Bug 104830 - Crash when exiting Writer after copying to clipboard
Summary: Crash when exiting Writer after copying to clipboard
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
5.2.4.1 rc
Hardware: All Windows (All)
: highest critical
Assignee: Not Assigned
URL:
Whiteboard: target:5.4.0 target:5.3.0.2 target:5.2.5
Keywords: bibisected, bisected, haveBacktrace, regression
: 104399 105129 105157 105169 105287 105332 105474 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-12-21 08:52 UTC by Stephan Bergmann
Modified: 2018-03-21 14:57 UTC (History)
13 users (show)

See Also:
Crash report or crash signature: ["SfxBaseModel::getArgs()"]

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Bergmann 2016-12-21 08:52:54 UTC 
At least with a recent master dbgutil build on Windows:  Open Writer, type some text, mark some text, Ctrl-C to copy it, exit LO (confirm "Don't save"), crash at

> sfxlo.dll!SfxInterface::Register(SfxModule * pMod) Line 119	C++
> sfxlo.dll!SfxApplication::RegisterInterface(SfxModule * pMod) Line 91	C++
> sfxlo.dll!SfxApplication::Registrations_Impl() Line 46	C++
> sfxlo.dll!SfxApplication::Initialize_Impl() Line 252	C++
> sfxlo.dll!SfxApplication::GetOrCreate() Line 158	C++
> sfxlo.dll!SfxGetpApp() Line 252	C++
> sfxlo.dll!SfxSlotPool::GetSlotPool(SfxViewFrame * pFrame) Line 307	C++
> sfxlo.dll!TransformItems(unsigned short nSlotId, const SfxItemSet & rSet, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & rArgs, const SfxSlot * pSlot) Line 914	C++
> sfxlo.dll!SfxBaseModel::getArgs() Line 965	C++
> swlo.dll!SwXTextDocument::getArgs() Line 592	C++
> ucptdoc1lo.dll!tdoc_ucp::OfficeDocumentsManager::isDocumentPreview(const com::sun::star::uno::Reference<com::sun::star::frame::XModel> & xModel) Line 586	C++
> ucptdoc1lo.dll!tdoc_ucp::OfficeDocumentsManager::isOfficeDocument(const com::sun::star::uno::Reference<com::sun::star::uno::XInterface> & xDoc) Line 697	C++
> ucptdoc1lo.dll!tdoc_ucp::OfficeDocumentsManager::documentEventOccured(const com::sun::star::document::DocumentEvent & Event) Line 251	C++
> ucptdoc1lo.dll!tdoc_ucp::OfficeDocumentsManager::OfficeDocumentsCloseListener::notifyClosing(const com::sun::star::lang::EventObject & Source) Line 76	C++
> sfxlo.dll!SfxBaseModel::close(unsigned char bDeliverOwnership) Line 1368	C++
> swlo.dll!SwXTextDocument::close(unsigned char bDeliverOwnership) Line 615	C++
> sfxlo.dll!SfxObjectShell::CloseInternal() Line 412	C++
> sfxlo.dll!SfxObjectShell::Close() Line 393	C++
> sfxlo.dll!SfxObjectShell::DoClose() Line 845	C++
> swlo.dll!SwTransferable::~SwTransferable() Line 262	C++
> [External Code]
> cppuhelper3MSC.dll!cppu::OWeakObject::release() Line 233	C++
> svtlo.dll!cppu::WeakImplHelper<com::sun::star::datatransfer::XTransferable2,com::sun::star::datatransfer::clipboard::XClipboardOwner,com::sun::star::datatransfer::dnd::XDragSourceListener,com::sun::star::lang::XUnoTunnel>::release() Line 113	C++
> sysdtrans.dll!com::sun::star::uno::Reference<com::sun::star::datatransfer::XTransferable>::set(com::sun::star::datatransfer::XTransferable * pInterface) Line 239	C++
> sysdtrans.dll!`anonymous namespace'::AsyncDereference::notify(const com::sun::star::uno::Any & __formal) Line 107	C++
> tklo.dll!`anonymous namespace'::AsyncCallback::Notify_Impl(`anonymous-namespace'::AsyncCallback * __formal, void * p) Line 106	C++
> tklo.dll!`anonymous namespace'::AsyncCallback::LinkStubNotify_Impl(void * instance, void * data) Line 98	C++
> vcllo.dll!Link<void * __ptr64,void>::Call(void * data) Line 84	C++
> vcllo.dll!ImplHandleUserEvent(ImplSVEvent * pSVEvent) Line 1958	C++
> vcllo.dll!ImplWindowFrameProc(vcl::Window * _pWindow, SalEvent nEvent, const void * pEvent) Line 2506	C++
> vcllo.dll!SalFrame::CallCallback(SalEvent nEvent, const void * pEvent) Line 276	C++
> vcllo.dll!ImplHandleUserEvent(HWND__ * hWnd, __int64 lParam) Line 4120	C++
> vcllo.dll!SalFrameWndProc(HWND__ * hWnd, unsigned int nMsg, unsigned __int64 wParam, __int64 lParam, int & rDef) Line 5783	C++
> vcllo.dll!SalFrameWndProcW(HWND__ * hWnd, unsigned int nMsg, unsigned __int64 wParam, __int64 lParam) Line 5916	C++
> [External Code]
> vcllo.dll!ImplSalDispatchMessage(tagMSG * pMsg) Line 575	C++
> vcllo.dll!ImplSalYield(bool bWait, bool bHandleAllCurrentEvents) Line 594	C++
> vcllo.dll!WinSalInstance::DoYield(bool bWait, bool bHandleAllCurrentEvents, unsigned __int64 nReleased) Line 657	C++
> vcllo.dll!ImplYield(bool i_bWait, bool i_bAllEvents, const unsigned __int64 nReleased) Line 506	C++
> vcllo.dll!Application::Yield() Line 552	C++
> vcllo.dll!Application::Execute() Line 468	C++
> sofficeapp.dll!desktop::Desktop::DoExecute() Line 1364	C++
> sofficeapp.dll!desktop::Desktop::Main() Line 1683	C++
> vcllo.dll!ImplSVMain() Line 185	C++
> vcllo.dll!SVMain() Line 224	C++
> sofficeapp.dll!soffice_main() Line 166	C++
> soffice.bin!sal_main() Line 48	C
> soffice.bin!main(int argc, char * * argv) Line 47	C
> soffice.bin!WinMain(void * _hinst, void * _dummy, char * _cmdline, int _nshow) Line 47	C
> [External Code]

where the SfxInterface in the topmost frame is apparently already dead (content overwritten with 0xDD).

Does not happen at least on Linux with vclplug_gtk3, where call to ~SwTransferable happens synchronously at

> SwTransferable::~SwTransferable() (this=0x7fff7d640c00) at sw/source/uibase/dochdl/swdtflvr.cxx:237
> cppu::OWeakObject::release() (this=0x7fff7d640c00) at cppuhelper/source/weak.cxx:233
> cppu::WeakImplHelper<com::sun::star::datatransfer::XTransferable2, com::sun::star::datatransfer::clipboard::XClipboardOwner, com::sun::star::datatransfer::dnd::XDragSourceListener, com::sun::star::lang::XUnoTunnel>::release() (this=0x7fff7d640c00) at include/cppuhelper/implbase.hxx:113
> com::sun::star::uno::Reference<com::sun::star::datatransfer::clipboard::XClipboardOwner>::~Reference() (this=0x7fffffffb448) at include/com/sun/star/uno/Reference.hxx:110
> VclGtkClipboard::setContents(com::sun::star::uno::Reference<com::sun::star::datatransfer::XTransferable> const&, com::sun::star::uno::Reference<com::sun::star::datatransfer::clipboard::XClipboardOwner> const&) (this=0x7fff8c07f540, xTrans=empty uno::Reference, xClipboardOwner=empty uno::Reference) at vcl/unx/gtk3/gtk3gtkinst.cxx:648
> TransferableHelper::ClearSelection(vcl::Window*) (pWindow=0x1bc3290) at svtools/source/misc/transfer.cxx:1004
> SwTransferable::ClearSelection(SwWrtShell&, SwFrameShell const*) (rSh=..., _pCreatorView=0x0) at sw/source/uibase/dochdl/swdtflvr.cxx:3580
> SwWrtShell::~SwWrtShell() (this=0x1bcf990) at sw/source/uibase/wrtsh/wrtsh1.cxx:1670
> SwWrtShell::~SwWrtShell() (this=0x1bcf990) at sw/source/uibase/wrtsh/wrtsh1.cxx:1664
> SwView::~SwView() (this=0x1bc2a70) at sw/source/uibase/uiview/view.cxx:1050
> SwView::~SwView() (this=0x1bc2a70) at sw/source/uibase/uiview/view.cxx:1016
> SfxViewFrame::ReleaseObjectShell_Impl() (this=0x1bb9ba0) at sfx2/source/view/viewfrm.cxx:1018
> SfxViewFrame::~SfxViewFrame() (this=0x1bb9ba0) at sfx2/source/view/viewfrm.cxx:1405
> SfxViewFrame::~SfxViewFrame() (this=0x1bb9ba0) at sfx2/source/view/viewfrm.cxx:1399
> SfxViewFrame::Close() (this=0x1bb9ba0) at sfx2/source/view/viewfrm.cxx:1070
> SfxFrame::DoClose_Impl() (this=0x1a8e080) at sfx2/source/view/frame.cxx:161
> SfxBaseController::dispose() (this=0x7fffc410ac28) at sfx2/source/view/sfxbasecontroller.cxx:1029
> (anonymous namespace)::Frame::setComponent(com::sun::star::uno::Reference<com::sun::star::awt::XWindow> const&, com::sun::star::uno::Reference<com::sun::star::frame::XController> const&) (this=0x7fffc465cf38, xComponentWindow=empty uno::Reference, xController=empty uno::Reference) at framework/source/services/frame.cxx:1586
> (anonymous namespace)::Frame::close(unsigned char) (this=0x7fffc465cf38, bDeliverOwnership=0 '\000') at framework/source/services/frame.cxx:1801
> framework::Desktop::impl_closeFrames(bool) (this=0x7fffccdf96b0, bAllowUI=true) at framework/source/services/desktop.cxx:1698
> framework::Desktop::terminate() (this=0x7fffccdf96b0) at framework/source/services/desktop.cxx:230
> framework::CloseDispatcher::implts_terminateApplication() (this=0x7fff7d6427a8) at framework/source/dispatch/closedispatcher.cxx:562
> framework::CloseDispatcher::impl_asyncCallback(LinkParamNone*) (this=0x7fff7d6427a8) at framework/source/dispatch/closedispatcher.cxx:410
> framework::CloseDispatcher::LinkStubimpl_asyncCallback(void*, LinkParamNone*) (instance=0x7fff7d6427a8, data=0x0) at framework/source/dispatch/closedispatcher.cxx:254
> Link<LinkParamNone*, void>::Call(LinkParamNone*) const (this=0x1530aa8, data=0x0) at include/tools/link.hxx:84
> vcl::EventPoster::DoEvent_Impl(void*) (this=0x1530aa0) at vcl/source/helper/evntpost.cxx:52
> vcl::EventPoster::LinkStubDoEvent_Impl(void*, void*) (instance=0x1530aa0, data=0x0) at vcl/source/helper/evntpost.cxx:48
> Link<void*, void>::Call(void*) const (this=0x6c4aeb8, data=0x0) at include/tools/link.hxx:84
> ImplHandleUserEvent(ImplSVEvent*) (pSVEvent=0x6c4aeb0) at vcl/source/window/winproc.cxx:1955
> ImplWindowFrameProc(vcl::Window*, SalEvent, void const*) (_pWindow=0x196f7c0, nEvent=SalEvent::UserEvent, pEvent=0x6c4aeb0) at vcl/source/window/winproc.cxx:2505
> SalFrame::CallCallback(SalEvent, void const*) const (this=0x19701e0, nEvent=SalEvent::UserEvent, pEvent=0x6c4aeb0) at vcl/inc/salframe.hxx:276
> SalGenericDisplay::DispatchInternalEvent() (this=0x15f87b0) at vcl/unx/generic/app/gendisp.cxx:86
> GtkData::userEventFn(void*) (data=0x73e280) at vcl/unx/gtk3/gtk3gtkdata.cxx:811
> call_userEventFn(void*) (data=0x73e280) at vcl/unx/gtk3/gtk3gtkdata.cxx:821
> g_main_context_dispatch (context=0x63a4b0) at gmain.c:3154
> g_main_context_dispatch (context=context@entry=0x63a4b0) at gmain.c:3769
> g_main_context_iterate (context=context@entry=0x63a4b0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3840
> g_main_context_iteration (context=0x63a4b0, may_block=1) at gmain.c:3901
> GtkData::Yield(bool, bool) (this=0x73e280, bWait=true, bHandleAllCurrentEvents=false) at vcl/unx/gtk3/gtk3gtkdata.cxx:467
> GtkInstance::DoYield(bool, bool, unsigned long) (this=0x73e3e0, bWait=true, bHandleAllCurrentEvents=false, nReleased=0) at vcl/unx/gtk3/../gtk/gtkinst.cxx:427
> ImplYield(bool, bool, unsigned long) (i_bWait=true, i_bAllEvents=false, nReleased=0) at vcl/source/app/svapp.cxx:504
> Application::Yield() () at vcl/source/app/svapp.cxx:551
> Application::Execute() () at vcl/source/app/svapp.cxx:468
> desktop::Desktop::DoExecute() () at desktop/source/app/app.cxx:1356
> desktop::Desktop::Main() (this=0x7fffffffe1d8) at desktop/source/app/app.cxx:1683
> ImplSVMain() () at vcl/source/app/svmain.cxx:185
> SVMain() () at vcl/source/app/svmain.cxx:223
> soffice_main() () at desktop/source/app/sofficemain.cxx:166
> sal_main () at desktop/source/app/main.c:48
> main (argc=2, argv=0x7fffffffe518) at desktop/source/app/main.c:47
Comment 1 Xisco Faulí 2016-12-21 09:49:27 UTC 
Confirmed in

Version: 5.4.0.0.alpha0+
Build ID: 53edf60c4ce6ed32f87471e018878c40b788005a
CPU Threads: 1; OS Version: Windows 6.1; UI Render: default; 
TinderBox: Win-x86@42, Branch:master, Time: 2016-12-18_06:57:59
Locale: es-ES (es_ES); Calc: group
Comment 2 Xisco Faulí 2017-01-06 16:59:17 UTC 
Still reproducible in

Version: 5.4.0.0.alpha0+
Build ID: 6bd7451ecd66417a4e8b8dff3874c15ba4d1536e
CPU Threads: 1; OS Version: Windows 6.1; UI Render: default; 
TinderBox: Win-x86@42, Branch:master, Time: 2017-01-05_23:24:16
Locale: es-ES (es_ES); Calc: group
Comment 3 Telesto 2017-01-08 20:43:07 UTC 
Found in
Versie: 5.2.4.1 
Build ID: 9b50003582f07ac674d6451e411e9b77cccd2b22
CPU Threads: 4; Versie besturingssysteem:Windows 6.2; UI Render: standaard; 
Locale: nl-NL (nl_NL); Calc: CL

but not in
Versie: 5.2.2.1 
Build ID: 3c2231d4aa4c68281f28ad35a100c092cff84f5d
CPU Threads: 4; Versie besturingssysteem:Windows 6.2; UI Render: standaard; 
Locale: nl-NL (nl_NL); Calc: CL
Comment 5 Aron Budea 2017-01-08 22:21:55 UTC Comment hidden (bibisection)
Comment 6 Aron Budea 2017-01-08 22:23:42 UTC 
The crash originated from the commit referenced below. Adding Cc: to Tomaž Vajngerl, please take a look.

https://cgit.freedesktop.org/libreoffice/core/commit/?id=c53cf1dfc5eacd8fee6b2b549ec6b59ad927e01c
author		Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk>	2016-11-23 16:01:46 (GMT)
committer	Tomaž Vajngerl <quikee@gmail.com>	2016-11-24 14:26:30 (GMT)

"tdf#103852 avoid clipboard deadlock"
Comment 7 Aron Budea 2017-01-08 22:37:39 UTC 
Ok, so apparently Markus is working on this.
Comment 8 Markus Mohrhard 2017-01-09 05:03:06 UTC 
*** Bug 104399 has been marked as a duplicate of this bug. ***
Comment 9 Michael Meeks 2017-01-09 09:20:47 UTC 
This should be fixed by:

commit cdd309c23de58af306450edfac5d3e74e5c2a913
Author: Markus Mohrhard <markus.mohrhard@googlemail.com>
Date:   Thu Dec 29 00:52:09 2016 +0100

    process all outstanding events before shutdown, tdf#104969, tdf#104286, tdf#104399
    
Please re-test a recent 5.2 or 5.3 build =)
Comment 10 Xisco Faulí 2017-01-09 09:23:19 UTC 
(In reply to Michael Meeks from comment #9)
> This should be fixed by:
> 
> commit cdd309c23de58af306450edfac5d3e74e5c2a913
> Author: Markus Mohrhard <markus.mohrhard@googlemail.com>
> Date:   Thu Dec 29 00:52:09 2016 +0100
> 
>     process all outstanding events before shutdown, tdf#104969, tdf#104286,
> tdf#104399
>     
> Please re-test a recent 5.2 or 5.3 build =)

Hi Michael,

as I said in comment 2, it's still reproducible after that commit.

Version: 5.4.0.0.alpha0+
Build ID: 6bd7451ecd66417a4e8b8dff3874c15ba4d1536e
CPU Threads: 1; OS Version: Windows 6.1; UI Render: default; 
TinderBox: Win-x86@42, Branch:master, Time: 2017-01-05_23:24:16
Locale: es-ES (es_ES); Calc: group
Comment 11 Markus Mohrhard 2017-01-09 09:31:28 UTC 
(In reply to Michael Meeks from comment #9)
> This should be fixed by:
> 
> commit cdd309c23de58af306450edfac5d3e74e5c2a913
> Author: Markus Mohrhard <markus.mohrhard@googlemail.com>
> Date:   Thu Dec 29 00:52:09 2016 +0100
> 
>     process all outstanding events before shutdown, tdf#104969, tdf#104286,
> tdf#104399
>     
> Please re-test a recent 5.2 or 5.3 build =)

That commit moves the crash a bit earlier but as writer registers a termination listener destroys itself much earlier than calc and impress. So writer still crashes most of the time but the patch to move that a bit later fixes that problem.

Additionally it will help with cases where another termination listener calls into sw.
Comment 12 Commit Notification 2017-01-10 13:25:09 UTC 
Markus Mohrhard committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=ad915fafd54f9115faea7147f82d80a942af2d68

tdf#104830, need an own termination listener for lib objects

It will be available in 5.4.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 13 Xisco Faulí 2017-01-10 18:11:17 UTC 
*** Bug 105169 has been marked as a duplicate of this bug. ***
Comment 14 Commit Notification 2017-01-10 21:23:22 UTC 
Markus Mohrhard committed a patch related to this issue.
It has been pushed to "libreoffice-5-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=d1b8074ffe4b945a41e3ad9e1fb43332d78d73fb&h=libreoffice-5-3

tdf#104830, need an own termination listener for lib objects

It will be available in 5.3.0.2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 15 Aron Budea 2017-01-11 02:10:58 UTC 
No crash anymore. Looking good. :)

Version: 5.4.0.0.alpha0+
Build ID: db4badfc971b9cc60809c3408f579bae04a77c34
CPU Threads: 4; OS Version: Windows 6.1; UI Render: GL; 
TinderBox: Win-x86@42, Branch:master, Time: 2017-01-10_23:25:07
Locale: hu-HU (hu_HU); Calc: CL
Comment 16 Commit Notification 2017-01-11 19:39:49 UTC 
Markus Mohrhard committed a patch related to this issue.
It has been pushed to "libreoffice-5-2":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=2f0020ba056e2b523c487dc42b40f0e4b9f9a9b0&h=libreoffice-5-2

tdf#104830, need an own termination listener for lib objects

It will be available in 5.2.5.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 17 Xisco Faulí 2017-01-12 15:48:42 UTC 
*** Bug 105287 has been marked as a duplicate of this bug. ***
Comment 18 Xisco Faulí 2017-01-22 11:42:09 UTC 
*** Bug 105474 has been marked as a duplicate of this bug. ***
Comment 19 Xisco Faulí 2017-01-22 11:42:41 UTC 
*** Bug 105332 has been marked as a duplicate of this bug. ***
Comment 20 Xisco Faulí 2017-01-22 11:43:27 UTC 
*** Bug 105157 has been marked as a duplicate of this bug. ***
Comment 21 Xisco Faulí 2017-03-08 09:32:49 UTC 
*** Bug 106424 has been marked as a duplicate of this bug. ***
Comment 22 Xisco Faulí 2017-07-11 08:33:32 UTC 
*** Bug 105129 has been marked as a duplicate of this bug. ***
Comment 23 Timur 2018-03-21 14:57:08 UTC 
I had http://crashreport.libreoffice.org/stats/crash_details/4a1db82e-6bc0-4060-8e0e-f57c3ab49e20 with LO Version: 5.3.7.2 that's supposed to be fixed.
http://crashreport.libreoffice.org/stats/signature/SfxBaseModel::getArgs%28%29 shows other crashes for fixed versions, albeit less than before.