This bug was filed from the crash reporting server and is br-f4250b08-b9ac-48ce-850e-9e7070139962. ========================================= To reproduce 1. Start impress with a presentation 2. Pair remote control application with impress 3. Wait for the initial exchange of the presentation name and so 4. Send from the remote control application: 4.1. a tcp package with "presentation_start\n\n" and immediately 4.2. a tcp package with "presentation_stop\n\n" 5. impress segfaults The presentation start and immediately stop was an error in my remote control application. Impress should not segfault on this error. I tried to debug the error but did not succeed. Sorry. If more information are needed or I can test something please contact me.
So you have your own remote control application? Can you give us the application to test?
Created attachment 144856 [details] QT Impress remote experiment
I attached my Qt program. For my experiments I use Qt 5.11.1 and to build it Qt Creator 4.7. To trigger the bug in Impress uncomment the "#define" on line 9 in mainwindow.cpp Please note: this is only an experiment to learn Qt and the Impress remote protocol
This also affects Version: 6.1.2.1
I made a debug build on linux (this was hard to make). I could not reproduce the error on this (old and slow) machine. So I think it is a timing problem: It tries to build the presentation screen and the stop message deletes some important structures for the presentation screen. Then the crash happen.
A new major release of LibreOffice is available since this bug was reported. Could you please try to reproduce it with the latest version of LibreOffice from https://www.libreoffice.org/download/libreoffice-fresh/ ? I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' if the bug is still present in the latest version.
The crash persists in the latest LibreOffice version. I can't reference a crash report cause the crash dialog does not show the ID any more.
(In reply to oo.o+libreoffice from comment #7) > The crash persists in the latest LibreOffice version. > I can't reference a crash report cause the crash dialog does not show the ID > any more. Could you please paste the info from Help - about LibreOffice ? I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' once the information has been provided
Dear oo.o+libreoffice, This bug has been in NEEDINFO status with no change for at least 6 months. Please provide the requested information as soon as possible and mark the bug as UNCONFIRMED. Due to regular bug tracker maintenance, if the bug is still in NEEDINFO status with no change in 30 days the QA team will close the bug as INSUFFICIENTDATA due to lack of needed information. For more information about our NEEDINFO policy please read the wiki located here: https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO If you have already provided the requested information, please mark the bug as UNCONFIRMED so that the QA team knows that the bug is ready to be confirmed. Thank you for helping us make LibreOffice even better for everyone! Warm Regards, QA Team MassPing-NeedInfo-Ping
Dear oo.o+libreoffice, Please read this message in its entirety before proceeding. Your bug report is being closed as INSUFFICIENTDATA due to inactivity and a lack of information which is needed in order to accurately reproduce and confirm the problem. We encourage you to retest your bug against the latest release. If the issue is still present in the latest stable release, we need the following information (please ignore any that you've already provided): a) Provide details of your system including your operating system and the latest version of LibreOffice that you have confirmed the bug to be present b) Provide easy to reproduce steps – the simpler the better c) Provide any test case(s) which will help us confirm the problem d) Provide screenshots of the problem if you think it might help e) Read all comments and provide any requested information Once all of this is done, please set the bug back to UNCONFIRMED and we will attempt to reproduce the issue. Please do not: a) respond via email b) update the version field in the bug or any of the other details on the top section of our bug tracker Warm Regards, QA Team MassPing-NeedInfo-FollowUp
Created attachment 165004 [details] Wireshark capture port 1599 LO 7.0.3
I tested it with LO 7.0.3 and it still crashes. Report: https://crashreport.libreoffice.org/stats/crash_details/9c749314-e788-4c28-b138-ca94e8193e54 Info from help->about Version: 7.0.0.3 (x64) Build ID: 8061b3e9204bef6b321a21033174034a5e2ea88e CPU-Threads: 8; BS: Windows 10.0 Build 19041; UI-Render: Skia/Raster; VCL: win Locale: de-DE (de_DE); UI: de-DE Calc: CL
I tried to use windbg more or less successfully and could have found the problem. It shows a access violation and a bucket id: NULL_POINTER_READ. FAULTING_SOURCE_FILE: C:\cygwin64\home\buildslave\source\libo-core\sd\source\ui\remotecontrol\Communicator.cxx FAULTING_SOURCE_LINE_NUMBER: 87 This is the function sdlo!sd::Communicator::execute+0x00000000000004a1 I think the line number is wrong or the source code I found has evolved. The problem, I think, is in this line: OStringBuffer aBuffer; aBuffer.append( "slideshow_info\n" ) .append( OUStringToOString( ::comphelper::DocumentInfo::getDocumentTitle( xFrame->getController()->getModel() ), RTL_TEXTENCODING_UTF8 ) ) .append("\n\n"); Before there are checks that xFrame is valid when it is used. In this line there is no check and xFrame got de-referenced. Is this correct?
I moved the aBuffer and send telegram function into the if above where the reference was checked valid. Then I can't crash impress. I can extract a patch if needed.
(In reply to oo.o+libreoffice from comment #15) > I moved the aBuffer and send telegram function into the if above where the > reference was checked valid. > Then I can't crash impress. I can extract a patch if needed. Yes, would be great. Options are: - submit it to gerrit from your local machine: https://wiki.documentfoundation.org/Development/gerrit/setup - create it directly in gerrit: https://gerrit.libreoffice.org/Documentation/user-inline-edit.html A license statement to the mailing list is also needed https://wiki.documentfoundation.org/Development/GetInvolved#License_statement
Created attachment 165341 [details] Patch for impress
I added the patch here. My login does not work at gerrit. I don't know if it is needed for moving some lines around: I grand this contribution to LibreOffice may be licensed under the MPLv2/LGPLv3+ dual license. I put this patch into the public domain.
(In reply to oo.o+libreoffice from comment #18) > I added the patch here. My login does not work at gerrit. > > I don't know if it is needed for moving some lines around: > > I grand this contribution to LibreOffice may be > licensed under the MPLv2/LGPLv3+ dual license. > I put this patch into the public domain. Can you provide your name? Caolán said he could submit it for you with git commit --author=
(In reply to oo.o+libreoffice from comment #18) > I added the patch here. My login does not work at gerrit. Why does it not work? Any error message? Did you have already an account? We switched to a SSO authentication in June 2018 and you might lost your account (which can be recovered), see https://listarchives.libreoffice.org/global/projects/msg02649.html and simply write to hostmaster@documentfoundation.org.
@Buovjaga He can use "Hochwasser" for the author. Thanks. @Dennis Roczek I used my login from here. But it does not work.
(In reply to oo.o+libreoffice from comment #21) > @Buovjaga > He can use "Hochwasser" for the author. > Thanks. > > @Dennis Roczek > I used my login from here. But it does not work. Bugzilla is unfortunately still not part of TDF single sign on service. The next Bugzilla version should provide us with the functionality. For now, you have to create an account in our single sign on system and use it for gerrit: https://wiki.documentfoundation.org/Development/gerrit/setup#Register_in_Gerrit_for_first_time
submitted as https://gerrit.libreoffice.org/c/core/+/102902
Hochwasser committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/dabb1dc347071abb7d6a708930f5fbdb8c68c72a tdf#119312 Crash in: sdext::presenter::PresenterSlideShowView::LateInit() It will be available in 7.3.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Patch backported to 7-2 branch in https://gerrit.libreoffice.org/c/core/+/118719 Closing as RESOLVED FIXED.
Hochwasser committed a patch related to this issue. It has been pushed to "libreoffice-7-2": https://git.libreoffice.org/core/commit/8fe92ee041a38e3e2057ba0287ef60845e2faa34 tdf#119312 Crash in: sdext::presenter::PresenterSlideShowView::LateInit() It will be available in 7.2.0.2. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Hochwasser committed a patch related to this issue. It has been pushed to "libreoffice-7-1": https://git.libreoffice.org/core/commit/051bb16057904647f11ec0b6ac0f4a245ea63531 tdf#119312 Crash in: sdext::presenter::PresenterSlideShowView::LateInit() It will be available in 7.1.6. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.