101382 – CRASH - mailmerge wizard when creating from new document

Bug 101382 - CRASH - mailmerge wizard when creating from new document

Summary: CRASH - mailmerge wizard when creating from new document

Status:	VERIFIED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Writer (show other bugs)
Version: (earliest affected)	5.3.0.0.alpha0+
Hardware:	x86-64 (AMD64) All

Importance:	high critical
Assignee:	Caolán McNamara

URL:
Whiteboard:	target:5.3.0
Keywords:	haveBacktrace

Depends on:
Blocks:

Reported:	2016-08-08 10:04 UTC by Alex Thurgood
Modified:	2016-08-10 06:53 UTC (History)
CC List:	1 user (show)

See Also:
Crash report or crash signature:

Attachments
backtrace from lldb debugging session (10.71 KB, text/plain) 2016-08-08 10:05 UTC, Alex Thurgood	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Thurgood 2016-08-08 10:04:10 UTC

Teested on 

Version: 5.3.0.0.alpha0+
Build ID: 3e7a6544da370f641b21fd03a86a1c84d6ea6576
CPU Threads: 2; OS Version: Mac OS X 10.11.6; UI Render: default; 
Locale: fr-FR (fr.UTF-8); Calc: group

1) Open new Writer document
2) Tools > Mailmerge wizard
3) Choose "Create a new document" > "Next"
4) Close initial Writer document
4) Choose "Letter" > Next
5) Crash

* thread #1: tid = 0x54dd1d, 0x000000016b8d942d libswlo.dylib`SwMailMergeConfigItem::IsOutputToLetter() const + 45, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
    frame #0: 0x000000016b8d942d libswlo.dylib`SwMailMergeConfigItem::IsOutputToLetter() const + 45
libswlo.dylib`SwMailMergeConfigItem::IsOutputToLetter:
->  0x16b8d942d <+45>: testb  $0x1, 0xc6(%rcx)
    0x16b8d9434 <+52>: movq   %rdi, -0x28(%rbp)
    0x16b8d9438 <+56>: movb   %al, -0x29(%rbp)
    0x16b8d943b <+59>: jne    0x16b8d944f               ; <+79>

Comment 1 Alex Thurgood 2016-08-08 10:05:53 UTC

Created attachment 126667 [details]
backtrace from lldb debugging session

Comment 2 Alex Thurgood 2016-08-08 10:11:35 UTC

The problem seems to lie in disposing of the original Writer document.

Process 80733 stopped
* thread #1: tid = 0x54f78d, 0x00000001695b65c0 libswlo.dylib`com::sun::star::uno::BaseReference::is() const + 16, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x5a)
    frame #0: 0x00000001695b65c0 libswlo.dylib`com::sun::star::uno::BaseReference::is() const + 16
libswlo.dylib`com::sun::star::uno::BaseReference::is:
->  0x1695b65c0 <+16>: cmpq   (%rdi), %rcx
    0x1695b65c3 <+19>: setne  %dl
    0x1695b65c6 <+22>: andb   $0x1, %dl
    0x1695b65c9 <+25>: movzbl %dl, %eax

Comment 3 Alex Thurgood 2016-08-08 10:14:59 UTC

(In reply to Alex Thurgood from comment #0)
> Teested on 
> 
> Version: 5.3.0.0.alpha0+
> Build ID: 3e7a6544da370f641b21fd03a86a1c84d6ea6576
> CPU Threads: 2; OS Version: Mac OS X 10.11.6; UI Render: default; 
> Locale: fr-FR (fr.UTF-8); Calc: group
> 
> 1) Open new Writer document
> 2) Tools > Mailmerge wizard
> 3) Choose "Create a new document" > "Next"
> 4) Close initial Writer document
> 4) Choose "Letter" > Next
> 5) Crash
> 
> * thread #1: tid = 0x54dd1d, 0x000000016b8d942d
> libswlo.dylib`SwMailMergeConfigItem::IsOutputToLetter() const + 45, queue =
> 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
>     frame #0: 0x000000016b8d942d
> libswlo.dylib`SwMailMergeConfigItem::IsOutputToLetter() const + 45
> libswlo.dylib`SwMailMergeConfigItem::IsOutputToLetter:
> ->  0x16b8d942d <+45>: testb  $0x1, 0xc6(%rcx)
>     0x16b8d9434 <+52>: movq   %rdi, -0x28(%rbp)
>     0x16b8d9438 <+56>: movb   %al, -0x29(%rbp)
>     0x16b8d943b <+59>: jne    0x16b8d944f               ; <+79>

The above was actually obtained by closing the initial Writer document after moving to Step 3 and then pressing the "Back" button. See below in comment 2 for the lldb output when repeating steps of initial post.

Comment 4 Alex Thurgood 2016-08-08 10:15:38 UTC

The result is the same in both cases however, a GPFLT.

Comment 5 Buovjaga 2016-08-08 10:16:12 UTC

Repro.

Win 7 Pro 64-bit Version: 5.3.0.0.alpha0+ (x64)
Build ID: f4d0818cd21f66b0d7f36f820fcf1b72e506e026
CPU Threads: 4; OS Version: Windows 6.1; UI Render: default; 
TinderBox: Win-x86_64@62-TDF, Branch:MASTER, Time: 2016-08-07_09:21:35
Locale: fi-FI (fi_FI); Calc: CL

Comment 6 Caolán McNamara 2016-08-09 14:03:20 UTC

https://cgit.freedesktop.org/libreoffice/core/commit/?id=7b355ad06e11bd81ce15f2a08044d6bbfae59131 should fix this

Comment 7 Buovjaga 2016-08-09 17:54:43 UTC

Verifying fix.

Arch Linux 64-bit, KDE Plasma 5
Version: 5.3.0.0.alpha0+
Build ID: 5d8639aaf2f60157c99c3ee3a8bfa78e4efd010a
CPU Threads: 8; OS Version: Linux 4.6; UI Render: default; 
Locale: fi-FI (fi_FI.UTF-8); Calc: group
Built on August 9th 2016

Comment 8 Commit Notification 2016-08-09 19:38:06 UTC

Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=7b355ad06e11bd81ce15f2a08044d6bbfae59131

Resolves: tdf#101382 turn SetMailMergeConfigItem into a shared_ptr

It will be available in 5.3.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 9 Alex Thurgood 2016-08-10 06:53:06 UTC

Verifying fix on 

Version: 5.3.0.0.alpha0+
Build ID: 3a668616968dbce778c54ec56847828efa7bdb6d
CPU Threads: 2; OS Version: Mac OS X 10.11.6; UI Render: default; 
Locale: fr-FR (fr.UTF-8); Calc: group