128917 – LO segfaults in libpdfiumlo.so on CIFS mount, under certain conditions

Bug 128917 - LO segfaults in libpdfiumlo.so on CIFS mount, under certain conditions

Summary: LO segfaults in libpdfiumlo.so on CIFS mount, under certain conditions

Status:	RESOLVED INSUFFICIENTDATA

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	LibreOffice (show other bugs)
Version: (earliest affected)	5.4.3.2 release
Hardware:	All Linux (All)

Importance:	medium normal
Assignee:	Not Assigned

URL:
Whiteboard:
Keywords:	haveBacktrace

Depends on:
Blocks:	Network Crash
	Show dependency tree / graph

Reported:	2019-11-20 13:06 UTC by Maxim Britov
Modified:	2022-11-30 03:48 UTC (History)
CC List:	4 users (show)

See Also:
Crash report or crash signature:

Attachments
Crash report 6.4.b1 (177.31 KB, application/octet-stream) 2019-11-20 14:21 UTC, Maxim Britov	Details
fixed trace with -ggdb flag (80.78 KB, text/plain) 2019-11-22 08:46 UTC, Maxim Britov	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Maxim Britov 2019-11-20 13:06:22 UTC

I found my LO hangs when open "wrong" file from CIFS

under very specific conditions:

1.0. CIFS mount point on Synology NAS (Samba 4.4.16). Can't reproduce on Samba from desktop Linux. Can't reproduce from Windows share.

2.0. SAL_ENABLE_FILE_LOCKING should be set. Even to empty SAL_ENABLE_FILE_LOCKING= Same issue for 0 and 1.

3.1. echo "test" > test.odt
3.2. test.txt work fine, but test.{odp|odt|doc|docx|etc.} fails

I'm use Gentoo ebuild.
With debuginfo I have this backtrace for app-office/libreoffice-6.3.3.2:

$ cd /mnt/mountpoint
$ echo "test" > test.odp

$ $ SAL_ENABLE_FILE_LOCKING= gdb /usr/lib64/libreoffice/program/soffice.bin
GNU gdb (Gentoo 8.3.1 vanilla) 8.3.1
This GDB was configured as "x86_64-pc-linux-gnu".

(gdb) run --writer test.odp 
Starting program: /usr/lib64/libreoffice/program/soffice.bin --writer test.odp
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[Detaching after fork from child process 187502]
[New Thread 0x7fffedc0f700 (LWP 187503)]
[New Thread 0x7fffed40e700 (LWP 187504)]
[New Thread 0x7fffecb36700 (LWP 187505)]
[New Thread 0x7fffdffff700 (LWP 187506)]
[New Thread 0x7fffdf725700 (LWP 187507)]
[New Thread 0x7fffdef24700 (LWP 187508)]
[Thread 0x7fffdef24700 (LWP 187508) exited]
[Thread 0x7fffedc0f700 (LWP 187503) exited]

Thread 1 "soffice.bin" received signal SIGBUS, Bus error.
0x00007fffcddf0e86 in void boost::spirit::skipper_iteration_policy<boost::spirit::iteration_policy>::skip<boost::spirit::scanner<boost::spirit::file_iterator<char, boost::spirit::fileiter_impl::mmap_file_iterator<char> >, boost::spirit::scanner_policies<boost::spirit::skipper_iteration_policy<boost::spirit::iteration_policy>, boost::spirit::match_policy, boost::spirit::action_policy> > >(boost::spirit::scanner<boost::spirit::file_iterator<char, boost::spirit::fileiter_impl::mmap_file_iterator<char> >, boost::spirit::scanner_policies<boost::spirit::skipper_iteration_policy<boost::spirit::iteration_policy>, boost::spirit::match_policy, boost::spirit::action_policy> > const&) const [clone .isra.0] () from /usr/lib64/libreoffice/program/../program/libpdfimportlo.so

(gdb) bt full
#0  0x00007fffcddf0e86 in void boost::spirit::skipper_iteration_policy<boost::spirit::iteration_policy>::skip<boost::spirit::scanner<boost::spirit::file_iterator<char, boost::spirit::fileiter_impl::mmap_file_iterator<char> >, boost::spirit::scanner_policies<boost::spirit::skipper_iteration_policy<boost::spirit::iteration_policy>, boost::spirit::match_policy, boost::spirit::action_policy> > >(boost::spirit::scanner<boost::spirit::file_iterator<char, boost::spirit::fileiter_impl::mmap_file_iterator<char> >, boost::spirit::scanner_policies<boost::spirit::skipper_iteration_policy<boost::spirit::iteration_policy>, boost::spirit::match_policy, boost::spirit::action_policy> > const&) const [clone .isra.0] () from /usr/lib64/libreoffice/program/../program/libpdfimportlo.so
No symbol table info available.
#1  0x00007fffcddf1391 in pdfparse::PDFReader::read(char const*) () from /usr/lib64/libreoffice/program/../program/libpdfimportlo.so
No symbol table info available.
#2  0x00007fffcdde0990 in pdfi::getAdditionalStream(rtl::OUString const&, rtl::OUString&, rtl::OUString&, com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, bool) ()
   from /usr/lib64/libreoffice/program/../program/libpdfimportlo.so
No symbol table info available.
#3  0x00007fffcdde1512 in pdfi::PDFDetector::detect(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&) () from /usr/lib64/libreoffice/program/../program/libpdfimportlo.so
No symbol table info available.
#4  0x00007ffff57fa57d in filter::config::TypeDetection::impl_askDetectService(rtl::OUString const&, utl::MediaDescriptor&) () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#5  0x00007ffff57fa92e in filter::config::TypeDetection::impl_detectTypeFlatAndDeep(utl::MediaDescriptor&, std::vector<filter::config::FlatDetectionInfo, std::allocator<filter::config::FlatDetectionInfo> > const&, bool, std::vector<rtl::OUString, std::allocator<rtl::OUString> >&, rtl::OUString&) () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#6  0x00007ffff57fcd80 in filter::config::TypeDetection::queryTypeByDescriptor(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>&, unsigned char) () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#7  0x00007ffff58c8388 in framework::LoadEnv::impl_detectTypeAndFilter() () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#8  0x00007ffff58cb4d8 in framework::LoadEnv::startLoading() () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#9  0x00007ffff586f0d0 in framework::LoadDispatcher::impl_dispatch(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&, com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> const&) ()
   from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#10 0x00007ffff586f5e9 in framework::LoadDispatcher::dispatchWithReturnValue(com::sun::star::util::URL const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#11 0x00007ffff54466cd in comphelper::SynchronousDispatch::dispatch(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const&, rtl::OUString const&, rtl::OUString const&, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) ()
   from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#12 0x00007ffff5e8c310 in desktop::DispatchWatcher::executeDispatchRequests(std::vector<desktop::DispatchWatcher::DispatchRequest, std::allocator<desktop::DispatchWatcher::DispatchRequest> > const&, bool) () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#13 0x00007ffff5e94989 in desktop::RequestHandler::ExecuteCmdLineRequests(desktop::ProcessDocumentsRequest&, bool) () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#14 0x00007ffff5e7db4e in desktop::Desktop::OpenClients() () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#15 0x00007ffff5e7f552 in desktop::Desktop::OpenClients_Impl(void*) () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#16 0x00007ffff6a6e203 in ImplWindowFrameProc(vcl::Window*, SalEvent, void const*) () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#17 0x00007ffff6ca3fbf in SalUserEventList::DispatchUserEvents(bool) () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#18 0x00007fffee8bd097 in call_userEventFn () from /usr/lib64/libreoffice/program/libvclplug_gtk3lo.so
No symbol table info available.
#19 0x00007ffff366929e in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
No symbol table info available.
#20 0x00007ffff3669648 in ?? () from /usr/lib64/libglib-2.0.so.0
No symbol table info available.
#21 0x00007ffff36696d7 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
No symbol table info available.
#22 0x00007fffee8be69c in GtkSalData::Yield(bool, bool) () from /usr/lib64/libreoffice/program/libvclplug_gtk3lo.so
No symbol table info available.
#23 0x00007ffff6cd66cd in ImplYield(bool, bool) () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#24 0x00007ffff6cd83dd in Application::Execute() () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#25 0x00007ffff5e80ad9 in desktop::Desktop::Main() () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#26 0x00007ffff6cdec41 in ImplSVMain() () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#27 0x00007ffff5e9a3a3 in soffice_main () from /usr/lib64/libreoffice/program/libmergedlo.so
No symbol table info available.
#28 0x000055555555508c in main ()
No symbol table info available.

Comment 1 Maxim Britov 2019-11-20 14:20:40 UTC

Official builds:

$ SAL_ENABLE_FILE_LOCKING=1 gdb /opt/libreoffice6.4b1/program/soffice.bin
Thread 1 "soffice.bin" received signal SIGBUS, Bus error.
0x00007fffae11e94f in ?? () from /opt/libreoffice6.4b1/program/../program/libpdfimportlo.so

Comment 2 Maxim Britov 2019-11-20 14:21:50 UTC

Created attachment 155975 [details]
Crash report 6.4.b1

Comment 3 Maxim Britov 2019-11-21 11:36:41 UTC

v.5.4.3.2

(gdb) run --writer test.odt 
Starting program: /opt/libreoffice5.4.3.2/program/soffice.bin --writer test.odt
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffea324700 (LWP 257679)]
[Detaching after fork from child process 257680]
[New Thread 0x7fffe82b9700 (LWP 257682)]
[New Thread 0x7fffe7ab8700 (LWP 257683)]
[New Thread 0x7fffe66c3700 (LWP 257684)]
[New Thread 0x7fffe5ec2700 (LWP 257685)]

(soffice:257606): Gdk-WARNING **: 14:32:48.980: gdk_window_set_icon_list: icons too large
[New Thread 0x7fffe5087700 (LWP 257691)]
[New Thread 0x7fffe4886700 (LWP 257692)]
[New Thread 0x7fffd504b700 (LWP 257693)]
[New Thread 0x7fffd484a700 (LWP 257694)]
[New Thread 0x7fffbbfff700 (LWP 257695)]
[New Thread 0x7fffbb7fe700 (LWP 257696)]
[New Thread 0x7fffbaffd700 (LWP 257697)]
[New Thread 0x7fffba7fc700 (LWP 257698)]
[Thread 0x7fffe82b9700 (LWP 257682) exited]
:1: parser error : Document is empty
test
^
:1: parser error : Document is empty
test
^
:1: parser error : Document is empty
test
^

Thread 1 "soffice.bin" received signal SIGBUS, Bus error.
0x00007fffaec11550 in pdfparse::PDFReader::read(char const*) () from /opt/libreoffice5.4.3.2/program/../program/libpdfimportlo.so

Comment 4 Maxim Britov 2019-11-22 08:46:52 UTC

Created attachment 156026 [details]
fixed trace with -ggdb flag

I'm was stupid and forgot -ggdb when did first backtrace.
Here is new backtrace

Comment 5 Buovjaga 2021-07-26 09:53:45 UTC

Does it still crash with 7.1.x or a pre-release? You can test easily with https://libreoffice.soluzioniopen.com/

Comment 6 Xisco Faulí 2022-05-02 11:58:22 UTC

(In reply to Buovjaga from comment #5)
> Does it still crash with 7.1.x or a pre-release? You can test easily with
> https://libreoffice.soluzioniopen.com/

Thanks for reporting this issue.
Could you please try to reproduce it with the latest version of LibreOffice from https://www.libreoffice.org/download/libreoffice-fresh/ ?
I have set the bug's status to 'NEEDINFO'. Please change it back to 'UNCONFIRMED' if the bug is still present in the latest version.

Comment 7 QA Administrators 2022-10-30 03:47:07 UTC Comment hidden (obsolete)

Dear Maxim Britov,

This bug has been in NEEDINFO status with no change for at least
6 months. Please provide the requested information as soon as
possible and mark the bug as UNCONFIRMED. Due to regular bug
tracker maintenance, if the bug is still in NEEDINFO status with
no change in 30 days the QA team will close the bug as INSUFFICIENTDATA
due to lack of needed information.

For more information about our NEEDINFO policy please read the
wiki located here:
https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO

If you have already provided the requested information, please
mark the bug as UNCONFIRMED so that the QA team knows that the
bug is ready to be confirmed.
 
Thank you for helping us make LibreOffice even better for everyone!

Warm Regards,
QA Team

MassPing-NeedInfo-Ping

Comment 8 QA Administrators 2022-11-30 03:48:24 UTC

Dear Maxim Britov,

Please read this message in its entirety before proceeding.

Your bug report is being closed as INSUFFICIENTDATA due to inactivity and
a lack of information which is needed in order to accurately
reproduce and confirm the problem. We encourage you to retest
your bug against the latest release. If the issue is still
present in the latest stable release, we need the following
information (please ignore any that you've already provided):

a) Provide details of your system including your operating
   system and the latest version of LibreOffice that you have
   confirmed the bug to be present

b) Provide easy to reproduce steps – the simpler the better

c) Provide any test case(s) which will help us confirm the problem

d) Provide screenshots of the problem if you think it might help

e) Read all comments and provide any requested information

Once all of this is done, please set the bug back to UNCONFIRMED
and we will attempt to reproduce the issue. Please do not:

a) respond via email 

b) update the version field in the bug or any of the other details
   on the top section of our bug tracker

Warm Regards,
QA Team

MassPing-NeedInfo-FollowUp