Bug 112395 - SfxBoolItem::Clone(SfxItemPool*) leaks memory
Summary: SfxBoolItem::Clone(SfxItemPool*) leaks memory
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
6.0.0.0.alpha0+
Hardware: All Mac OS X (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard: target:6.0.0
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-14 16:51 UTC by Telesto
Modified: 2017-12-08 13:11 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:


Attachments
BT & Few screenshots (874.50 KB, application/x-zip-compressed)
2017-09-14 16:52 UTC, Telesto
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Telesto 2017-09-14 16:51:40 UTC
Description:
SfxBoolItem::Clone(SfxItemPool*) leaks memory

Steps to Reproduce:
1. Start the Instruments
2. Choose Memory Leak profile tool
3. Select LibreOffice.app in instdir as target process
4. Click on the record button, LODev is started by the profiling tool
5. Wait for the StartCenter to load.
6. Click on the new Writer document icon to open a blank Writer document.
7. Do some editing work (not sure what a trigger is, but it happens quite often). For example:
Adding a textbox 
Delete the textbox
Change font color of some text 
8. Stop recording (after the closing is fully processed) 
9. Analyse the profile trace.

Actual Results:  
SfxBoolItem::Clone(SfxItemPool*) leaks memory

Expected Results:
Shouldn't leak memory


Reproducible: Always

User Profile Reset: No

Additional Info:
Version: 6.0.0.0.alpha0+
Build ID: e970395c692a5c315914ddf5b43cf01e590345ff
CPU threads: 4; OS: Mac OS X 10.12.4; UI render: default; 
Locale: en-US (en_US.UTF-8); Calc: group


User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Comment 1 Telesto 2017-09-14 16:52:00 UTC
Created attachment 136248 [details]
BT & Few screenshots
Comment 2 Alex Thurgood 2017-09-28 11:12:49 UTC
Confirming with my master build.

Instruments flags the following code as problematic :

// virtual
SfxPoolItem * SfxBoolItem::Clone(SfxItemPool *) const
{
    return new SfxBoolItem(*this);
}


lines 169-173 in cenumitm.cxx
Comment 3 Alex Thurgood 2017-09-28 11:14:41 UTC
I could reproduce this by :

1) Opening Writer
2) Inserting a TextBox
3) Typing some text in the text box
4) Clicking outside the text box
5) Adding a blank paragraph (Enter key)
6) Reselecting Textbox
7) Deleting Textbox
8) Closing Writer document, no save.
Comment 4 Julien Nabet 2017-10-02 09:49:35 UTC
Caolán: I used fprintf with the display of instance + foo counter in constructor and destructor. The weird thing is, foo went below 0.
First I thought having forgetted a ctr or having put -- instead of ++ for a ctr but it was not the case.
I tried a bt at a moment when it went below 0 and noticed calls to cache/bind functions.
Any thoughts?
Comment 5 Caolán McNamara 2017-10-02 12:02:58 UTC
you may have e.g. moved the body of the ctors from the hxx to a cxx but then didn't do a top-level make, leaving some original inlined ctors in use, or something like that.

In this case I rather feel the thing that is leaking is ItemPools, i.e. editeng/source/editeng/editeng.cxx:2580 the pGlobalPool which in its ctor will eventually put a SfxBoolItem in there and the BoolItem leaks because its own that pGlobalPool leaks. And there's another bunch of static globals which take the address of that global so this is fraught with pain to get the memory released in a way that makes leak tools happy without causing some crash or other
Comment 6 Commit Notification 2017-10-02 14:46:37 UTC
Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=21dde7a09e2cfe7b48d2fec1edc7a94fa94af5c3

Related: tdf#112395 disabled slot with Put leaks entry

It will be available in 6.0.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 7 Julien Nabet 2017-10-08 15:31:44 UTC
Following Caolán's patch, let's put this one to FIXED.
Of course if this can still be reproduced with a build including the patch, don't hesitate to reopen this tracker.
Comment 8 Telesto 2017-11-18 12:53:38 UTC
(In reply to Julien Nabet from comment #7)
> Following Caolán's patch, let's put this one to FIXED.
> Of course if this can still be reproduced with a build including the patch,
> don't hesitate to reopen this tracker.

Not sure if it's worth it, but there is still a small leak -  SfxBoolItem::Clone(SfxItemPool*)- when formatting text within a textbox (bold italic, underline, font color change)
Comment 9 Julien Nabet 2017-11-21 19:31:52 UTC
(In reply to Telesto from comment #8)
> Not sure if it's worth it, but there is still a small leak - 
> SfxBoolItem::Clone(SfxItemPool*)- when formatting text within a textbox
> (bold italic, underline, font color change)

This one may be fixed with https://cgit.freedesktop.org/libreoffice/core/commit/?id=21f8b386e07702e375abd8000e7583f25a0804cf
Comment 10 Telesto 2017-12-07 16:00:45 UTC
(In reply to Julien Nabet from comment #9)
> (In reply to Telesto from comment #8)
> > Not sure if it's worth it, but there is still a small leak - 
> > SfxBoolItem::Clone(SfxItemPool*)- when formatting text within a textbox
> > (bold italic, underline, font color change)
> 
> This one may be fixed with
> https://cgit.freedesktop.org/libreoffice/core/commit/
> ?id=21f8b386e07702e375abd8000e7583f25a0804cf

No repro anymore
Version: 6.1.0.0.alpha0+
Build ID: 1d8cb97fea57b81a1ab151b88c2180e646bd401b
CPU threads: 4; OS: Mac OS X 10.12.6; UI render: default; 
TinderBox: MacOSX-x86_64@49-TDF, Branch:master, Time: 2017-12-07_00:47:14
Locale: nl-NL (nl_NL.UTF-8); Calc: group threaded
Comment 11 Julien Nabet 2017-12-07 16:15:10 UTC
Thank you Telesto for your feedback, let's put this one to VERIFIED.
Comment 12 Telesto 2017-12-07 16:16:36 UTC
@Julien
Found another small SfxBoolItem::Clone(SfxItemPool*) leak

1. Open Writer
2. Insert a table
3. Select the table
4. Change the a border color in the toolbar (or table dialog)

SfxBoolItem::Clone(SfxItemPool*) & rtl_uString_ImplAlloc(int) are leaking
Comment 13 Julien Nabet 2017-12-08 13:11:23 UTC
Telesto: thank you for this new case, could you give a new try with a build including new patch https://cgit.freedesktop.org/libreoffice/core/commit/?id=447c052d5c074f923fb04e086c9da0340eecb6bd ?