Bug 113755 - Crash in: SfxSlotPool::GetSlotPool(SfxViewFrame *) from 5.4.0, even 5.3.6 in Windows (no steps)
Summary: Crash in: SfxSlotPool::GetSlotPool(SfxViewFrame *) from 5.4.0, even 5.3.6 in ...
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
5.4.0.3 release
Hardware: All Windows (All)
: high major
Assignee: Not Assigned
URL:
Whiteboard: target:6.1.0 target:6.0.1 target:6.0....
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-10 11:38 UTC by m.a.riosv
Modified: 2021-05-12 09:02 UTC (History)
3 users (show)

See Also:
Crash report or crash signature: ["SfxSlotPool::GetSlotPool(SfxViewFrame *)"]


Attachments
some rough notes / code-reading. (6.84 KB, text/plain)
2018-01-16 12:10 UTC, Michael Meeks
Details
more notes ... (13.67 KB, text/plain)
2018-01-16 15:42 UTC, Michael Meeks
Details

Note You need to log in before you can comment on or make changes to this bug.
Description m.a.riosv 2017-11-10 11:38:19 UTC
This bug was filed from the crash reporting server and is br-205cd92e-417d-4dbc-808d-1da1ef0579b6.
=========================================
Saving a file
Version: 5.4.3.2 (x64)
Build ID: 92a7159f7e4af62137622921e809f8546db437e5
CPU threads: 4; OS: Windows 6.19; UI render: default; 
Locale: es-ES (es_ES); Calc: group

OpenGL.log
DriverVersion: 21.20.16.4550
DriverDate: 11-11-2016
DeviceID: PCI\VEN_8086&DEV_5916&SUBSYS_380117AA&REV_02
AdapterVendorID: 0x8086
AdapterDeviceID: 0x5916
AdapterSubsysID: 0x380117aa
DeviceKey: System\CurrentControlSet\Control\Video\{8CD6695F-B514-11E7-B258-B5AD865BD680}\0001
DeviceString: Intel(R) HD Graphics 620
Comment 1 Xisco Faulí 2017-11-10 13:48:06 UTC
Do you know the steps to reproduce this issue?
Comment 2 m.a.riosv 2017-11-10 15:31:52 UTC
No I think it was saving a writer file with password. But it didn't happen again.
Comment 3 Dieter 2017-11-12 16:41:36 UTC
I'm not a developer, but I assume, that it is almost impossible to reproduce this bug without further informations. So I propose to close this bug and to reopen it, if it happens again and you can give some more informations. Do you agree?
Comment 4 Timur 2017-11-14 17:08:09 UTC
https://crashreport.libreoffice.org/stats/signature/SfxSlotPool::GetSlotPool%28SfxViewFrame%20*%29
4204 similar reports! For me it's like confirmation.
Comment 5 Xisco Faulí 2017-11-15 09:15:12 UTC
(In reply to m.a.riosv from comment #2)
> No I think it was saving a writer file with password. But it didn't happen
> again.

Do you think there was something in the clipboard when you tried to save the document ?
Comment 6 m.a.riosv 2017-11-16 00:02:38 UTC
Who knows?
Comment 7 Telesto 2018-01-15 14:58:07 UTC
Any relation with bug 100270 ?
Comment 8 Timur 2018-01-16 08:47:37 UTC Comment hidden (obsolete)
Comment 9 Xisco Faulí 2018-01-16 09:22:26 UTC
(In reply to Timur from comment #8)
> It's 10650 reports now, latest for LO 6.0. 
> Xisco, in my view, cases like this should be discussed at ESC, maybe as
> "Most Pressing Bugs". 
> And to have it in written: rules for keeping this open and confirmed, is a
> number of reports enough and can this ever be resolved like this, only with
> reports.

It has been already mentioned in ESC meeting in the crash reporter section.
Comment 10 Michael Meeks 2018-01-16 12:10:58 UTC
Created attachment 139127 [details]
some rough notes / code-reading.

Not sure that bug is a duplicate no; but I spent a little while chasing this one down. It -looks- from ptr arithmetic from the 0x14 crash-site, as if (somehow) we have a NULL SfxApplication - rather odd. Need to chase further. The crash happens during shutdown.
Comment 11 Michael Meeks 2018-01-16 15:41:33 UTC
Something of a hack here: https://gerrit.libreoffice.org/48007 may help - hard to say since we can't reproduce this easily. Possibly it only shows on very busy machines where the user events are not processed fully before save (or something) =)
Comment 12 Michael Meeks 2018-01-16 15:42:49 UTC
Created attachment 139132 [details]
more notes ...

Actually - having a large number of writer windows open - perhaps with some floating windows too and then exiting -might- be enough to trigger this - if someone wants to play =)
Comment 13 Commit Notification 2018-01-16 20:26:27 UTC
Michael Meeks committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=ad7e6339e5e5cf465a2ef25442099eb59f1a0deb

tdf#113755 - avoid null ptr de-reference during shutdown.

It will be available in 6.1.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 14 Timur 2018-01-17 08:16:44 UTC
From https://wiki.documentfoundation.org/Releases/5.3.6/RC1 looks like Caolan had some patches for  null deref.
Comment 15 Timur 2018-01-19 08:00:59 UTC Comment hidden (obsolete)
Comment 16 Michael Meeks 2018-01-19 09:55:21 UTC
I back-ported to 6-0 but no 2nd review (yet): https://gerrit.libreoffice.org/48013

> looks like Caolan had some patches for  null deref.

It is a favourite programmers hobby de-referencing null =)

> And please comment on my previous message, what are "ofz".

OFZ ? =)
Comment 17 Xisco Faulí 2018-01-19 09:59:08 UTC
(In reply to Timur from comment #15)
> Michael, do you think it's safe to backport to 6.0 so we can track reports
> if they reoccur?
> And please comment on my previous message, what are "ofz".

Hi Timur,
The backport to 6-0 is waiting for review in https://gerrit.libreoffice.org/#/c/48013/ and I've just cherry-picked it to 6-0-0 as well -> https://gerrit.libreoffice.org/#/c/48179/.

'ofz' stands for oss-fuzz: https://github.com/google/oss-fuzz
Comment 18 Commit Notification 2018-01-24 16:21:26 UTC
Michael Meeks committed a patch related to this issue.
It has been pushed to "libreoffice-6-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=a747dfef9c723808e12e802a2cc2f5688ab255fa&h=libreoffice-6-0

tdf#113755 - avoid null ptr de-reference during shutdown.

It will be available in 6.0.1.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 19 Commit Notification 2018-01-24 20:26:44 UTC
Michael Meeks committed a patch related to this issue.
It has been pushed to "libreoffice-6-0-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=877d94e5e90bf6599a30aa33e8504e4bcd332654&h=libreoffice-6-0-0

tdf#113755 - avoid null ptr de-reference during shutdown.

It will be available in 6.0.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 20 Xisco Faulí 2018-02-01 14:53:54 UTC
It seems the crash is no longer reported in http://crashreport.libreoffice.org/stats/version/6.0.0.3.
@Michael Meeks, i guess we can close it as RESOLVED FIXED now.
backported to 5-4 branch -> https://gerrit.libreoffice.org/#/c/49103/
Comment 21 Commit Notification 2018-02-13 21:01:55 UTC
Michael Meeks committed a patch related to this issue.
It has been pushed to "libreoffice-5-4":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=615f4846751fb669ea28cc092eadfd3842ab3220&h=libreoffice-5-4

tdf#113755 - avoid null ptr de-reference during shutdown.

It will be available in 5.4.6.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 22 Xisco Faulí 2018-02-20 10:59:16 UTC
A polite ping to Michael Meeks: Could you please close it as RESOLVED FIXED ? Thanks
Comment 23 Timur 2018-02-20 15:12:58 UTC
(In reply to Xisco Faulí from comment #20)
> It seems the crash is no longer reported in
> http://crashreport.libreoffice.org/stats/version/6.0.0.3.
Bug summary lists 4 reports for 6.0.0.3 and 2 for 6.0.1.1.
Comment 24 Timur 2018-06-18 09:21:37 UTC
There are still reports for Version: 5.4.7.2 and Version: 6.0.4.2. So far no 6.1.
Comment 25 QA Administrators 2019-06-19 02:48:47 UTC Comment hidden (obsolete)
Comment 26 Timur 2021-05-12 09:02:15 UTC
Seems like fixes decreased crashes considerably, from dozens of thousands in 5.4 to dozens. 
48 crashes for latest Version: 7.0.3.1, cannot filter but seems like it's for Build Architecture is x86, Windows 10.
Not sure anyone will look into this anymore.