Gitiles
Code Review Sign In
gerrit.collaboraoffice.com / core / f2e8dc899d3d6b6ebaf4ffd4c93c154b25d88f76
commitf2e8dc899d3d6b6ebaf4ffd4c93c154b25d88f76[log] [tgz]
authorCaolán McNamara <caolan.mcnamara@collabora.com>Sun Oct 19 21:13:41 2025 +0100
committerCaolán McNamara <caolan.mcnamara@collabora.com>Thu Oct 23 15:46:19 2025 +0200
tree0436ffa80bd582741338745802997aeadffbe8b7
parent610d7c49437f3ddfc612c2f00305fde71069617a [diff]
prevent BufferedDecomposition[Group]Primitive2D from being resurrected

The BufferedDecompositionFlusher thread is waiting for the SolarMutex
and has accumulated a bunch of rtl::References to Primitive2Ds in
aRemoved[1|2] created from direct pointers to Primitive2Ds during the
earlier phase.

Thread 6 (Thread 0x7fd2e27fe6c0 (LWP 3729389)):
 #0  0x00007fd313d3012b in  () at /lib/x86_64-linux-gnu/libc.so.6
 #1  0x00007fd313d364da in pthread_mutex_lock () at /lib/x86_64-linux-gnu/libc.so.6
 #2  0x00007fd3140a75f1 in osl_acquireMutex(oslMutex) (pMutex=0x556f87223470) at sal/osl/unx/mutex.cxx:93
         nRet = 32723
 #3  0x00007fd30e02be53 in osl::Mutex::acquire() (this=0x556f87223968) at include/osl/mutex.hxx:63
         pInst = 0x556f87223830
         __PRETTY_FUNCTION__ = "virtual void SvpSalYieldMutex::doAcquire(sal_uInt32)"
 #4  SvpSalYieldMutex::doAcquire(unsigned int) (this=0x556f87223960, nLockCount=1) at vcl/headless/svpinst.cxx:376
         pInst = 0x556f87223830
         __PRETTY_FUNCTION__ = "virtual void SvpSalYieldMutex::doAcquire(sal_uInt32)"
 #5  0x00007fd312bcd4fc in comphelper::SolarMutex::acquire(unsigned int) (this=<optimized out>, nLockCount=nLockCount@entry=1) at include/comphelper/solarmutex.hxx:86
         __PRETTY_FUNCTION__ = "void comphelper::SolarMutex::acquire(sal_uInt32)"
 #6  0x00007fd312bcd6bd in osl::Guard<comphelper::SolarMutex>::Guard(comphelper::SolarMutex*) (this=<optimized out>, pT_=<optimized out>) at include/osl/mutex.hxx:137
 #7  0x00007fd312bccd53 in drawinglayer::primitive2d::BufferedDecompositionFlusher::run() (this=0x7fd2d4159230) at drawinglayer/source/primitive2d/BufferedDecompositionFlusher.cxx:154
         aGuard = {pT = 0x556f87223960}
         aNow = {__d = {__r = 64556205175663173}}
         aRemoved1 = std::__debug::vector of length 1155, capacity 2048 =

The active thread 1 asserts that the reference count of a
SimpleReferenceObject isn't zero during dtor.

Thread 1 (Thread 0x7fd2e2fff6c0 (LWP 3726667)):
 #21 0x00007fd313c2760a in salhelper::SimpleReferenceObject::~SimpleReferenceObject() (this=this@entry=0x7fd2d62f51f0, __in_chrg=<optimized out>) at salhelper/source/simplereferenceobject.cxx:29
 #22 0x00007fd312bcbc57 in drawinglayer::primitive2d::BasePrimitive2D::~BasePrimitive2D() (this=this@entry=0x7fd2d62f51f0, __in_chrg=<optimized out>) at drawinglayer/source/primitive2d/baseprimitive2d.cxx:34
 #23 0x00007fd312bcc368 in drawinglayer::primitive2d::BufferedDecompositionPrimitive2D::~BufferedDecompositionPrimitive2D() (this=this@entry=0x7fd2d62f51f0, __in_chrg=<optimized out>) at drawinglayer/source/primitive2d/BufferedDecompositionPrimitive2D.cxx:69
 #24 0x00007fd310300136 in drawinglayer::primitive2d::SdrGrafPrimitive2D::~SdrGrafPrimitive2D() (this=0x7fd2d62f51f0, __in_chrg=<optimized out>) at svx/inc/sdr/primitive2d/sdrgrafprimitive2d.hxx:29
 #25 0x00007fd310300141 in drawinglayer::primitive2d::SdrGrafPrimitive2D::~SdrGrafPrimitive2D() (this=0x7fd2d62f51f0, __in_chrg=<optimized out>) at svx/inc/sdr/primitive2d/sdrgrafprimitive2d.hxx:29
 #26 0x00007fd312bcc5d3 in salhelper::SimpleReferenceObject::release() (this=<optimized out>) at include/salhelper/simplereferenceobject.hxx:83
 #27 0x00007fd312bd1e63 in rtl::Reference<drawinglayer::primitive2d::BasePrimitive2D>::~Reference() (this=0x7fd2d62f4b10, __in_chrg=<optimized out>) at include/rtl/ref.hxx:126
 #28 std::destroy_at<rtl::Reference<drawinglayer::primitive2d::BasePrimitive2D> >(rtl::Reference<drawinglayer::primitive2d::BasePrimitive2D>*) (__location=0x7fd2d62f4b10) at /usr/include/c++/12/bits/stl_construct.h:88
 #29 std::_Destroy<rtl::Reference<drawinglayer::primitive2d::BasePrimitive2D> >(rtl::Reference<drawinglayer::primitive2d::BasePrimitive2D>*) (__pointer=0x7fd2d62f4b10) at /usr/include/c++/12/bits/stl_construct.h:149

So, what if a BufferedDecompositionPrimitive2D was registered with
BufferedDecompositionFlusher, so a direct pointer to it exists.

On Thread 0 the BufferedDecompositionPrimitive2D ref count hits 0,
dtoring starts.

Meanwhile Thread 6 merrily spins its loop, creates a rtl::Reference from
the BufferedDecompositionPrimitive2D, ref count goes back up to 1.

BufferedDecompositionPrimitive2D::dtor gets around to unregistering
itself from BufferedDecompositionFlusher, but that doesn't matter
because the rtl::Reference to the primitive already exists in aRemoved,
dtor hits assert that refcount isn't 0

Change-Id: Iac0a03bb7cbadf949ba1ac00d69cf15cc2505e18
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/192674
Tested-by: Jenkins
Tested-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
3 files changed
tree: 0436ffa80bd582741338745802997aeadffbe8b7
  1. .config/
  2. .cspell/
  3. .git-hooks/
  4. .github/
  5. .vscode/
  6. android/
  7. animations/
  8. apple_remote/
  9. avmedia/
  10. basctl/
  11. basegfx/
  12. basic/
  13. bean/
  14. bin/
  15. binaryurp/
  16. bridges/
  17. canvas/
  18. chart2/
  19. cli_ure/
  20. codemaker/
  21. comphelper/
  22. compilerplugins/
  23. config_host/
  24. configmgr/
  25. connectivity/
  26. cppcanvas/
  27. cppu/
  28. cppuhelper/
  29. cpputools/
  30. cui/
  31. dbaccess/
  32. desktop/
  33. distro-configs/
  34. docmodel/
  35. drawinglayer/
  36. editeng/
  37. embeddedobj/
  38. embedserv/
  39. emfio/
  40. eventattacher/
  41. extensions/
  42. external/
  43. extras/
  44. filter/
  45. forms/
  46. formula/
  47. fpicker/
  48. framework/
  49. helpcompiler/
  50. hwpfilter/
  51. i18nlangtag/
  52. i18npool/
  53. i18nutil/
  54. icon-themes/
  55. idl/
  56. idlc/
  57. include/
  58. instsetoo_native/
  59. io/
  60. ios/
  61. javaunohelper/
  62. jurt/
  63. jvmaccess/
  64. jvmfwk/
  65. l10ntools/
  66. librelogo/
  67. libreofficekit/
  68. lingucomponent/
  69. linguistic/
  70. lotuswordpro/
  71. m4/
  72. msicreator/
  73. net_ure/
  74. nlpsolver/
  75. o3tl/
  76. odk/
  77. offapi/
  78. officecfg/
  79. oovbaapi/
  80. oox/
  81. opencl/
  82. osx/
  83. package/
  84. pch/
  85. postprocess/
  86. pyuno/
  87. qadevOOo/
  88. readlicense_oo/
  89. registry/
  90. remotebridges/
  91. reportbuilder/
  92. reportdesign/
  93. ridljar/
  94. rust_uno/
  95. sal/
  96. salhelper/
  97. sax/
  98. sc/
  99. scaddins/
  100. sccomp/
  101. schema/
  102. scp2/
  103. scripting/
  104. sd/
  105. sdext/
  106. setup_native/
  107. sfx2/
  108. shell/
  109. slideshow/
  110. smoketest/
  111. solenv/
  112. soltools/
  113. sot/
  114. starmath/
  115. static/
  116. stoc/
  117. store/
  118. svgio/
  119. svl/
  120. svtools/
  121. svx/
  122. sw/
  123. swext/
  124. sysui/
  125. test/
  126. testtools/
  127. toolkit/
  128. tools/
  129. ucb/
  130. ucbhelper/
  131. udkapi/
  132. uitest/
  133. UnoControls/
  134. unodevtools/
  135. unoidl/
  136. unoil/
  137. unotest/
  138. unotools/
  139. unoxml/
  140. ure/
  141. uui/
  142. vbahelper/
  143. vcl/
  144. winaccessibility/
  145. wizards/
  146. writerperfect/
  147. xmlhelp/
  148. xmloff/
  149. xmlreader/
  150. xmlscript/
  151. xmlsecurity/
  152. dictionaries
  153. helpcontent2
  154. translations
  155. .vsconfig.config/2022.vsconfig
  156. .buckconfig
  157. .buckversion
  158. .clang-format
  159. .editorconfig
  160. .git-blame-ignore-revs
  161. .gitattributes
  162. .gitignore
  163. .gitmodules
  164. .gitpod.dockerfile
  165. .gitpod.yml
  166. .gitreview
  167. antivirusDetection.vbs
  168. autogen.sh
  169. BUCK
  170. config.guess
  171. config.sub
  172. config_host.mk.in
  173. config_host_lang.mk.in
  174. configure.ac
  175. COPYING
  176. COPYING.LGPL
  177. COPYING.MPL
  178. cpp.hint
  179. download.lst
  180. g
  181. install-sh
  182. install_deps.sh
  183. leak-suppress.txt
  184. Library_merged.mk
  185. logerrit
  186. Makefile.fetch
  187. Makefile.gbuild
  188. Makefile.in
  189. README.cross
  190. README.help.md
  191. README.md
  192. README.Solaris
  193. README.yrs
  194. Repository.mk
  195. RepositoryExternal.mk
  196. RepositoryFixes.mk
  197. RepositoryModule_build.mk
  198. RepositoryModule_host.mk
  199. sanitize-ubsan-excludelist
  200. setup.cfg
  201. TEMPLATE.SOURCECODE.HEADER
  202. tsan-suppress.txt
README.md

LibreOffice

Coverity Scan Build Status CII Best Practices Translation status

LibreOffice is an integrated office suite based on copyleft licenses and compatible with most document formats and standards. Libreoffice is backed by The Document Foundation, which represents a large independent community of enterprises, developers and other volunteers moved by the common goal of bringing to the market the best software for personal productivity. LibreOffice is open source, and free to download, use and distribute.

A quick overview of the LibreOffice code structure.

Overview

You can develop for LibreOffice in one of two ways, one recommended and one much less so. First the somewhat less recommended way: it is possible to use the SDK to develop an extension, for which you can read the API docs and Developers Guide. This re-uses the (extremely generic) UNO APIs that are also used by macro scripting in StarBasic.

The best way to add a generally useful feature to LibreOffice is to work on the code base however. Overall this way makes it easier to compile and build your code, it avoids any arbitrary limitations of our scripting APIs, and in general is far more simple and intuitive - if you are a reasonably able C++ programmer.

The Build Chain and Runtime Baselines

These are the current minimal operating system and compiler versions to run and compile LibreOffice, also used by the TDF builds:

  • Windows:
  • macOS:
    • Runtime: 11
    • Build: 13 or later + Xcode 14.3 or later (using latest version available for a given version of macOS)
  • Linux:
    • Runtime: RHEL 9 or CentOS 9 and comparable
    • Build: either GCC 12; or Clang 12 with libstdc++ 10
  • iOS (only for LibreOfficeKit):
    • Runtime: 14.5 (only support for newer i devices == 64 bit)
    • Build: Xcode 12.5 and iPhone SDK 14.5
  • Android:
    • Build: NDK 27 and SDK 30.0.3
  • Emscripten / WASM:
    • Runtime: a browser with SharedMemory support (threads + atomics)
    • Build: Qt 5.15 with Qt supported Emscripten 1.39.8
    • See README.wasm

Java is required for building many parts of LibreOffice. In TDF Wiki article Development/Java, the exact modules that depend on Java are listed.

The baseline for Java is Java Development Kit (JDK) Version 17 or later.

The baseline for Python is version 3.11. It follows the version available in SUSE Linux Enterprise Desktop and the Maintenance Support version of Red Hat Enterprise Linux.

If you want to use Clang with the LibreOffice compiler plugins, the minimal version of Clang is 12.0.1. Since Xcode doesn't provide the compiler plugin headers, you have to compile your own Clang to use them on macOS.

You can find the TDF configure switches in the distro-configs/ directory.

To setup your initial build environment on Windows and macOS, we provide the LibreOffice Development Environment (LODE) scripts.

For more information see the build instructions for your platform in the TDF wiki.

The Important Bits of Code

Each module should have a README.md file inside it which has some degree of documentation for that module; patches are most welcome to improve those. We have those turned into a web page here:

https://docs.libreoffice.org/

However, there are two hundred modules, many of them of only peripheral interest for a specialist audience. So - where is the good stuff, the code that is most useful. Here is a quick overview of the most important ones:

ModuleDescription
sal/this provides a simple System Abstraction Layer
tools/this provides basic internal types: Rectangle, Color etc.
vcl/this is the widget toolkit library and one rendering abstraction
framework/UNO framework, responsible for building toolbars, menus, status bars, and the chrome around the document using widgets from VCL, and XML descriptions from /uiconfig/ files
sfx2/legacy core framework used by Writer/Calc/Draw: document model / load/save / signals for actions etc.
svx/drawing model related helper code, including much of Draw/Impress

Then applications

ModuleDescription
desktop/this is where the main() for the application lives, init / bootstrap. the name dates back to an ancient StarOffice that also drew a desktop
sw/Writer
sc/Calc
sd/Draw / Impress

There are several other libraries that are helpful from a graphical perspective:

ModuleDescription
basegfx/algorithms and data-types for graphics as used in the canvas
canvas/new (UNO) canvas rendering model with various backends
cppcanvas/C++ helper classes for using the UNO canvas
drawinglayer/View code to render drawable objects and break them down into primitives we can render more easily.

Rules for #include Directives (C/C++)

Use the "..." form if and only if the included file is found next to the including file. Otherwise, use the <...> form. (For further details, see the mail Re: C[++]: Normalizing include syntax ("" vs <>).)

The UNO API include files should consistently use double quotes, for the benefit of external users of this API.

loplugin:includeform (compilerplugins/clang/includeform.cxx) enforces these rules.

Finding Out More

Beyond this, you can read the README.md files, send us patches, ask on the mailing list libreoffice@lists.freedesktop.org (no subscription required) or poke people on IRC #libreoffice-dev on irc.libera.chat - we're a friendly and generally helpful mob. We know the code can be hard to get into at first, and so there are no silly questions.

SAST Tools

PVS-Studio - static analyzer for C, C++, C#, and Java code.