Bug 105017 - Crash when click a "New Theme..." in Gallery on detached SideBar
Summary: Crash when click a "New Theme..." in Gallery on detached SideBar
Status: VERIFIED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
5.3.0.0.alpha1+
Hardware: x86-64 (AMD64) All
: highest critical
Assignee: Not Assigned
URL:
Whiteboard: target:5.4.0 target:5.3.1
Keywords: bibisected, bisected, haveBacktrace, regression
: 105196 105946 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-12-31 09:49 UTC by baffclan
Modified: 2017-11-06 16:07 UTC (History)
5 users (show)

See Also:
Crash report or crash signature: ["vcl::Window::EnableInput(bool,bool)", "mergedlo.dll"]

Attachments
bt with symbols (7.13 KB, text/plain)
2016-12-31 10:46 UTC, Julien Nabet 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description baffclan 2016-12-31 09:49:09 UTC 
Crash when click a "New Theme..." in Gallery on detached SideBar

Steps to Reproduce:
1. Start LibreOffice
2. Create New Writer Document
3. Detach Side Bar
4. Click a "Gallery"
5. Click a "New Theme..."
6. Click again a "New Theme..."

Actual Results:
Crash a Libreoffice

Version: 5.3.0.1 (x64)
Build ID: 3b800451b1d0c48045de03b5b3c7bbbac87f20d9
CPU Threads: 4; OS Version: Windows 6.19; UI Render: default; Layout Engine: new; 
Locale: ja-JP (ja_JP); Calc: group

br-f088c261-d583-4385-b5cf-61ae9e44a031
br-fc37157e-daff-48df-a9c5-3964f2bfb012


Version: 5.4.0.0.alpha0+ (x64)
Build ID: 654b86cf3425d7a49b13a97e4b11223d43b9e86e
CPU Threads: 4; OS Version: Windows 6.19; UI Render: default; 
TinderBox: Win-x86_64@62-TDF, Branch:MASTER, Time: 2016-12-20_22:52:05
Locale: ja-JP (ja_JP); Calc: group

br-0b72d0f0-89ec-424f-877b-f261b7c9e3b4
br-afe34a6a-3b9a-4849-926e-edd1fef9add7


Related to :
bug 92062 : Crash When Click a 'New Theme...'/Gallery at Sidebar
bug 92064 is KeyID UI.
This bug is en-US, Ja-JP UI's.
Comment 1 Julien Nabet 2016-12-31 10:46:41 UTC 
Created attachment 130053 [details]
bt with symbols

On pc Debian x86-64 with master sources updated today, I could reproduce this.
Comment 2 Julien Nabet 2016-12-31 10:55:06 UTC 
The weird thing too is the fact that the first click doesn't create new gallery.
Comment 3 Julien Nabet 2016-12-31 15:13:44 UTC 
If I don't detach side bar, LO hangs when clicking first time on "New theme..."
Comment 4 Xisco Faulí 2017-01-02 22:16:15 UTC 
First it started crashing after:

author	Noel Grandin <noel@peralex.com>	2016-09-21 12:48:15 (GMT)
committer	Noel Grandin <noel.grandin@collabora.co.uk>	2016-10-27 06:08:30 (GMT)
commit eca5ea9f79181d45cd7fbabe2313617d3025818a (patch)
tree 10b5837fe04212349825742b38f5a37be9ce7009
parent bbd44f8f89839b5abb4ec6c7ea195431de5b2f48 (diff)
make the AbstractDialog stuff extend from VclReferenceBase
Because some stuff wants to multiple-inherit from VclAbstractDialog and
OutputDevice-subclasses, and we'd prefer to keep all the lifetime
management through a single smart pointer class (VclPtr)

The change in msgbox.cxx and window.cxx is to workaround a bug in
VS2013 to do with virtual inheritance and delegating constructors.

and then it changed to two clicks after:

author	Noel Grandin <noel.grandin@collabora.co.uk>	2016-11-10 10:53:02 (GMT)
committer	Noel Grandin <noel.grandin@collabora.co.uk>	2016-11-11 06:55:41 (GMT)
commit 78b4a1fb01af9ad3b3395a22f6e396be914b553e (patch)
tree 846fdaea907a70fdc274a1e76642ed5e06622c0d
parent 071e23fee07b92b8f07800cda3ca7e66afe818ae (diff)
update vclwidget loplugin to find ref-dropping assigment
Look for places where we are accidentally assigning a returned-by-value
VclPtr<T> to a T*, which generally ends up in a use-after-free.

Adding Cc: to Noel Grandin
Comment 5 Xisco Faulí 2017-01-09 10:09:39 UTC 
*** Bug 105196 has been marked as a duplicate of this bug. ***
Comment 6 Xisco Faulí 2017-01-09 10:43:52 UTC Comment hidden (obsolete)
Comment 8 Commit Notification 2017-01-14 08:49:11 UTC 
Noel Grandin committed a patch related to this issue.
It has been pushed to "libreoffice-5-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=0c1cd678f71e519f5a4e623d93442e046485005a&h=libreoffice-5-3

tdf#105017 Crash when click a "New Theme..." in Gallery on detached SideBar

It will be available in 5.3.0.2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 9 Julien Nabet 2017-01-15 00:00:36 UTC 
Let's put this one to FIXED now after Noel's fix on master and 5.3 branch.
Comment 10 baffclan 2017-01-15 11:54:24 UTC 
It is not Fixed.


Steps to Reproduce:
1. Start LibreOffice
2. Create New Writer Document
3. Detach Side Bar
4. Click a "Gallery"
5. Click a "New Theme..."
6. Nothing happened
7. Close detached Side Bar
8. Click [X] on Title bar, Nothing happened

Cannot exit LibO
hangup a LibO

Version: 5.4.0.0.alpha0+
Build ID: 99eed82939999d9a9689788a4134dd05d5c20c5a
CPU Threads: 4; OS Version: Windows 6.2; UI Render: default; 
TinderBox: Win-x86@62-merge-TDF, Branch:MASTER, Time: 2017-01-14_23:37:30
Locale: ja-JP (ja_JP); Calc: group
Comment 11 Xisco Faulí 2017-01-15 12:02:17 UTC 
(In reply to baffclan from comment #10)
> It is not Fixed.
> 
> 
> Steps to Reproduce:
> 1. Start LibreOffice
> 2. Create New Writer Document
> 3. Detach Side Bar
> 4. Click a "Gallery"
> 5. Click a "New Theme..."
> 6. Nothing happened
> 7. Close detached Side Bar
> 8. Click [X] on Title bar, Nothing happened
> 
> Cannot exit LibO
> hangup a LibO
> 
> Version: 5.4.0.0.alpha0+
> Build ID: 99eed82939999d9a9689788a4134dd05d5c20c5a
> CPU Threads: 4; OS Version: Windows 6.2; UI Render: default; 
> TinderBox: Win-x86@62-merge-TDF, Branch:MASTER, Time: 2017-01-14_23:37:30
> Locale: ja-JP (ja_JP); Calc: group

Confirmed.
In fact, if you go to Help - About LibreOffice after closing the detached Sidebar, LibreOffice crashes
Comment 12 Julien Nabet 2017-01-15 13:57:42 UTC 
Xisco/Baffclan: you're right indeed, sorry for this.
Comment 13 Commit Notification 2017-01-16 11:54:51 UTC 
Noel Grandin committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=cd9d8315141c3070f43e145ed4ee390e837eb73f

tdf#105017 Crash when click a "New Theme..." in Gallery on detached SideBar

It will be available in 5.4.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 14 Xisco Faulí 2017-01-16 16:00:59 UTC 
Verified in

Version: 5.4.0.0.alpha0+
Build ID: 36afb355ac37122d32d624db079def123ef548a2
CPU Threads: 4; OS Version: Linux 4.8; UI Render: default; VCL: gtk3; 
Locale: ca-ES (ca_ES.UTF-8); Calc: group

@Noel: Thank you for fixing this
Comment 15 Commit Notification 2017-01-17 11:38:28 UTC 
Noel Grandin committed a patch related to this issue.
It has been pushed to "libreoffice-5-3":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=4bde081f7ebaf3d6e489a50b287f82ccb14de224&h=libreoffice-5-3

tdf#105017 Crash when click a "New Theme..." in Gallery on detached SideBar

It will be available in 5.3.1.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 16 Julien Nabet 2017-02-12 14:42:31 UTC 
*** Bug 105946 has been marked as a duplicate of this bug. ***