Bug Hunting Session
Bug 103472 - Crash if select range name in box names and drag into sheet
Summary: Crash if select range name in box names and drag into sheet
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Calc (show other bugs)
Version:
(earliest affected)
5.2.2.2 release
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Caolán McNamara
URL:
Whiteboard: target:5.3.0 target:5.2.4
Keywords: haveBacktrace
Depends on:
Blocks:
 
Reported: 2016-10-24 17:33 UTC by Mauricio Baeza
Modified: 2016-11-14 09:27 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mauricio Baeza 2016-10-24 17:33:53 UTC
Description:
Wend select range into the box names, and we try drag and drop into sheet, Calc crash

Steps to Reproduce:
1. Select current range in box names
2. Drag into sheet
3. Drop

Actual Results:  
Crash Calc

Expected Results:
Calc not crash


Reproducible: Always

User Profile Reset: Yes

Additional Info:


User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0
Comment 1 Julien Nabet 2016-10-24 18:38:59 UTC
What do you call "box names"?
Comment 2 Mauricio Baeza 2016-10-24 18:43:59 UTC
You can see this image: http://storage6.static.itmages.com/i/16/1024/h_1477334645_2621781_baff5d8f37.png

Thanks
Comment 3 Mauricio Baeza 2016-10-24 18:55:51 UTC
I get trace log in ArchLinux


└──> soffice --calc --norestore
Application Error

Fatal exception: Signal 6
Stack:
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x39980)[0x7f2491c92980]
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x39af1)[0x7f2491c92af1]
/usr/lib/libc.so.6(+0x330b0)[0x7f249164c0b0]
/usr/lib/libc.so.6(gsignal+0xcf)[0x7f249164c04f]
/usr/lib/libc.so.6(abort+0x16a)[0x7f249164d47a]
/usr/lib/libreoffice/program/libvcllo.so(+0x46e99c)[0x7f248baaf99c]
/usr/lib/libreoffice/program/libvcllo.so(_ZN11Application5AbortERKN3rtl8OUStringE+0x9a)[0x7f248ba3302a]
/usr/lib/libreoffice/program/libsofficeapp.so(+0x1eaf4)[0x7f24919d7af4]
/usr/lib/libreoffice/program/libvcllo.so(+0x3f73b2)[0x7f248ba383b2]
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x156c2)[0x7f2491c6e6c2]
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x39aaf)[0x7f2491c92aaf]
/usr/lib/libc.so.6(+0x330b0)[0x7f249164c0b0]
/usr/lib/libreoffice/program/libvcllo.so(_ZN4Edit11dragDropEndERKN3com3sun4star12datatransfer3dnd19DragSourceDropEventE+0xa8)[0x7f248b861988]
/usr/lib/libreoffice/program/libvclplug_gtk3lo.so(+0x6dbac)[0x7f247846ebac]
/usr/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__OBJECTv+0x80)[0x7f2485f14000]
/usr/lib/libgobject-2.0.so.0(+0x101a4)[0x7f2485f111a4]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0xb2d)[0x7f2485f2b8bd]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_by_name+0x48b)[0x7f2485f2c45b]
/usr/lib/libgtk-3.so.0(+0x3a6e2d)[0x7f2477e97e2d]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x145)[0x7f2485f10f75]
/usr/lib/libgobject-2.0.so.0(+0x21f82)[0x7f2485f22f82]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0xe3c)[0x7f2485f2bbcc]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_by_name+0x48b)[0x7f2485f2c45b]
/usr/lib/libgdk-3.so.0(+0x651dc)[0x7f247785e1dc]
/usr/lib/libgdk-3.so.0(+0x36166)[0x7f247782f166]
/usr/lib/libgdk-3.so.0(+0x36b69)[0x7f247782fb69]
/usr/lib/libgdk-3.so.0(+0x67b42)[0x7f2477860b42]
/usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x2a7)[0x7f2485c33587]
/usr/lib/libglib-2.0.so.0(+0x4a7f0)[0x7f2485c337f0]
/usr/lib/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7f2485c3389c]
/usr/lib/libreoffice/program/libvclplug_gtk3lo.so(+0x3fde3)[0x7f2478440de3]
/usr/lib/libreoffice/program/libvcllo.so(_ZN11Application5YieldEv+0x51)[0x7f248ba33851]
/usr/lib/libreoffice/program/libvcllo.so(_ZN11Application7ExecuteEv+0x45)[0x7f248ba35cc5]
/usr/lib/libreoffice/program/libsofficeapp.so(+0x24b07)[0x7f24919ddb07]
/usr/lib/libreoffice/program/libvcllo.so(+0x3f8556)[0x7f248ba39556]
/usr/lib/libreoffice/program/libvcllo.so(_Z6SVMainv+0x22)[0x7f248ba39652]
/usr/lib/libreoffice/program/libsofficeapp.so(soffice_main+0x8a)[0x7f2491a0783a]
/usr/lib/libreoffice/program/soffice.bin[0x40064b]
/usr/lib/libc.so.6(__libc_start_main+0xf1)[0x7f2491639291]
/usr/lib/libreoffice/program/soffice.bin[0x40068a]
Comment 4 Mauricio Baeza 2016-10-24 18:58:41 UTC
Same error in Fedora 24 x64
Comment 5 Mauricio Baeza 2016-10-24 19:44:28 UTC
In Ubuntu 16.04 x64 work fine
Comment 6 Julien Nabet 2016-10-24 20:20:18 UTC
On pc Debian x86-64 with master sources updated today, I could reproduce this.
Thread 1 "soffice.bin" received signal SIGSEGV, Segmentation fault.
0x00002aaab3ef2aeb in Edit::dragDropEnd (this=0x35db500, rDSDE=...) at /home/julien/lo/libreoffice/vcl/source/control/edit.cxx:2875
2875	        Selection aSel( mpDDInfo->aDndStartSel );
(gdb) p rDSDE
$1 = (const 
    com::sun::star::datatransfer::dnd::DragSourceDropEvent &) @0x7fffffff3ae0: {<com::sun::star::datatransfer::dnd::DragSourceEvent> = {<com::sun::star::lang::EventObject> = {
      Source = empty uno::Reference}, DragSourceContext = empty uno::Reference, DragSource = empty uno::Reference}, DropAction = 2 '\002', DropSuccess = 1 '\001'}
(gdb) p mpDDInfo
$2 = (DDInfo *) 0x0
(gdb) bt
#0  0x00002aaab3ef2aeb in Edit::dragDropEnd (this=0x35db500, rDSDE=...) at /home/julien/lo/libreoffice/vcl/source/control/edit.cxx:2875
#1  0x00002aaab42b0e15 in vcl::unohelper::DragAndDropWrapper::dragDropEnd (this=0x35dbfa0, rDSDE=...) at /home/julien/lo/libreoffice/vcl/source/app/dndhelp.cxx:103
#2  0x00002aaac79c481f in GtkDragSource::dragEnd (this=0x26df650, context=0x3907cb0) at /home/julien/lo/libreoffice/vcl/unx/gtk3/gtk3gtkframe.cxx:4188
#3  0x00002aaac79c48b4 in GtkSalFrame::signalDragEnd (context=0x3907cb0, frame=0x2695e40) at /home/julien/lo/libreoffice/vcl/unx/gtk3/gtk3gtkframe.cxx:4197
Comment 7 Julien Nabet 2016-10-24 21:09:36 UTC
Edit::dragGestureRecognized (http://opengrok.libreoffice.org/xref/core/vcl/source/control/edit.cxx#2832) is called once, it allocates a DDInfo object to mpDDInfo.

But Edit::dragDropEnd (http://opengrok.libreoffice.org/xref/core/vcl/source/control/edit.cxx#2869) which deletes mpDDInfo and put it to nullPtr is called twice
1)
#0  Edit::dragDropEnd (this=0x35db3b0, rDSDE=...) at /home/julien/lo/libreoffice/vcl/source/control/edit.cxx:2881
#1  0x00002aaab42b0fd9 in vcl::unohelper::DragAndDropWrapper::dragDropEnd (this=0x35dbe50, rDSDE=...) at /home/julien/lo/libreoffice/vcl/source/app/dndhelp.cxx:103
#2  0x00002aaac79c4720 in GtkDragSource::dragDelete (this=0x26dbbc0) at /home/julien/lo/libreoffice/vcl/unx/gtk3/gtk3gtkframe.cxx:4172
#3  0x00002aaac79c47a3 in GtkSalFrame::signalDragDelete (frame=0x2695bb0) at /home/julien/lo/libreoffice/vcl/unx/gtk3/gtk3gtkframe.cxx:4180

2)
#0  Edit::dragDropEnd (this=0x35db3b0, rDSDE=...) at /home/julien/lo/libreoffice/vcl/source/control/edit.cxx:2881
#1  0x00002aaab42b0fd9 in vcl::unohelper::DragAndDropWrapper::dragDropEnd (this=0x35dbe50, rDSDE=...) at /home/julien/lo/libreoffice/vcl/source/app/dndhelp.cxx:103
#2  0x00002aaac79c481f in GtkDragSource::dragEnd (this=0x26dbbc0, context=0x3a2a1d0) at /home/julien/lo/libreoffice/vcl/unx/gtk3/gtk3gtkframe.cxx:4188
#3  0x00002aaac79c48b4 in GtkSalFrame::signalDragEnd (context=0x3a2a1d0, frame=0x2695bb0) at /home/julien/lo/libreoffice/vcl/unx/gtk3/gtk3gtkframe.cxx:4197
Comment 8 Julien Nabet 2016-10-25 07:31:42 UTC
Caolán: thought you might be interested in this one since bt shows vcl/gtk3.
I must recognize I don't know how signalDragDelete and signalDragEnd work.
So I don't know if situation described in my previous comment is normal.
Comment 9 Caolán McNamara 2016-10-25 08:33:10 UTC
hmm, seems we need to clear the listener on the first drag end and only dispatch the first one
Comment 10 Commit Notification 2016-10-25 08:41:04 UTC
Caolán McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=461e9cc64b5a6e9943db397d27c6415327386494

Resolves: tdf#103472 gtk3 dnd must clear listener after dragDropEnd dispatch

It will be available in 5.3.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 11 Caolán McNamara 2016-10-25 08:43:45 UTC
5-2 backport in gerrit too
Comment 12 Julien Nabet 2016-10-25 22:29:16 UTC
With master sources updated today, I don't reproduce the crash.
Thank you Caolán!
Comment 13 Mauricio Baeza 2016-10-28 01:44:08 UTC
Test in master today... now, work fine in ArchLinux. Very thanks.
Comment 14 Commit Notification 2016-11-14 09:27:05 UTC
Caolán McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-5-2":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=015061495373d7c09362b175dc1f6be3f2a37a1a&h=libreoffice-5-2

Resolves: tdf#103472 gtk3 dnd must clear listener after dragDropEnd dispatch

It will be available in 5.2.4.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.