oss-fuzz has detected leaks of SwTextBoxHelper when fuzzing .docx.
These seem to have begun since: https://gerrit.libreoffice.org/c/core/+/120452
Author: Attila Bakos (NISZ) <firstname.lastname@example.org>
Date: Fri Aug 13 14:11:24 2021 +0200
tdf#143574 sw: textboxes in group shapes - part 1
Steps to Reproduce:
This i bit of a pain to reproduce because they are generated documents, but under Linux see vcl/workben/fftester.cxx and
1 cp workdir/LinkTarget/Executable/fftester instdir/program
2 LD_LIBRARY_PATH=`pwd`/instdir/program valgrind --leak-check=yes instdir/program/fftester ~/Downloads/DOCUMENT docx
where for DOCUMENT substitute one of the attachments
==738289== 88 (64 direct, 24 indirect) bytes in 1 blocks are definitely lost in loss record 1,623 of 2,437
==738289== at 0x4840FF5: operator new(unsigned long) (vg_replace_malloc.c:417)
==738289== by 0x1CFCAC74: SwTextBoxHelper::create(SwFrameFormat*, SdrObject*, bool) (textboxhelper.cxx:119)
==738289== by 0x1D868D58: SwXShape::setPropertyValue(rtl::OUString const&, com::sun::star::uno::Any const&) (unodraw.cxx:1169)
==738289== by 0x22DD540F: SvxShape::setPropertyValues(com::sun::star::uno::Sequence<rtl::OUString> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&) (unoshape.cxx:1815)
==738289== by 0x2B0D1937: oox::PropertySet::setProperties(com::sun::star::uno::Sequence<rtl::OUString> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&) (propertyset.cxx:82)
==738289== by 0x2B0D1C23: oox::PropertySet::setProperties(oox::PropertyMap const&) (propertyset.cxx:105)
User Profile Reset: No
if this work is something that isn't complete yet then maybe it could be only enabled if the experimental setting is set?
Created attachment 174733 [details]
Created attachment 174734 [details]
Created attachment 174735 [details]
Created attachment 174736 [details]
The ownership seems complicated to me and I can't quite see who should have responsibility of the SwTextBoxNode* to try a fix myself.
Attila Bakos (NISZ) committed a patch related to this issue.
It has been pushed to "master":
tdf#143574 tdf#144271 sw: textboxes in group shapes - part 2
It will be available in 7.3.0.
The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
Affected users are encouraged to test the fix and report feedback.
Created attachment 176463 [details]
memory check after the fix
With the fix, I haven't found those leaks running all the test cases, see the attached output for the first one. The clean-up part 3 was merged now:
Which works with nested grouping, too.
@Caolán: many thanks for the report and the details!
yeah, we can close this