Description: when I try to open the document, writer hangs and nothing appears on the document recovery screen Steps to Reproduce: 1. Open the document 2. Writer crash 3. Actual Results: Writer crash Expected Results: the document should be shown Reproducible: Always User Profile Reset: No Additional Info:
Created attachment 143893 [details] document
Not reproducible in Versió: 6.0.6.1 ID de la construcció: 1:6.0.6~rc1-0ubuntu0.16.04.1 Fils de CPU: 4; SO: Linux 4.15; Renderitzador de la IU: per defecte; VCL: gtk3; Configuració local: ca-ES (ca_ES.UTF-8); Calc: group thus, only WIN
Not reproducible in Versión: 4.4.0.3 Id. de compilación: de093506bcdc5fafd9023ee680b8c60e3e0645d7 Configuración regional: es_ES
Regression introduced in range https://cgit.freedesktop.org/libreoffice/core/log/?qt=range&q=62c047ffb397802c09df9070492e70725928cadf..c8a94cae37029b037507ce86d149ba56ca341f11
I'm wondering if it was introduced by aa0d0536a444fb26d9e570bd6bf6c1bdc3596cf3...
Created attachment 148735 [details] bt On Win7 with master sources updated today, I could reproduce this. I noticed this on console: warn:oox:4556:1016:oox/source/docprop/docprophandler.cxx:325: OOXMLDocPropHandler::startFastElement: unknown element 5619 warn:oox:4556:1016:oox/source/docprop/docprophandler.cxx:325: OOXMLDocPropHandler::startFastElement: unknown element 3198 warn:vcl.gdi:4556:1016:vcl/source/graphic/Manager.cxx:136: Calculated size mismatch. Variable size is '1013512' but calculated size is '573060' warn:legacy.osl:4556:1016:svx/source/unodraw/unoshape.cxx:1976: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:writerfilter:4556:1016:writerfilter/source/dmapper/OLEHandler.cxx:257: OLEHandler::getCLSID: unhandled m_sProgId: StaticMetafile warn:legacy.osl:4556:1016:writerfilter/source/dmapper/StyleSheetTable.cxx:1558: Exception in StyleSheetTable::getOrCreateCharStyle - Style::setPropertyValue warn:vcl.gdi:4556:1016:vcl/source/graphic/Manager.cxx:136: Calculated size mismatch. Variable size is '1491912' but calculated size is '1040168' warn:legacy.osl:4556:1016:svx/source/unodraw/unoshape.cxx:1976: SvxShape::GetAnyForItem() Returnvalue has wrong Type!
Was searching Libra Tutorial how to transfer an office document into book format. When I came back to project it had a message I didn't really understand. I answered the requests thinking I was cancelling the tutorial system but my document gone. Cannot open any documents that I had done on Libre. Libre Office is not even an option now.
Dear Leonardo, To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present with the latest version of LibreOffice from https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the information from Help - About LibreOffice. If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a comment that includes the information from Help - About LibreOffice. Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) from https://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to 'inherited from OOo'; 4b. If the bug was not present in 3.3 - add 'regression' to keyword Feel free to come ask questions or to say hello in our QA chat: https://web.libera.chat/?settings=#libreoffice-qa Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-UntouchedBug
Repro 7.5+. I set Major for crash and High for regression.
This is crashing down in the OLEComponent desctructor and it looks like the reference counting on a Windows COM object has gone weird somehow.
Created attachment 182346 [details] bt On Windows 10 with master sources updated today, I could still reproduce this. This time instead of using: !analyze -v I tried: kp this one gives: file name + associated line parameters provided to the function. If it can help, here's what I got on Cygwin console: warn:legacy.osl:4740:19232:sal/osl/w32/file_url.cxx:849: osl_getAbsoluteFileURL called with empty base URL and/or invalid relative URL warn:extensions.olebridge:4740:19232:extensions/source/ole/olethread.cxx:39: CoInitializeEx failed (expectedly): Impossible de modifier le mode thread une fois qu’il a été fixé. warn:extensions.olebridge:4740:19232:extensions/source/ole/olethread.cxx:59: Thread is in a main single-threaded apartment. warn:vcl:4740:19232:vcl/source/image/ImplImage.cxx:82: Failed to load scaled image from cmd/sc_signaturesmenu.png at 1 warn:vcl:4740:19232:vcl/source/image/ImplImage.cxx:105: Failed to load stock icon cmd/sc_signaturesmenu.png warn:vcl:4740:19232:vcl/source/window/menu.cxx:2917: Available height misdetected as 652px. Setting to 768px instead. warn:sfx.dialog:4740:19232:sfx2/source/dialog/filtergrouping.cxx:359: already have an element for WordPerfect warn:sfx.dialog:4740:19232:sfx2/source/dialog/filtergrouping.cxx:359: already have an element for writerweb8_writer_template warn:sfx.dialog:4740:19232:sfx2/source/dialog/filtergrouping.cxx:359: already have an element for writerglobal8 warn:xmloff:4740:19232:sax/source/fastparser/fastparser.cxx:1324: unknown element xsi:type http://www.w3.org/2001/XMLSchema-instance warn:xmloff:4740:19232:sax/source/fastparser/fastparser.cxx:1324: unknown element xsi:type http://www.w3.org/2001/XMLSchema-instance warn:xmloff:4740:19232:sax/source/fastparser/fastparser.cxx:1248: unknown attribute vid={4A3C46E8-61CC-4603-A589-7422A47A8E4A} warn:legacy.osl:4740:19232:svx/source/unodraw/unoshape.cxx:1870: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:svx:4740:19232:svx/source/unodraw/unoshap2.cxx:1461: Getting Graphic by URL is not supported, getting it by value warn:drawinglayer.emf:4740:19232:drawinglayer/source/tools/emfphelperdata.cxx:1791: EMF+ TODO SetPixelOffsetMode warn:drawinglayer.emf:4740:19232:drawinglayer/source/tools/emfphelperdata.cxx:1778: EMF+ TODO SetAntiAliasMode warn:drawinglayer.emf:4740:19232:drawinglayer/source/tools/emfphelperdata.cxx:1785: EMF+ TODO InterpolationMode warn:writerfilter:4740:19232:writerfilter/source/dmapper/OLEHandler.cxx:260: OLEHandler::getCLSID: unhandled m_sProgId: StaticMetafile warn:writerfilter:4740:19232:writerfilter/source/dmapper/DomainMapper_Impl.cxx:7616: PopFieldContext() com.sun.star.lang.IllegalArgumentException ArgumentPosition: 0 warn:writerfilter:4740:19232:writerfilter/source/dmapper/DomainMapper_Impl.cxx:7616: PopFieldContext() com.sun.star.lang.IllegalArgumentException ArgumentPosition: 0 warn:legacy.osl:4740:19232:svx/source/unodraw/unoshape.cxx:1870: SvxShape::GetAnyForItem() Returnvalue has wrong Type! warn:svx:4740:19232:svx/source/unodraw/unoshap2.cxx:1461: Getting Graphic by URL is not supported, getting it by value warn:drawinglayer.emf:4740:19232:drawinglayer/source/tools/emfphelperdata.cxx:1791: EMF+ TODO SetPixelOffsetMode warn:drawinglayer.emf:4740:19232:drawinglayer/source/tools/emfphelperdata.cxx:1778: EMF+ TODO SetAntiAliasMode warn:drawinglayer.emf:4740:19232:drawinglayer/source/tools/emfphelperdata.cxx:1785: EMF+ TODO InterpolationMode
Just for the record because I'm suppose it's wrong, if I delete this: delete m_pNativeImpl; (see https://opengrok.libreoffice.org/xref/core/embeddedobj/source/msole/olecomponent.cxx?r=7b8f630d#373) File can be opened on Windows. It seems there's something wrong with m_pNativeImpl->m_pIStorage m_pNativeImpl is ok but if I try something like: m_pNativeImpl->m_pIStorage = nullptr; it segfaults.
Mike: thought you might be interested in this one since you've already worked on Windows specific part.
The pointer m_pNativeImpl->m_pIStorage is a smart pointer to a COM object, which is supposed to be managing the COM AddRef/Release calls for us. But we must be missing a COM AddRef call somewhere, because the COM object seems to be dying sooner than it should, which is why when we that last Release() call to it, we end up trying to access data on an already deleted area of memory.
(In reply to Noel Grandin from comment #14) Thanks Noel! Indeed, that is the object causing the double release in its dtor; but the problem here seems to not be a missing AddRef, but rather some internal error. The object is assigned and used (and double-released) inside OleComponent::LoadEmbeddedObject. It is assigned using a path to a temporary file, which definitely exists at the moment; and the call to StgOpenStorage definitely creates an already AddRef'ed object, and is normal with all COM API that takes a void** to assign. Then in OleLoadSeh, a call to OleLoad MS API is done, and it's here where the underlying COM object is released - because of an error trying to load it. I do not know why they allow that happen at all - an error is not an excuse to manage something they didn't AddRef'd; but IMO, we need to try to find out if we can prevent the STG_E_FILENOTFOUND from OleLoadSeh. And if that fails, we could *workaround* it using an AddRef before the call, and conditional Release when it's not STG_E_FILENOTFOUND.
OK, this is a Windows bug: https://developercommunity.visualstudio.com/t/OleLoad-can-release-passed-LPSTORAGE-on/10144795 I'll create a workaround as mentioned above.
https://gerrit.libreoffice.org/c/core/+/139756
Mike Kaganski committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/b31992ea518cec906a65ef971a637d0529302a2c tdf#119039: workaround an OleLoad bug releasing passed storage unexpectedly It will be available in 7.5.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Confirm , no crash in Version: 7.5.0.0.alpha0+ (x64) / LibreOffice Community Build ID: bff60eadeac348024849d710690435ee9580831b CPU threads: 4; OS: Windows 10.0 Build 19043; UI render: Skia/Raster; VCL: win Locale: ru-RU (ru_RU); UI: en-US Calc: threaded Mike, thanks for fixing!
I confirm I don't reproduce the bug too, thank you Mike!
Mike Kaganski committed a patch related to this issue. It has been pushed to "libreoffice-7-4": https://git.libreoffice.org/core/commit/e5be1c6eec6b89cd62e970fb0aa7fe0aa47b7d99 tdf#119039: workaround an OleLoad bug releasing passed storage unexpectedly It will be available in 7.4.2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.