151930 – buildDiagramDataModel memory leak

Bug 151930 - buildDiagramDataModel memory leak

Summary: buildDiagramDataModel memory leak

Status:	RESOLVED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	filters and storage (show other bugs)
Version: (earliest affected)	7.5.0.0 alpha0+
Hardware:	All All

Importance:	medium normal
Assignee:	Not Assigned

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-11-06 12:51 UTC by Caolán McNamara
Modified:	2023-01-18 09:16 UTC (History)
CC List:	3 users (show)

See Also:
Crash report or crash signature:

Attachments
input file (20.72 KB, application/vnd.openxmlformats-officedocument.wordprocessingml.document) 2022-11-06 12:51 UTC, Caolán McNamara	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Caolán McNamara 2022-11-06 12:51:10 UTC

Description:
leak on loading a specific docx

Steps to Reproduce:
1. valgrind --leak-check=full ./instdir/program/soffice.bin --headless --convert-to pdf ~/clusterfuzz-testcase-minimized-docxfuzzer-6677783406837760.docx

Actual Results:
==3842426== 
==3842426== 739,036 (48 direct, 738,988 indirect) bytes in 1 blocks are definitely lost in loss record 10,130 of 10,131
==3842426==    at 0x4845FF5: operator new(unsigned long) (vg_replace_malloc.c:422)
==3842426==    by 0x97C726C: std::__new_allocator<std::_Rb_tree_node<std::pair<rtl::OUString const, svx::diagram::Point*> > >::allocate(unsigned long, void const*) (new_allocator.h:137)
==3842426==    by 0x97C7200: std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<rtl::OUString const, svx::diagram::Point*> > > >::allocate(std::allocator<std::_Rb_tree_node<std::pair<rtl::OUString const, svx::diagram::Point*> > >&, unsigned long) (alloc_traits.h:464)
==3842426==    by 0x97C70F1: std::_Rb_tree<rtl::OUString, std::pair<rtl::OUString const, svx::diagram::Point*>, std::_Select1st<std::pair<rtl::OUString const, svx::diagram::Point*> >, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, svx::diagram::Point*> > >::_M_get_node() (stl_tree.h:561)
==3842426==    by 0x97CA4BC: std::_Rb_tree_node<std::pair<rtl::OUString const, svx::diagram::Point*> >* std::_Rb_tree<rtl::OUString, std::pair<rtl::OUString const, svx::diagram::Point*>, std::_Select1st<std::pair<rtl::OUString const, svx::diagram::Point*> >, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, svx::diagram::Point*> > >::_M_create_node<std::pair<rtl::OUString, svx::diagram::Point*> >(std::pair<rtl::OUString, svx::diagram::Point*>&&) (stl_tree.h:611)
==3842426==    by 0x97CA47F: std::_Rb_tree<rtl::OUString, std::pair<rtl::OUString const, svx::diagram::Point*>, std::_Select1st<std::pair<rtl::OUString const, svx::diagram::Point*> >, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, svx::diagram::Point*> > >::_Auto_node::_Auto_node<std::pair<rtl::OUString, svx::diagram::Point*> >(std::_Rb_tree<rtl::OUString, std::pair<rtl::OUString const, svx::diagram::Point*>, std::_Select1st<std::pair<rtl::OUString const, svx::diagram::Point*> >, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, svx::diagram::Point*> > >&, std::pair<rtl::OUString, svx::diagram::Point*>&&) (stl_tree.h:1636)
==3842426==    by 0x97CA31E: std::_Rb_tree_iterator<std::pair<rtl::OUString const, svx::diagram::Point*> > std::_Rb_tree<rtl::OUString, std::pair<rtl::OUString const, svx::diagram::Point*>, std::_Select1st<std::pair<rtl::OUString const, svx::diagram::Point*> >, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, svx::diagram::Point*> > >::_M_emplace_hint_unique<std::pair<rtl::OUString, svx::diagram::Point*> >(std::_Rb_tree_const_iterator<std::pair<rtl::OUString const, svx::diagram::Point*> >, std::pair<rtl::OUString, svx::diagram::Point*>&&) (stl_tree.h:2461)
==3842426==    by 0x97CA249: std::_Rb_tree_iterator<std::pair<rtl::OUString const, svx::diagram::Point*> > std::__cxx1998::map<rtl::OUString, svx::diagram::Point*, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, svx::diagram::Point*> > >::emplace_hint<std::pair<rtl::OUString, svx::diagram::Point*> >(std::_Rb_tree_const_iterator<std::pair<rtl::OUString const, svx::diagram::Point*> >, std::pair<rtl::OUString, svx::diagram::Point*>&&) (stl_map.h:638)
==3842426==    by 0x97CA0C9: std::enable_if<is_constructible<std::pair<rtl::OUString const, svx::diagram::Point*>, std::pair<rtl::OUString, svx::diagram::Point*> >::value, std::pair<std::_Rb_tree_iterator<std::pair<rtl::OUString const, svx::diagram::Point*> >, bool> >::type std::__cxx1998::map<rtl::OUString, svx::diagram::Point*, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, svx::diagram::Point*> > >::insert<std::pair<rtl::OUString, svx::diagram::Point*> >(std::pair<rtl::OUString, svx::diagram::Point*>&&) (stl_map.h:858)
==3842426==    by 0x97AA512: std::pair<__gnu_debug::_Safe_iterator<std::_Rb_tree_iterator<std::pair<rtl::OUString const, svx::diagram::Point*> >, std::__debug::map<rtl::OUString, svx::diagram::Point*, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, svx::diagram::Point*> > >, std::bidirectional_iterator_tag>, bool> std::__debug::map<rtl::OUString, svx::diagram::Point*, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, svx::diagram::Point*> > >::insert<std::pair<rtl::OUString, svx::diagram::Point*>, void>(std::pair<rtl::OUString, svx::diagram::Point*>&&) (map.h:285)
==3842426==    by 0x97A3D9B: svx::diagram::DiagramData::buildDiagramDataModel(bool) (datamodel.cxx:408)
==3842426==    by 0x2BBFB22F: oox::drawingml::DiagramData::buildDiagramDataModel(bool) (datamodel.cxx:450)
==3842426== 
==3842426== 1,289,078 (48 direct, 1,289,030 indirect) bytes in 1 blocks are definitely lost in loss record 10,131 of 10,131
==3842426==    at 0x4845FF5: operator new(unsigned long) (vg_replace_malloc.c:422)
==3842426==    by 0x2BC1DB2C: std::__new_allocator<std::_Rb_tree_node<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > > >::allocate(unsigned long, void const*) (new_allocator.h:137)
==3842426==    by 0x2BC1DAC0: std::allocator_traits<std::allocator<std::_Rb_tree_node<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > > > >::allocate(std::allocator<std::_Rb_tree_node<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > > >&, unsigned long) (alloc_traits.h:464)
==3842426==    by 0x2BC1D9B1: std::_Rb_tree<rtl::OUString, std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> >, std::_Select1st<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > >, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > > >::_M_get_node() (stl_tree.h:561)
==3842426==    by 0x2BC1D934: std::_Rb_tree_node<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > >* std::_Rb_tree<rtl::OUString, std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> >, std::_Select1st<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > >, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > > >::_M_create_node<std::piecewise_construct_t const&, std::tuple<rtl::OUString const&>, std::tuple<> >(std::piecewise_construct_t const&, std::tuple<rtl::OUString const&>&&, std::tuple<>&&) (stl_tree.h:611)
==3842426==    by 0x2BC1D489: std::_Rb_tree<rtl::OUString, std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> >, std::_Select1st<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > >, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > > >::_Auto_node::_Auto_node<std::piecewise_construct_t const&, std::tuple<rtl::OUString const&>, std::tuple<> >(std::_Rb_tree<rtl::OUString, std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> >, std::_Select1st<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > >, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > > >&, std::piecewise_construct_t const&, std::tuple<rtl::OUString const&>&&, std::tuple<>&&) (stl_tree.h:1636)
==3842426==    by 0x2BC1D037: std::_Rb_tree_iterator<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > > std::_Rb_tree<rtl::OUString, std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> >, std::_Select1st<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > >, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > > >::_M_emplace_hint_unique<std::piecewise_construct_t const&, std::tuple<rtl::OUString const&>, std::tuple<> >(std::_Rb_tree_const_iterator<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > >, std::piecewise_construct_t const&, std::tuple<rtl::OUString const&>&&, std::tuple<>&&) (stl_tree.h:2461)
==3842426==    by 0x2BC1CDC1: std::__cxx1998::map<rtl::OUString, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument>, std::less<rtl::OUString>, std::allocator<std::pair<rtl::OUString const, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> > > >::operator[](rtl::OUString const&) (stl_map.h:511)
==3842426==    by 0x2BC0E8E6: oox::drawingml::importFragment(oox::core::XmlFilterBase&, com::sun::star::uno::Reference<com::sun::star::xml::dom::XDocument> const&, rtl::OUString const&, std::shared_ptr<oox::drawingml::Diagram> const&, rtl::Reference<oox::core::FragmentHandler> const&) (diagram.cxx:245)
==3842426==    by 0x2BC0D78E: oox::drawingml::loadDiagram(std::shared_ptr<oox::drawingml::Shape> const&, oox::core::XmlFilterBase&, rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, rtl::OUString const&, oox::core::Relations const&) (diagram.cxx:323)
==3842426==    by 0x2BCA0B9D: oox::drawingml::DiagramGraphicDataContext::onCreateContext(int, oox::AttributeList const&) (graphicshapecontext.cxx:285)
==3842426==    by 0x2BCA1504: non-virtual thunk to oox::drawingml::DiagramGraphicDataContext::onCreateContext(int, oox::AttributeList const&) (graphicshapecontext.cxx:0)


Expected Results:
no leak


Reproducible: Always


User Profile Reset: No

Additional Info:
oss-fuzz number 48580

Comment 1 Caolán McNamara 2022-11-06 12:51:39 UTC

Created attachment 183432 [details]
input file

Comment 2 Caolán McNamara 2022-11-06 12:53:08 UTC

I feel this leak is some corner case in the relatively new Advanced Diagram support

Comment 3 Regina Henschel 2022-11-06 13:11:00 UTC

The attached file cannot be opened, neither with Word 365 nor with "Open XML SDK 2.5 Productivity Tool". Trying to open it in LO gives: The error details are:
SAXException: [word/document.xml line 2]: Specification mandates value for attribute :pMxmpr

Comment 4 Caolán McNamara 2022-11-06 15:16:05 UTC

that is correct, still leaks though

Comment 5 Caolán McNamara 2023-01-18 09:16:19 UTC

this spontaneously got better, maybe due to:

commit af8fdba1194e657237f9abc460381a1c4bc49982
Date:   Thu Jan 5 13:12:34 2023 +0900

    support theme color for lines + oox support + tests