Description: oss-fuzz has detected leaks of SwTextBoxHelper when fuzzing .docx. These seem to have begun since: https://gerrit.libreoffice.org/c/core/+/120452 commit 504d78acb866495fd954fcd6db22ea68f174a5ab Author: Attila Bakos (NISZ) <bakos.attilakaroly@nisz.hu> Date: Fri Aug 13 14:11:24 2021 +0200 tdf#143574 sw: textboxes in group shapes - part 1 Steps to Reproduce: This i bit of a pain to reproduce because they are generated documents, but under Linux see vcl/workben/fftester.cxx and 1 cp workdir/LinkTarget/Executable/fftester instdir/program 2 LD_LIBRARY_PATH=`pwd`/instdir/program valgrind --leak-check=yes instdir/program/fftester ~/Downloads/DOCUMENT docx where for DOCUMENT substitute one of the attachments Actual Results: ==738289== 88 (64 direct, 24 indirect) bytes in 1 blocks are definitely lost in loss record 1,623 of 2,437 ==738289== at 0x4840FF5: operator new(unsigned long) (vg_replace_malloc.c:417) ==738289== by 0x1CFCAC74: SwTextBoxHelper::create(SwFrameFormat*, SdrObject*, bool) (textboxhelper.cxx:119) ==738289== by 0x1D868D58: SwXShape::setPropertyValue(rtl::OUString const&, com::sun::star::uno::Any const&) (unodraw.cxx:1169) ==738289== by 0x22DD540F: SvxShape::setPropertyValues(com::sun::star::uno::Sequence<rtl::OUString> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&) (unoshape.cxx:1815) ==738289== by 0x2B0D1937: oox::PropertySet::setProperties(com::sun::star::uno::Sequence<rtl::OUString> const&, com::sun::star::uno::Sequence<com::sun::star::uno::Any> const&) (propertyset.cxx:82) ==738289== by 0x2B0D1C23: oox::PropertySet::setProperties(oox::PropertyMap const&) (propertyset.cxx:105) Expected Results: no leak Reproducible: Always User Profile Reset: No Additional Info: if this work is something that isn't complete yet then maybe it could be only enabled if the experimental setting is set?
Created attachment 174733 [details] case 1
Created attachment 174734 [details] case 2
Created attachment 174735 [details] case 3
Created attachment 174736 [details] case 4
The ownership seems complicated to me and I can't quite see who should have responsibility of the SwTextBoxNode* to try a fix myself.
Attila Bakos (NISZ) committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/ba5156abace2e41ec4d21397c0875f7e1efd2beb tdf#143574 tdf#144271 sw: textboxes in group shapes - part 2 It will be available in 7.3.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Created attachment 176463 [details] memory check after the fix
With the fix, I haven't found those leaks running all the test cases, see the attached output for the first one. The clean-up part 3 was merged now: https://gerrit.libreoffice.org/c/core/+/124657 Which works with nested grouping, too. @Caolán: many thanks for the report and the details!
yeah, we can close this