LO Crashes when scrolling the Font list box on the Formatting toolbar, or the Font list box from the Character dialog. Scrolling the font list box onto these fonts would consistently crash LO--with either OpenGL or Default rendering enabled. Two specific TTF fonts, installed as part of Corel Technical Suite 2017, seemed to be the cause. dfmw5.ttf, v1.0 --DFMincho-W5 dfkai71.ttf v2.71 -- DFKaiSho-SB Both by DynaComWare/DynaLab, commonly installed with Corel suites.
Created attachment 146929 [details] old broken TTF fonts that crash font preview list box uninstalling these fonts clears the issue
This was not a recurrence of the GDI issues of bug 106265, seems isolated to at least these two fonts. I'd be fine to NOB this, but wonder if we should be able to guard against malformed fonts causing crash.
Here is a WinDbg stacktrace of 6.1.3.2 run against the Character dialog scrolling onto the dfmw5.ttf font... 0:017> g ModLoad: 00007ffd`30fd0000 00007ffd`31201000 C:\Program Files\LibreOffice\program\dict_zh.dll ModLoad: 00007ffd`39ae0000 00007ffd`39c7c000 C:\Program Files\LibreOffice\program\localedata_others.dll ModLoad: 00007ffd`58dd0000 00007ffd`58f5b000 C:\Program Files\LibreOffice\program\sal_textenclo.dll (2a24.20f0): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. ntdll!RtlpLowFragHeapAllocFromContext+0x5e9: 00007ffd`72383419 410fb781ae000000 movzx eax,word ptr [r9+0AEh] ds:00009e94`00009f3f=???? 0:000> g (2a24.20f0): Access violation - code c0000005 (!!! second chance !!!) ntdll!RtlpLowFragHeapAllocFromContext+0x5e9: 00007ffd`72383419 410fb781ae000000 movzx eax,word ptr [r9+0AEh] ds:00009e94`00009f3f=???? 0:000> ~* kp . 0 Id: 2a24.20f0 Suspend: 1 Teb: 000000a7`99e31000 Unfrozen # Child-SP RetAddr Call Site 00 000000a7`9a98d7f0 00007ffd`7238265b ntdll!RtlpLowFragHeapAllocFromContext+0x5e9 01 000000a7`9a98d8d0 00007ffd`6f29a506 ntdll!RtlpAllocateHeapInternal+0xeb 02 000000a7`9a98d9b0 00007ffd`65400c40 ucrtbase!_malloc_base+0x36 03 (Inline Function) --------`-------- sal3!rtl_allocateMemory_SYSTEM+0x6 [c:\cygwin64\home\buildslave\source\libo-core\sal\rtl\alloc_global.cxx @ 232] 04 000000a7`9a98d9e0 00007ffd`6541949d sal3!rtl_allocateMemory(unsigned int64 n = <Value unavailable error>)+0x40 [c:\cygwin64\home\buildslave\source\libo-core\sal\rtl\alloc_global.cxx @ 259] 05 000000a7`9a98da20 00007ffd`6541a65a sal3!rtl_uString_ImplAlloc(long nLen = 0n28)+0x2d [c:\cygwin64\home\buildslave\source\libo-core\sal\rtl\strtmpl.cxx @ 1155] 06 000000a7`9a98da50 00007ffd`3bf8dc9f sal3!rtl_uString_newFromStr_WithLength(struct _rtl_uString ** ppThis = 0x000000a7`9a98dac8, char16_t * pCharStr = 0x000001f8`aa96a6ea "org.openoffice.Office.Common/Misc/FontsUseWinMetrics", long nLen = 0n28)+0x3a [c:\cygwin64\home\buildslave\source\libo-core\sal\rtl\strtmpl.cxx @ 1374] 07 000000a7`9a98da80 00007ffd`3c19e2ce mergedlo!rtl::OUString::copy(long beginIndex = <Value unavailable error>, long count = <Value unavailable error>)+0x2f [c:\cygwin64\home\buildslave\source\libo-core\include\rtl\ustring.hxx @ 2215] 08 000000a7`9a98dac0 00007ffd`3c176742 mergedlo!configmgr::Data::parseSegment(class rtl::OUString * path = 0x000000a7`9a98dd10 "/org.openoffice.Office.Common/Misc/FontsUseWinMetrics", long index = <Value unavailable error>, class rtl::OUString * name = 0x000000a7`9a98db38 empty, bool * setElement = 0x000000a7`9a98dbd0, class rtl::OUString * templateName = 0x000000a7`9a98dbd8 empty)+0x16e [c:\cygwin64\home\buildslave\source\libo-core\configmgr\source\data.cxx @ 124] 09 000000a7`9a98db00 00007ffd`3c173d3b mergedlo!configmgr::Access::getSubChild(class rtl::OUString * path = 0x000000a7`9a98dd10 "/org.openoffice.Office.Common/Misc/FontsUseWinMetrics")+0x372 [c:\cygwin64\home\buildslave\source\libo-core\configmgr\source\access.cxx @ 2001] 0a 000000a7`9a98dbc0 00007ffd`3c1a58d1 mergedlo!configmgr::Access::getByHierarchicalName(class rtl::OUString * aName = 0x000000a7`9a98dd10 "/org.openoffice.Office.Common/Misc/FontsUseWinMetrics")+0x6b [c:\cygwin64\home\buildslave\source\libo-core\configmgr\source\access.cxx @ 436] 0b 000000a7`9a98dc30 00007ffd`3c0b7714 mergedlo!configmgr::read_write_access::`anonymous namespace'::Service::getByHierarchicalName(class rtl::OUString * aName = 0x000000a7`9a98dd10 "/org.openoffice.Office.Common/Misc/FontsUseWinMetrics")+0x51 [c:\cygwin64\home\buildslave\source\libo-core\configmgr\source\readwriteaccess.cxx @ 76] 0c 000000a7`9a98dc70 00007ffd`3ddf94fb mergedlo!comphelper::detail::ConfigurationWrapper::getPropertyValue(class rtl::OUString * path = <Value unavailable error>)+0x24 [c:\cygwin64\home\buildslave\source\libo-core\comphelper\source\misc\configuration.cxx @ 140] 0d 000000a7`9a98dcb0 00007ffd`3ddf8ffb mergedlo!comphelper::ConfigurationProperty<officecfg::Office::Common::Misc::FontsUseWinMetrics,com::sun::star::uno::Sequence<rtl::OUString> >::get(class com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> * context = 0x000000a7`9a98dd78 {{...}})+0x5b [c:\cygwin64\home\buildslave\source\libo-core\include\comphelper\configuration.hxx @ 210] 0e 000000a7`9a98dd10 00007ffd`3ddf85b5 mergedlo!ImplFontMetricData::ShouldUseWinMetrics(struct vcl::TTGlobalFontInfo * rInfo = <Value unavailable error>)+0x23b [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\font\fontmetric.cxx @ 412] 0f 000000a7`9a98de70 00007ffd`3de7bbb5 mergedlo!ImplFontMetricData::ImplCalcLineSpacing(class std::vector<unsigned char,std::allocator<unsigned char> > * rHheaData = 0x000000a7`9a98dfe0 { size=36 }, class std::vector<unsigned char,std::allocator<unsigned char> > * rOS2Data = 0x000000a7`9a98dfc8 { size=86 }, int nUPEM = <Value unavailable error>)+0x135 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\font\fontmetric.cxx @ 467] 10 000000a7`9a98dfa0 00007ffd`3dbad305 mergedlo!WinSalGraphics::GetFontMetric(class tools::SvRef<ImplFontMetricData> * rxFontMetric = 0x000001f8`bc24aeb8, int nFallbackLevel = <Value unavailable error>)+0x275 [c:\cygwin64\home\buildslave\source\libo-core\vcl\win\gdi\salfont.cxx @ 1053] 11 000000a7`9a98e260 00007ffd`3dbab62c mergedlo!OutputDevice::ImplNewFont(void)+0x1e5 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\outdev\font.cxx @ 1068] 12 000000a7`9a98e2d0 00007ffd`3dbabe27 mergedlo!OutputDevice::GetFontCharMap(class tools::SvRef<FontCharMap> * rxFontCharMap = 0x000000a7`9a98e330)+0x4c [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\outdev\font.cxx @ 233] 13 000000a7`9a98e310 00007ffd`3d0511da mergedlo!OutputDevice::HasGlyphs(class vcl::Font * rTempFont = 0x000001f8`bb75f4a0, class rtl::OUString * rStr = 0x000000a7`9a98e570 "人之初 性本善", long nIndex = <Value unavailable error>, long nLen = 0n-1)+0xc7 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\outdev\font.cxx @ 1475] 14 000000a7`9a98e3a0 00007ffd`3d17f753 mergedlo!makeRepresentativeTextForFont(short nScriptType = 0n2, class vcl::Font * rFont = 0x000001f8`bb75f4a0)+0xca [c:\cygwin64\home\buildslave\source\libo-core\svtools\source\misc\sampletext.cxx @ 1618] 15 000000a7`9a98e460 00007ffd`3d9f92ae mergedlo!SvxFontPrevWindow::Paint(class OutputDevice * rRenderContext = 0x000001f8`bb75e0f0, class tools::Rectangle * __formal = 0x000001f8`bbb610b0 1807172015)+0x263 [c:\cygwin64\home\buildslave\source\libo-core\svx\source\dialog\fntctrl.cxx @ 674] 16 000000a7`9a98e570 00007ffd`3d9f9e2f mergedlo!PaintHelper::DoPaint(class vcl::Region * pRegion = <Value unavailable error>)+0x23e [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 307] 17 000000a7`9a98e620 00007ffd`3d9f8d00 mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion = 0x00000000`00000000, ImplPaintFlags nPaintFlags = 0n26 (No matching enumerant))+0x17f [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 605] 18 000000a7`9a98e6d0 00007ffd`3d9f9e55 mergedlo!PaintHelper::~PaintHelper(void)+0x90 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 540] 19 000000a7`9a98e780 00007ffd`3d9f8d00 mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion = 0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 610] 1a 000000a7`9a98e830 00007ffd`3d9f9e55 mergedlo!PaintHelper::~PaintHelper(void)+0x90 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 540] 1b 000000a7`9a98e8e0 00007ffd`3d9f8d00 mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion = 0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 610] 1c 000000a7`9a98e990 00007ffd`3d9f9e55 mergedlo!PaintHelper::~PaintHelper(void)+0x90 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 540] 1d 000000a7`9a98ea40 00007ffd`3d9f8d00 mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion = 0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 610] 1e 000000a7`9a98eaf0 00007ffd`3d9f9e55 mergedlo!PaintHelper::~PaintHelper(void)+0x90 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 540] 1f 000000a7`9a98eba0 00007ffd`3d9f8d00 mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion = 0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 610] 20 000000a7`9a98ec50 00007ffd`3d9f9e55 mergedlo!PaintHelper::~PaintHelper(void)+0x90 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 540] 21 000000a7`9a98ed00 00007ffd`3d9f8d00 mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion = 0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 610] 22 000000a7`9a98edb0 00007ffd`3d9f9e55 mergedlo!PaintHelper::~PaintHelper(void)+0x90 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 540] 23 000000a7`9a98ee60 00007ffd`3d9f8d00 mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion = 0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 610] 24 000000a7`9a98ef10 00007ffd`3d9f9e55 mergedlo!PaintHelper::~PaintHelper(void)+0x90 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 540] 25 000000a7`9a98efc0 00007ffd`3d9f9f46 mergedlo!vcl::Window::ImplCallPaint(class vcl::Region * pRegion = 0x00000000`00000000, ImplPaintFlags nPaintFlags = PaintChildren (0n8))+0x1a5 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 610] 26 (Inline Function) --------`-------- mergedlo!vcl::Window::ImplCallOverlapPaint+0x52 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 628] 27 000000a7`9a98f070 00007ffd`3dd85bda mergedlo!vcl::Window::ImplHandlePaintHdl(class Timer * __formal = 0x00000000`00000000)+0xc6 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\paint.cxx @ 649] 28 000000a7`9a98f0a0 00007ffd`3de69940 mergedlo!Scheduler::ProcessTaskScheduling(void)+0x26a [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\scheduler.cxx @ 448] 29 (Inline Function) --------`-------- mergedlo!SalTimer::CallCallback+0xb [c:\cygwin64\home\buildslave\source\libo-core\vcl\inc\saltimer.hxx @ 55] 2a 000000a7`9a98f150 00007ffd`3de6627a mergedlo!WinSalTimer::ImplHandleElapsedTimer(void)+0x30 [c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\saltimer.cxx @ 159] 2b 000000a7`9a98f180 00007ffd`3de65d0b mergedlo!ImplSalYield(bool bWait = true, bool bHandleAllCurrentEvents = false)+0x17a [c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 514] 2c 000000a7`9a98f210 00007ffd`3dd97cd1 mergedlo!WinSalInstance::DoYield(bool bWait = true, bool bHandleAllCurrentEvents = false)+0x9b [c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 560] 2d (Inline Function) --------`-------- mergedlo!ImplYield+0x2a [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svapp.cxx @ 470] 2e (Inline Function) --------`-------- mergedlo!Application::Yield+0x2a [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svapp.cxx @ 535] 2f 000000a7`9a98f250 00007ffd`3cd866c4 mergedlo!Application::Execute(void)+0x161 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svapp.cxx @ 450] 30 000000a7`9a98f2b0 00007ffd`3dda026e mergedlo!desktop::Desktop::Main(void)+0x1084 [c:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\app.cxx @ 1634] 31 000000a7`9a98f4d0 00007ffd`3dda0752 mergedlo!ImplSVMain(void)+0x6e [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svmain.cxx @ 200] 32 000000a7`9a98f510 00007ffd`3cda4147 mergedlo!SVMain(void)+0x32 [c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svmain.cxx @ 239] 33 000000a7`9a98f540 00007ff7`48c4102e mergedlo!soffice_main(void)+0x127 [c:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\sofficemain.cxx @ 170] 34 000000a7`9a98f7a0 00007ff7`48c41317 soffice+0x102e 35 000000a7`9a98f7d0 00007ffd`70713034 soffice!main+0x2d7 36 000000a7`9a98f810 00007ffd`723e1471 KERNEL32!BaseThreadInitThunk+0x14 37 000000a7`9a98f840 00000000`00000000 ntdll!RtlUserThreadStart+0x21
I don't get the crash with DFKaiSho-SB when scrolling through the font list, but when I close Writer right afterwards, sometimes I do. With the other font it does crash right away, though. Tested with LO 6.1.3.2 / Windows 7.
could you please check if lo crashes, if you open format cells dialog in calc? https://bugs.documentfoundation.org/show_bug.cgi?id=119903
(In reply to Oliver Brinzing from comment #5) > could you please check if lo crashes, if you open format cells dialog in > calc? > https://bugs.documentfoundation.org/show_bug.cgi?id=119903 Yes, with either of these specific fonts installed, opening the Format Cells dialog on the Font tab listbox and sample text will crash as the font preview is scrolled into view. If font previews are enabled from Tools -> Options -> View: Font Lists - "show preview of fonts" check box, the crash is immediate. Otherwise, with no preview, if one of these fonts is selected to format--will either crash UI, or if selected will not allow save of document. The font listbox on the Sidebar decks are likewise affected--immediate crash or not if font preview is enabled.
(In reply to V Stuart Foote from comment #6) > If font previews are enabled from Tools -> Options -> View: Font Lists - > "show preview of fonts" check box, the crash is immediate. so maybe the reported misterious crashes are font related ...
The crashing code was introduced in bug 116498.
Created attachment 147037 [details] gdb backtrace
Also reproduced in Version: 6.2.0.0.beta1+ Build ID: a5bb6a0406d0018d1df279b925c80b392d9db277 CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US Calc: threaded
At least on linux, reverting this changes https://cgit.freedesktop.org/libreoffice/core/diff/vcl/source/font/fontcharmap.cxx?id=85b3c799ede62a3d7ad0493fc80b629214956601 from author Julien Nabet <serval2412@yahoo.fr> 2018-01-28 22:46:46 +0100 committer Julien Nabet <serval2412@yahoo.fr> 2018-01-29 07:02:23 +0100 commit 85b3c799ede62a3d7ad0493fc80b629214956601 (patch) tree 28744ea275da6fce4bab05aaeed97d0ca21108e7 parent fe41d0ff8c426fe5934872de8b0dcb167cb636a2 (diff) Modernize a bit vcl (part2) fixes the issue... Adding Cc: to Julien Nabet I don't know if linux and win have different issues though
This fixes it on linux -> https://gerrit.libreoffice.org/#/c/64038/
(In reply to Xisco Faulí from comment #11) > ... > Adding Cc: to Julien Nabet > > I don't know if linux and win have different issues though My fault indeed. Thank you Xisco for having pinpointed this one. I put a +1 for Code review
Anyone with a win build could try if my patch fixes it on win as well ?
Xisco Fauli committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/+/8efb302a446bb319a0793c45076ca6fca288949b%5E%21 tdf#121647: fix regression from 85b3c799ede62a3d7ad0493fc80b629214956601 It will be available in 6.3.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Xisco Fauli committed a patch related to this issue. It has been pushed to "libreoffice-6-2": https://git.libreoffice.org/core/+/ab4987667d315f371bd9cd44c2fa412477a7c617%5E%21 tdf#121647: fix regression from 85b3c799ede62a3d7ad0493fc80b629214956601 It will be available in 6.2.0.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Xisco Fauli committed a patch related to this issue. It has been pushed to "libreoffice-6-1": https://git.libreoffice.org/core/+/c9adae998cb1132716874a98972a3d07d9dabd32%5E%21 tdf#121647: fix regression from 85b3c799ede62a3d7ad0493fc80b629214956601 It will be available in 6.1.4. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
I hope it's fixed now. Please test it tomorrow with a daily build.
Yes, on Windows builds the problem fonts are no longer crashing in any of the font selection or preview widgets. On Windows 10 Ent 64-bit (1803) en-US with Version: 6.3.0.0.alpha0+ Build ID: f21d2b48bd68424a96aa6cd5572e368208378291 CPU threads: 8; OS: Windows 10.0; UI render: GL; VCL: win; TinderBox: Win-x86@42, Branch:master, Time: 2018-11-27_00:26:54 Locale: en-US (en_US); UI-Language: en-US Calc: CL
(In reply to V Stuart Foote from comment #19) > Yes, on Windows builds the problem fonts are no longer crashing in any of > the font selection or preview widgets. confirming, no crash with my debug build: Version: 6.3.0.0.alpha0+ (x64) Build ID: 0d4298a9880e48692871b5b3d4bbc551af6e37ae CPU threads: 4; OS: Windows 10.0; UI render: default; VCL: win; Locale: de-DE (de_DE); UI-Language: en-US Calc: threaded
*** Bug 119903 has been marked as a duplicate of this bug. ***