tmp/loadTorture_viewcursor.odp_725a6013_viewcursor.odp") at /usr/include/c++/7/bits/vector.tcc:424
 #16 0x000055e9934aa829 in std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::push_back (__x="/tmp/loadTorture_viewcursor.odp_725a6013_viewcursor.odp",
     this=0x55e9937566f0 <FileUtil::getTempFilePath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::fileDeleter>) at /usr/include/c++/7/bits/stl_vector.h:948
 #17 (anonymous namespace)::FileDeleter::registerForDeletion (file="/tmp/loadTorture_viewcursor.odp_725a6013_viewcursor.odp",
     this=0x55e9937566f0 <FileUtil::getTempFilePath(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&)::fileDeleter>) at common/FileUtil.cpp:69
 #18 FileUtil::getTempFilePath (srcDir=..., srcFilename=..., dstFilenamePrefix=...) at common/FileUtil.cpp:97
 #19 0x00007fda216b51c9 in helpers::getDocumentPathAndURL (docFilename="viewcursor.odp", documentPath="", documentURL="", prefix="loadTorture_viewcursor.odp_") at ./helpers.hpp:151
 #20 0x00007fda216ad007 in UnitLoadTorture::loadTorture (this=<optimized out>, testname="loadTorture_viewcursor.odp ", docName="viewcursor.odp", thread_count=thread_count@entry=3,
     max_jitter_ms=<optimized out>, max_jitter_ms@entry=75) at UnitLoadTorture.cpp:41
 #21 0x00007fda216ad7dd in UnitLoadTorture::<lambda()>::operator() (__closure=0x55e994dbc758) at UnitLoadTorture.cpp:186
 #22 std::__invoke_impl<void, UnitLoadTorture::testLoadTorture()::<lambda()> > (__f=...) at /usr/include/c++/7/bits/invoke.h:60
 #23 std::__invoke<UnitLoadTorture::testLoadTorture()::<lambda()> > (__fn=...) at /usr/include/c++/7/bits/invoke.h:95
 #24 std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > >::_M_invoke<0> (this=0x55e994dbc758) at /usr/include/c++/7/thread:234
 #25 std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > >::operator() (this=0x55e994dbc758) at /usr/include/c++/7/thread:243
 #26 std::thread::_State_impl<std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > > >::_M_run(void) (this=0x55e994dbc750) at /usr/include/c++/7/thread:186
 #27 0x00007fda22de366f in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #28 0x00007fda228f66db in start_thread (arg=0x7fda197fa700) at pthread_create.c:463
 #29 0x00007fda2261f88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

 Thread 6 (Thread 0x7fd9fffff700 (LWP 56362)):
  #0  __lll_lock_wait_private () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
 #1  0x00007fda225952db in __GI___libc_malloc (bytes=bytes@entry=3635) at malloc.c:3063
 #2  0x00007fda2262f364 in __backtrace_symbols (array=array@entry=0x7fd9ffffc540, size=size@entry=26) at backtracesyms.c:69
 #3  0x000055e9934cc439 in SigUtil::dumpBacktrace () at common/SigUtil.cpp:253
 #4  0x000055e9934cd5ae in SigUtil::handleFatalSignal (signal=6) at common/SigUtil.cpp:236
 #5  <signal handler called>
 #6  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
 #7  0x00007fda2253e801 in __GI_abort () at abort.c:79
 #8  0x00007fda22587897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fda226b4b9a "%s
") at ../sysdeps/posix/libc_fatal.c:181
 #9  0x00007fda2258e90a in malloc_printerr (str=str@entry=0x7fda226b2e0e "malloc(): memory corruption") at malloc.c:5350
 #10 0x00007fda22592994 in _int_malloc (av=av@entry=0x7fda00000020, bytes=bytes@entry=32) at malloc.c:3738
 #11 0x00007fda225952ed in __GI___libc_malloc (bytes=32) at malloc.c:3065
 #12 0x00007fda22db9258 in operator new(unsigned long) () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #13 0x00007fda244adaae in __gnu_cxx::new_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::allocate (this=0x7fd9ffffe740, __n=1)
     at /usr/include/c++/5/ext/new_allocator.h:104
 #14 0x00007fda244ad300 in __gnu_cxx::__alloc_traits<std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::allocate (__a=..., __n=1)
     at /usr/include/c++/5/ext/alloc_traits.h:182
 #15 0x00007fda244ac858 in std::_Vector_base<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_allocate (this=0x7fd9ffffe740, __n=1) at /usr/include/c++/5/bits/stl_vector.h:170
 #16 0x00007fda244ab7c7 in std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::_M_insert_aux (this=0x7fd9ffffe740, __position=non-dereferenceable iterator for std::vector, __x="home") at /usr/include/c++/5/bits/vector.tcc:353
 #17 0x00007fda244aada2 in std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::push_back (this=0x7fd9ffffe740, __x="home") at /usr/include/c++/5/bits/stl_vector.h:925
 #18 0x00007fda2350ddcb in Poco::Path::pushDirectory (this=0x7fd9ffffe6c0, dir="home") at src/Path.cpp:471
 #19 0x00007fda2350ea27 in Poco::Path::parseUnix (this=0x7fd9ffffe6c0, path="/home/ash/prj/lo/online/test/") at src/Path.cpp:671
 #20 0x00007fda2350cd6b in Poco::Path::assign (this=0x7fd9ffffe6c0, path="/home/ash/prj/lo/online/test/") at src/Path.cpp:182
 #21 0x00007fda2350c1be in Poco::Path::Path (this=0x7fd9ffffe6c0, path="/home/ash/prj/lo/online/test/") at src/Path.cpp:54
 #22 0x00007fda2350d33a in Poco::Path::makeAbsolute (this=0x7fd9ffffe8f0) at src/Path.cpp:318
 #23 0x00007fda216b52ca in helpers::getDocumentPathAndURL (docFilename="setclientpart.ods", documentPath="/tmp/loadTorture_setclientpart.ods_ae70d2e_setclientpart.ods", documentURL="",
     prefix="loadTorture_setclientpart.ods_") at ./helpers.hpp:153
 #24 0x00007fda216ad007 in UnitLoadTorture::loadTorture (this=<optimized out>, testname="loadTorture_setclientpart.ods ", docName="setclientpart.ods", thread_count=thread_count@entry=3,
     max_jitter_ms=<optimized out>, max_jitter_ms@entry=75) at UnitLoadTorture.cpp:41
 #25 0x00007fda216ad7dd in UnitLoadTorture::<lambda()>::operator() (__closure=0x55e994cffe18) at UnitLoadTorture.cpp:186
 #26 std::__invoke_impl<void, UnitLoadTorture::testLoadTorture()::<lambda()> > (__f=...) at /usr/include/c++/7/bits/invoke.h:60
 #27 std::__invoke<UnitLoadTorture::testLoadTorture()::<lambda()> > (__fn=...) at /usr/include/c++/7/bits/invoke.h:95
 #28 std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > >::_M_invoke<0> (this=0x55e994cffe18) at /usr/include/c++/7/thread:234
 #29 std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > >::operator() (this=0x55e994cffe18) at /usr/include/c++/7/thread:243
 #30 std::thread::_State_impl<std::thread::_Invoker<std::tuple<UnitLoadTorture::testLoadTorture()::<lambda()> > > >::_M_run(void) (this=0x55e994cffe10) at /usr/include/c++/7/thread:186
 #31 0x00007fda22de366f in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
 #32 0x00007fda228f66db in start_thread (arg=0x7fd9fffff700) at pthread_create.c:463
 #33 0x00007fda2261f88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Change-Id: Ib60954e49e692082e686cb3fdc5fc9d5cfbc83c9
Reviewed-on: https://gerrit.libreoffice.org/83047
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
tdf-gerrit pushed a commit that referenced this pull request Jan 24, 2020
@vmiklos
test: fix ODR-violation in SigUtil
ea9c80b 
==6642==ERROR: AddressSanitizer: odr-violation (0x0000024db3a0):
  [1] size=4 'SigUtil::SigHandlerTrap::SigHandling' ../common/SigUtil.cpp:113:38
  [2] size=4 'SigUtil::SigHandlerTrap::SigHandling' common/SigUtil.cpp:113:38
These globals were registered at these points:
  [1]:
    #0 0x68d7d8 in __asan_register_globals.part.13 lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_globals.cc:365
    #1 0x7f4b7eeed83b in asan.module_ctor (online-san/test/../test/.libs/unit-base.so+0x6fd83b)

  [2]:
    #0 0x68d7d8 in __asan_register_globals.part.13 lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_globals.cc:365
    #1 0x104590e in asan.module_ctor (online-san/loolwsd+0x104590e)

No need to include SigUtil for unit-base (invoked during 'make check'),
it's only needed for unittest_SOURCES (invoked during 'make').

Same for Log::IsShutdown(), 'vtable for Session', 'typeinfo name for
TileQueue', 'JWTAuth::_key', 'vtable for ClientSession',
'UnitBase::Global', 'SocketPoll::DefaultPollTimeoutMs' and
'SslContext::Instance'.

But don't just remove all wsd_sources from the new-style unit tests, as
that would lead to missing symbols:

[ loolwsd ] ERR  Failed to load online-san/test/../test/.libs/unit-base.so: online-san/test/../test/.libs/unit-base.so: undefined symbol: _Z20documentViewCallbackiPKcPv| common/Unit.cpp:40

(Seen during make check's unit-base.)

Change-Id: I305185f6437c5b4887d8e09a592e578a94f2659c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/87323
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
tdf-gerrit pushed a commit that referenced this pull request Feb 22, 2020
@vmiklos @mmeeks
common: fix crash when the version string contains no dot character
8d2a8da 
==13901==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000904678 bp 0x7ffdb9e21580 sp 0x7ffdb9e21340 T0)
==13901==The signal is caused by a READ memory access.
==13901==Hint: address points to the zero page.
    #0 0x904677 in LOOLProtocol::tokenize[abi:cxx11](char const*, unsigned long, char) common/Protocol.hpp:113:40
    #1 0x898c52 in LOOLProtocol::tokenize(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, char) common/Protocol.hpp:141:16
    #2 0x18dc2d9 in LOOLProtocol::ParseVersion(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) common/Protocol.cpp:35:51
    #3 0x1148824 in ClientSession::_handleInput(char const*, int) wsd/ClientSession.cpp:358:64
    #4 0x18efcb8 in Session::handleMessage(bool, WSOpCode, std::vector<char, std::allocator<char> >&) common/Session.cpp:232:13

Next commit will add the actual simple fuzzer that found this.

Change-Id: I8623b4451a57390f6f84c11084c5a1120a11fcc5
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89225
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
tdf-gerrit pushed a commit that referenced this pull request Feb 22, 2020
@vmiklos @mmeeks
wsd: fix crash when downloadas has not enough parameters
aefc654 
==11898==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000007c4f87 bp 0x7fffe45dfe90 sp 0x7fffe45df608 T0)
==11898==The signal is caused by a READ memory access.
==11898==Hint: address points to the zero page.
    #0 0x7c4f86 in AddressIsPoisoned lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_mapping.h:397
    #1 0x7c4f86 in __asan::QuickCheckForUnpoisonedRegion(unsigned long, unsigned long) lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_interceptors_memintrinsics.h:31
    #2 0x816436 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:834
    #3 0x816d38 in memcmp lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:866
    #4 0x7f1964437595 in std::char_traits<char>::compare(char const*, char const*, unsigned long) lode/packages/gccbuild/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/char_traits.h:310
    #5 0x7f1964437595 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(unsigned long, unsigned long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const lode/packages/gccbuild/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:1391
    #6 0x18e206d in LOOLProtocol::getTokenString(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) common/Protocol.cpp:141:19
    #7 0x117cc0a in ClientSession::filterMessage(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const wsd/ClientSession.cpp:940:13
    #8 0x116b832 in ClientSession::_handleInput(char const*, int) wsd/ClientSession.cpp:741:14
    #9 0x18f70d0 in Session::handleMessage(bool, WSOpCode, std::vector<char, std::allocator<char> >&) common/Session.cpp:230:13

Change-Id: I0c7da6c02ac62bf0bc99557517fc7c517917046c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89229
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
tdf-gerrit pushed a commit that referenced this pull request Feb 29, 2020
@kendy @mmeeks
Just try to catch everything in the getSafeConfig().
48283de 
Poco::Exception is derived from std::exception, yet there were cases
where it was not caught - no idea why:

I/DEBUG   (24700):     #00 pc 000371e4  /system/lib/libc.so (tgkill+12)
I/DEBUG   (24700):     #1 pc 00013fb9  /system/lib/libc.so (pthread_kill+52)
I/DEBUG   (24700):     #2 pc 00014bd7  /system/lib/libc.so (raise+10)
I/DEBUG   (24700):     #3 pc 00011519  /system/lib/libc.so (__libc_android_abort+36)
I/DEBUG   (24700):     #4 pc 0000fca4  /system/lib/libc.so (abort+4)
I/DEBUG   (24700):     #5 pc 000126e9  /system/lib/libc.so (__libc_fatal+16)
I/DEBUG   (24700):     #6 pc 0001159d  /system/lib/libc.so (__assert2+20)
I/DEBUG   (24700):     #7 pc 00064fed  /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so
I/DEBUG   (24700):     #8 pc 00065183  /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so
I/DEBUG   (24700):     #9 pc 0006cb79  /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so
I/DEBUG   (24700):     #10 pc 0006c527  /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so
I/DEBUG   (24700):     #11 pc 0006c4ef  /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so (__cxa_throw+74)
I/DEBUG   (24700):     #12 pc 001be25c  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZNK4Poco4Util21AbstractConfiguration7getBoolERKNSt6__ndk112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEE+208)
I/DEBUG   (24700):     #13 pc 001847fd  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD17ConfigValueGetterclERb+12)
I/DEBUG   (24700):     #14 pc 001847c3  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD13getSafeConfigIbEEbRN4Poco4Util20LayeredConfigurationERKNSt6__ndk112basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEERT_+22)
I/DEBUG   (24700):     #15 pc 00184747  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD14getConfigValueIbEET_RN4Poco4Util20LayeredConfigurationERKNSt6__ndk112basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEES1_+38)
I/DEBUG   (24700):     #16 pc 0018748b  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD10initializeERN4Poco4Util11ApplicationE+1334)
I/DEBUG   (24700):     #17 pc 001c7274  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN4Poco4Util11Application3runEv+28)
I/DEBUG   (24700):     #18 pc 00134fbf  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so
I/DEBUG   (24700):     #19 pc 00134df7  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so
I/DEBUG   (24700):     #20 pc 00134dc5  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so
I/DEBUG   (24700):     #21 pc 000137a3  /system/lib/libc.so (_ZL15__pthread_startPv+30)
I/DEBUG   (24700):     #22 pc 00011883  /system/lib/libc.so (__start_thread+6)

Change-Id: Ica643f88d572b239b9a124e31cb4552f86439bf6
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89715
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
tdf-gerrit pushed a commit that referenced this pull request Feb 29, 2020
@kendy @mmeeks
Just try to catch everything in the getSafeConfig().
1da7325 
Poco::Exception is derived from std::exception, yet there were cases
where it was not caught - no idea why:

I/DEBUG   (24700):     #00 pc 000371e4  /system/lib/libc.so (tgkill+12)
I/DEBUG   (24700):     #1 pc 00013fb9  /system/lib/libc.so (pthread_kill+52)
I/DEBUG   (24700):     #2 pc 00014bd7  /system/lib/libc.so (raise+10)
I/DEBUG   (24700):     #3 pc 00011519  /system/lib/libc.so (__libc_android_abort+36)
I/DEBUG   (24700):     #4 pc 0000fca4  /system/lib/libc.so (abort+4)
I/DEBUG   (24700):     #5 pc 000126e9  /system/lib/libc.so (__libc_fatal+16)
I/DEBUG   (24700):     #6 pc 0001159d  /system/lib/libc.so (__assert2+20)
I/DEBUG   (24700):     #7 pc 00064fed  /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so
I/DEBUG   (24700):     #8 pc 00065183  /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so
I/DEBUG   (24700):     #9 pc 0006cb79  /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so
I/DEBUG   (24700):     #10 pc 0006c527  /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so
I/DEBUG   (24700):     #11 pc 0006c4ef  /data/app/com.collabora.libreoffice-1/lib/arm/libc++_shared.so (__cxa_throw+74)
I/DEBUG   (24700):     #12 pc 001be25c  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZNK4Poco4Util21AbstractConfiguration7getBoolERKNSt6__ndk112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEE+208)
I/DEBUG   (24700):     #13 pc 001847fd  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD17ConfigValueGetterclERb+12)
I/DEBUG   (24700):     #14 pc 001847c3  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD13getSafeConfigIbEEbRN4Poco4Util20LayeredConfigurationERKNSt6__ndk112basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEERT_+22)
I/DEBUG   (24700):     #15 pc 00184747  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD14getConfigValueIbEET_RN4Poco4Util20LayeredConfigurationERKNSt6__ndk112basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEES1_+38)
I/DEBUG   (24700):     #16 pc 0018748b  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN7LOOLWSD10initializeERN4Poco4Util11ApplicationE+1334)
I/DEBUG   (24700):     #17 pc 001c7274  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so (_ZN4Poco4Util11Application3runEv+28)
I/DEBUG   (24700):     #18 pc 00134fbf  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so
I/DEBUG   (24700):     #19 pc 00134df7  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so
I/DEBUG   (24700):     #20 pc 00134dc5  /data/app/com.collabora.libreoffice-1/lib/arm/libandroidapp.so
I/DEBUG   (24700):     #21 pc 000137a3  /system/lib/libc.so (_ZL15__pthread_startPv+30)
I/DEBUG   (24700):     #22 pc 00011883  /system/lib/libc.so (__start_thread+6)

Change-Id: Ica643f88d572b239b9a124e31cb4552f86439bf6
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89715
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
tdf-gerrit pushed a commit that referenced this pull request Mar 12, 2020
@vmiklos @timar
common: fix crash when the version string contains no dot character
f94c6b7 
==13901==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000904678 bp 0x7ffdb9e21580 sp 0x7ffdb9e21340 T0)
==13901==The signal is caused by a READ memory access.
==13901==Hint: address points to the zero page.
    #0 0x904677 in LOOLProtocol::tokenize[abi:cxx11](char const*, unsigned long, char) common/Protocol.hpp:113:40
    #1 0x898c52 in LOOLProtocol::tokenize(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, char) common/Protocol.hpp:141:16
    #2 0x18dc2d9 in LOOLProtocol::ParseVersion(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) common/Protocol.cpp:35:51
    #3 0x1148824 in ClientSession::_handleInput(char const*, int) wsd/ClientSession.cpp:358:64
    #4 0x18efcb8 in Session::handleMessage(bool, WSOpCode, std::vector<char, std::allocator<char> >&) common/Session.cpp:232:13

Next commit will add the actual simple fuzzer that found this.

Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89225
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
(cherry picked from commit 8d2a8da)

Conflicts:
	common/Protocol.cpp

Change-Id: I8623b4451a57390f6f84c11084c5a1120a11fcc5
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89545
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
tdf-gerrit pushed a commit that referenced this pull request Mar 12, 2020
@vmiklos @timar
wsd: fix crash when downloadas has not enough parameters
7f9b802 
==11898==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000007c4f87 bp 0x7fffe45dfe90 sp 0x7fffe45df608 T0)
==11898==The signal is caused by a READ memory access.
==11898==Hint: address points to the zero page.
    #0 0x7c4f86 in AddressIsPoisoned lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_mapping.h:397
    #1 0x7c4f86 in __asan::QuickCheckForUnpoisonedRegion(unsigned long, unsigned long) lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/asan_interceptors_memintrinsics.h:31
    #2 0x816436 in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:834
    #3 0x816d38 in memcmp lode/packages/llvm-472c6ef8b0f53061b049039f9775ab127beafbe4.src/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:866
    #4 0x7f1964437595 in std::char_traits<char>::compare(char const*, char const*, unsigned long) lode/packages/gccbuild/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/char_traits.h:310
    #5 0x7f1964437595 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::compare(unsigned long, unsigned long, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const lode/packages/gccbuild/x86_64-pc-linux-gnu/libstdc++-v3/include/bits/basic_string.tcc:1391
    #6 0x18e206d in LOOLProtocol::getTokenString(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) common/Protocol.cpp:141:19
    #7 0x117cc0a in ClientSession::filterMessage(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) const wsd/ClientSession.cpp:940:13
    #8 0x116b832 in ClientSession::_handleInput(char const*, int) wsd/ClientSession.cpp:741:14
    #9 0x18f70d0 in Session::handleMessage(bool, WSOpCode, std::vector<char, std::allocator<char> >&) common/Session.cpp:230:13

Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89229
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
(cherry picked from commit aefc654)

Change-Id: I0c7da6c02ac62bf0bc99557517fc7c517917046c
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89546
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@elringus @fitojb @pranavk @DarkStar1 @smehrbrodt