127258 – Impress Crash after Presentation Finished

Bug 127258 - Impress Crash after Presentation Finished

Summary: Impress Crash after Presentation Finished

Status:	VERIFIED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Impress (show other bugs)
Version: (earliest affected)	6.4.0.0.alpha1+
Hardware:	All All

Importance:	medium normal
Assignee:	Stephan Bergmann

URL:
Whiteboard:	target:6.4.0
Keywords:	bibisected, bisected, haveBacktrace, regression

Depends on:
Blocks:

Reported:	2019-09-01 02:57 UTC by Luke
Modified:	2019-09-04 12:19 UTC (History)
CC List:	4 users (show)

See Also:
Crash report or crash signature:

Attachments
bt with debug symbols (14.63 KB, text/plain) 2019-09-01 08:11 UTC, Julien Nabet	Details
Valgrind trace (31.64 KB, application/x-bzip) 2019-09-01 09:27 UTC, Julien Nabet	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luke 2019-09-01 02:57:33 UTC

I've noticed that several complex slideshows are crashing after the presentation has finished.

Steps to reproduce:
1. Navigate to https://skydrive.live.com/view.aspx?resid=9FBE63963526EB25!411&app=PowerPoint&wdo=2&authkey=!AN5Q_kKPvn2eWUQ
2. Download .pptx file
3. Open in Impress 
4. Start slideshow
5. Spacebar until "Click to Exit Presentation"
6. Press a key or click

Results:
Impress crashes

Version: 6.4.0.0.alpha0+ (x64)
Build ID: 52d7c6be46663d4a28745a0cfa2ced5493637230
Bad

Version: 6.4.0.0.alpha0+ (x64)
Build ID: 2f2f4767089512c34514896bc37823f9310e9dd4
Good

I can reproduce this in both Windows and Linux

Comment 1 raal 2019-09-01 04:30:18 UTC

no crash with Version: 6.4.0.0.alpha0+
Build ID: 654a1e6b3345d098e24dcdd0d81bb49add996d0b
CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: x11;

Comment 2 Julien Nabet 2019-09-01 08:11:41 UTC

Created attachment 153787 [details]
bt with debug symbols

On pc Debian x86-64 with master sources updated today, I could reproduce this. (gtk3)

Comment 3 Julien Nabet 2019-09-01 08:13:15 UTC

Here's the detail:
#0  slideshow::internal::EventMultiplexer::<lambda(const (anonymous namespace)::ViewEventHandlerWeakPtrWrapper&)>::operator()(const (anonymous namespace)::ViewEventHandlerWeakPtrWrapper &) const (
    __closure=0x7fffffff0e48, pHandler=...) at /home/julien/lo/libreoffice/slideshow/source/engine/eventmultiplexer.cxx:1131
1131	        { return pHandler.ptr.lock()->viewRemoved( rView ); } );
(gdb) p pHandler
$1 = (const (anonymous namespace)::ViewEventHandlerWeakPtrWrapper &) @0x55555ba791e0: {ptr = std::weak_ptr<slideshow::internal::ViewEventHandler> (expired, weak count 2) = {get() = 0x555558278560}}
(gdb) p pHandler.ptr
$2 = std::weak_ptr<slideshow::internal::ViewEventHandler> (expired, weak count 2) = {get() = 0x555558278560}
(gdb) p pHandler.ptr.lock()
$3 = std::shared_ptr<slideshow::internal::ViewEventHandler> (empty) = {get() = 0x0}

Comment 4 Julien Nabet 2019-09-01 09:27:29 UTC

Created attachment 153791 [details]
Valgrind trace

Valgrind retrieved with enable-symbols build (not enable-dbgutil)

Comment 5 Xisco Faulí 2019-09-02 10:05:11 UTC

Regression introduced  by:

https://cgit.freedesktop.org/libreoffice/core/commit/?id=042e30a3dc057aef4a02d95960e4dd4fb8d083ae

author	Stephan Bergmann <sbergman@redhat.com>	2019-08-28 08:43:44 +0200
committer	Stephan Bergmann <sbergman@redhat.com>	2019-08-28 09:34:38 +0200
commit 042e30a3dc057aef4a02d95960e4dd4fb8d083ae (patch)
tree 9273f9553165f943d925f4f729e6a48f2ac1557c
parent 55402d82c5a81322ff7bca3c277a8813bd967a09 (diff)
Avoid adding a function template declaration to namespace std

Bisected with: bibisect-linux64-6.4

Adding Cc: to Stephan Bergmann

Comment 6 Stephan Bergmann 2019-09-02 10:41:15 UTC

(In reply to Julien Nabet from comment #4)
> Created attachment 153791 [details]
> Valgrind trace
> 
> Valgrind retrieved with enable-symbols build (not enable-dbgutil)

...the relevant part of which is apparently

> ==10277== Invalid read of size 8
> ==10277==    at 0x27FDC17E: operator() (eventmultiplexer.cxx:1131)
> ==10277==    by 0x27FDC17E: apply<slideshow::internal::EventMultiplexer::notifyViewRemoved(const UnoViewSharedPtr&)::<lambda(const (anonymous namespace)::ViewEventHandlerWeakPtrWrapper&)> > (listenercontainer.hxx:59)
> ==10277==    by 0x27FDC17E: notifyAllListeners<const std::vector<(anonymous namespace)::ViewEventHandlerWeakPtrWrapper>, slideshow::internal::EventMultiplexer::notifyViewRemoved(const UnoViewSharedPtr&)::<lambda(const (anonymous namespace)::ViewEventHandlerWeakPtrWrapper&)> > (listenercontainer.hxx:89)
> ==10277==    by 0x27FDC17E: applyAll<slideshow::internal::EventMultiplexer::notifyViewRemoved(const UnoViewSharedPtr&)::<lambda(const (anonymous namespace)::ViewEventHandlerWeakPtrWrapper&)> > (listenercontainer.hxx:383)
> ==10277==    by 0x27FDC17E: slideshow::internal::EventMultiplexer::notifyViewRemoved(std::shared_ptr<slideshow::internal::UnoView> const&) (eventmultiplexer.cxx:1129)
> ==10277==    by 0x2802B89F: (anonymous namespace)::SlideShowImpl::removeView(com::sun::star::uno::Reference<com::sun::star::presentation::XSlideShowView> const&) (slideshowimpl.cxx:1387)
> ==10277==    by 0x1976AD14: sd::SlideshowImpl::disposing() (slideshowimpl.cxx:607)
> ==10277==    by 0x549B2B4: cppu::WeakComponentImplHelperBase::dispose() (implbase.cxx:102)
> ==10277==    by 0x19760E3E: dispose (compbase.hxx:90)
> ==10277==    by 0x19760E3E: sd::SlideShow::end() (slideshow.cxx:667)
> ==10277==    by 0x7DE6B16: Call (link.hxx:112)
> ==10277==    by 0x7DE6B16: ImplHandleUserEvent (winproc.cxx:1960)
> ==10277==    by 0x7DE6B16: ImplWindowFrameProc(vcl::Window*, SalEvent, void const*) (winproc.cxx:2513)
> ==10277==    by 0x805219E: SalUserEventList::DispatchUserEvents(bool) (salusereventlist.cxx:108)
> ==10277==    by 0xDEDA7C6: call_userEventFn (gtk3gtkdata.cxx:853)
> ==10277==    by 0xBCFE897: g_main_context_dispatch (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6000.6)
> ==10277==    by 0xBCFEC87: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6000.6)
> ==10277==    by 0xBCFED1B: g_main_context_iteration (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6000.6)
> ==10277==    by 0xDEDBE1B: GtkSalData::Yield(bool, bool) (gtk3gtkdata.cxx:528)
> ==10277==    by 0x8088DA1: ImplYield(bool, bool) (svapp.cxx:447)
> ==10277==    by 0x808ABC4: Application::Execute() (svapp.cxx:428)
> ==10277==    by 0x48DACD4: desktop::Desktop::Main() (app.cxx:1620)
> ==10277==    by 0x8091588: ImplSVMain() (svmain.cxx:191)
> ==10277==    by 0x490016E: soffice_main (sofficemain.cxx:177)
> ==10277==    by 0x10907B: sal_main (main.c:48)
> ==10277==    by 0x10907B: main (main.c:47)
> ==10277==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

Comment 7 Commit Notification 2019-09-02 17:20:50 UTC

Stephan Bergmann committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/+/e161826d5766cfb0816f666f6f65a7fb25d78f33%5E%21

tdf#127258: Fix ViewEventHandlerWeakPtrWrapper

It will be available in 6.4.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 8 Xisco Faulí 2019-09-04 12:19:27 UTC

Verified in

Version: 6.4.0.0.alpha0+
Build ID: e8b3df5b9b0eb0a93c25b6dc2e445ae44a7e3f78
CPU threads: 4; OS: Linux 4.15; UI render: default; VCL: gtk3; 
Locale: ca-ES (ca_ES.UTF-8); UI-Language: en-US
Calc: threaded

@Stephan Bergmann, thanks for fixing this issue!!