Bug Hunting Session
Bug 113755 - Crash in: SfxSlotPool::GetSlotPool(SfxViewFrame *) from 5.4.0, even 5.3.6 in Windows (no steps)
Summary: Crash in: SfxSlotPool::GetSlotPool(SfxViewFrame *) from 5.4.0, even 5.3.6 in ...
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
5.4.0.3 release
Hardware: All Windows (All)
: high major
Assignee: Not Assigned
URL:
Whiteboard: target:6.1.0 target:6.0.1 target:6.0....
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-10 11:38 UTC by m.a.riosv
Modified: 2019-06-19 02:48 UTC (History)
4 users (show)

See Also:
Crash report or crash signature: ["SfxSlotPool::GetSlotPool(SfxViewFrame *)"]


Attachments
some rough notes / code-reading. (6.84 KB, text/plain)
2018-01-16 12:10 UTC, Michael Meeks
Details
more notes ... (13.67 KB, text/plain)
2018-01-16 15:42 UTC, Michael Meeks
Details

Note You need to log in before you can comment on or make changes to this bug.
Description m.a.riosv 2017-11-10 11:38:19 UTC
This bug was filed from the crash reporting server and is br-205cd92e-417d-4dbc-808d-1da1ef0579b6.
=========================================
Saving a file
Version: 5.4.3.2 (x64)
Build ID: 92a7159f7e4af62137622921e809f8546db437e5
CPU threads: 4; OS: Windows 6.19; UI render: default; 
Locale: es-ES (es_ES); Calc: group

OpenGL.log
DriverVersion: 21.20.16.4550
DriverDate: 11-11-2016
DeviceID: PCI\VEN_8086&DEV_5916&SUBSYS_380117AA&REV_02
AdapterVendorID: 0x8086
AdapterDeviceID: 0x5916
AdapterSubsysID: 0x380117aa
DeviceKey: System\CurrentControlSet\Control\Video\{8CD6695F-B514-11E7-B258-B5AD865BD680}\0001
DeviceString: Intel(R) HD Graphics 620
Comment 1 Xisco Faulí 2017-11-10 13:48:06 UTC
Do you know the steps to reproduce this issue?
Comment 2 m.a.riosv 2017-11-10 15:31:52 UTC
No I think it was saving a writer file with password. But it didn't happen again.
Comment 3 Dieter Praas 2017-11-12 16:41:36 UTC
I'm not a developer, but I assume, that it is almost impossible to reproduce this bug without further informations. So I propose to close this bug and to reopen it, if it happens again and you can give some more informations. Do you agree?
Comment 4 Timur 2017-11-14 17:08:09 UTC
https://crashreport.libreoffice.org/stats/signature/SfxSlotPool::GetSlotPool%28SfxViewFrame%20*%29
4204 similar reports! For me it's like confirmation.
Comment 5 Xisco Faulí 2017-11-15 09:15:12 UTC
(In reply to m.a.riosv from comment #2)
> No I think it was saving a writer file with password. But it didn't happen
> again.

Do you think there was something in the clipboard when you tried to save the document ?
Comment 6 m.a.riosv 2017-11-16 00:02:38 UTC
Who knows?
Comment 7 Telesto 2018-01-15 14:58:07 UTC
Any relation with bug 100270 ?
Comment 8 Timur 2018-01-16 08:47:37 UTC Comment hidden (obsolete)
Comment 9 Xisco Faulí 2018-01-16 09:22:26 UTC
(In reply to Timur from comment #8)
> It's 10650 reports now, latest for LO 6.0. 
> Xisco, in my view, cases like this should be discussed at ESC, maybe as
> "Most Pressing Bugs". 
> And to have it in written: rules for keeping this open and confirmed, is a
> number of reports enough and can this ever be resolved like this, only with
> reports.

It has been already mentioned in ESC meeting in the crash reporter section.
Comment 10 Michael Meeks 2018-01-16 12:10:58 UTC
Created attachment 139127 [details]
some rough notes / code-reading.

Not sure that bug is a duplicate no; but I spent a little while chasing this one down. It -looks- from ptr arithmetic from the 0x14 crash-site, as if (somehow) we have a NULL SfxApplication - rather odd. Need to chase further. The crash happens during shutdown.
Comment 11 Michael Meeks 2018-01-16 15:41:33 UTC
Something of a hack here: https://gerrit.libreoffice.org/48007 may help - hard to say since we can't reproduce this easily. Possibly it only shows on very busy machines where the user events are not processed fully before save (or something) =)
Comment 12 Michael Meeks 2018-01-16 15:42:49 UTC
Created attachment 139132 [details]
more notes ...

Actually - having a large number of writer windows open - perhaps with some floating windows too and then exiting -might- be enough to trigger this - if someone wants to play =)
Comment 13 Commit Notification 2018-01-16 20:26:27 UTC
Michael Meeks committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=ad7e6339e5e5cf465a2ef25442099eb59f1a0deb

tdf#113755 - avoid null ptr de-reference during shutdown.

It will be available in 6.1.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 14 Timur 2018-01-17 08:16:44 UTC
From https://wiki.documentfoundation.org/Releases/5.3.6/RC1 looks like Caolan had some patches for  null deref.
Comment 15 Timur 2018-01-19 08:00:59 UTC
Michael, do you think it's safe to backport to 6.0 so we can track reports if they reoccur?
And please comment on my previous message, what are "ofz".
Comment 16 Michael Meeks 2018-01-19 09:55:21 UTC
I back-ported to 6-0 but no 2nd review (yet): https://gerrit.libreoffice.org/48013

> looks like Caolan had some patches for  null deref.

It is a favourite programmers hobby de-referencing null =)

> And please comment on my previous message, what are "ofz".

OFZ ? =)
Comment 17 Xisco Faulí 2018-01-19 09:59:08 UTC
(In reply to Timur from comment #15)
> Michael, do you think it's safe to backport to 6.0 so we can track reports
> if they reoccur?
> And please comment on my previous message, what are "ofz".

Hi Timur,
The backport to 6-0 is waiting for review in https://gerrit.libreoffice.org/#/c/48013/ and I've just cherry-picked it to 6-0-0 as well -> https://gerrit.libreoffice.org/#/c/48179/.

'ofz' stands for oss-fuzz: https://github.com/google/oss-fuzz
Comment 18 Commit Notification 2018-01-24 16:21:26 UTC
Michael Meeks committed a patch related to this issue.
It has been pushed to "libreoffice-6-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=a747dfef9c723808e12e802a2cc2f5688ab255fa&h=libreoffice-6-0

tdf#113755 - avoid null ptr de-reference during shutdown.

It will be available in 6.0.1.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 19 Commit Notification 2018-01-24 20:26:44 UTC
Michael Meeks committed a patch related to this issue.
It has been pushed to "libreoffice-6-0-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=877d94e5e90bf6599a30aa33e8504e4bcd332654&h=libreoffice-6-0-0

tdf#113755 - avoid null ptr de-reference during shutdown.

It will be available in 6.0.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 20 Xisco Faulí 2018-02-01 14:53:54 UTC
It seems the crash is no longer reported in http://crashreport.libreoffice.org/stats/version/6.0.0.3.
@Michael Meeks, i guess we can close it as RESOLVED FIXED now.
backported to 5-4 branch -> https://gerrit.libreoffice.org/#/c/49103/
Comment 21 Commit Notification 2018-02-13 21:01:55 UTC
Michael Meeks committed a patch related to this issue.
It has been pushed to "libreoffice-5-4":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=615f4846751fb669ea28cc092eadfd3842ab3220&h=libreoffice-5-4

tdf#113755 - avoid null ptr de-reference during shutdown.

It will be available in 5.4.6.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 22 Xisco Faulí 2018-02-20 10:59:16 UTC
A polite ping to Michael Meeks: Could you please close it as RESOLVED FIXED ? Thanks
Comment 23 Timur 2018-02-20 15:12:58 UTC
(In reply to Xisco Faulí from comment #20)
> It seems the crash is no longer reported in
> http://crashreport.libreoffice.org/stats/version/6.0.0.3.
Bug summary lists 4 reports for 6.0.0.3 and 2 for 6.0.1.1.
Comment 24 Timur 2018-06-18 09:21:37 UTC
There are still reports for Version: 5.4.7.2 and Version: 6.0.4.2. So far no 6.1.
Comment 25 QA Administrators 2019-06-19 02:48:47 UTC
Dear m.a.riosv,

To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year.

There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present.

If you have time, please do the following:

Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/

If the bug is present, please leave a comment that includes the information from Help - About LibreOffice.
 
If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice.

Please DO NOT

Update the version field
Reply via email (please reply directly on the bug tracker)
Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not 
appropriate in this case)


If you want to do more to help you can test to see if your issue is a REGRESSION. To do so:
1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from http://downloadarchive.documentfoundation.org/libreoffice/old/

2. Test your bug
3. Leave a comment with your results.
4a. If the bug was present with 3.3 - set version to 'inherited from OOo';
4b. If the bug was not present in 3.3 - add 'regression' to keyword


Feel free to come ask questions or to say hello in our QA chat: https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa

Thank you for helping us make LibreOffice even better for everyone!

Warm Regards,
QA Team

MassPing-UntouchedBug