Bug 133987 - CRASH opening Options
Summary: CRASH opening Options
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
7.1.0.0.alpha0+
Hardware: All Windows (All)
: medium normal
Assignee: Mike Kaganski
URL:
Whiteboard: target:7.1.0
Keywords: regression
Depends on:
Blocks:
 
Reported: 2020-06-14 15:38 UTC by Mike Kaganski
Modified: 2020-06-15 13:53 UTC (History)
4 users (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Kaganski 2020-06-14 15:38:33 UTC 
In Version: 7.1.0.0.alpha0+ (x64)
Build ID: 6de8d3109dffa7d4d0cc06f319cca70134f0a8f3
CPU threads: 12; OS: Windows 10.0 Build 18363; UI render: Skia/Raster; VCL: win
Locale: ru-RU (ru_RU); UI: en-US
Calc: CL

trying to open Options, LibreOffice crashes (access violation reading location 0x0000000000000007).

The stack trace is:

> gpgmepp.dll!pr_string(int(*)(void *, const char *, unsigned __int64) outfnc, void * outfncarg, argspec_s * arg, value_t value, unsigned __int64 * nbytes, char *(*)(const char *, int, void *) sf, void * sfvalue, int string_no)
> 	at C:\lo\src\build\workdir\UnpackedTarball\libgpg-error\src\estream-printf.c(1226)
> gpgmepp.dll!do_format(int(*)(void *, const char *, unsigned __int64) outfnc, void * outfncarg, char *(*)(const char *, int, void *) sf, void * sfvalue, const char * format, argspec_s * argspecs, unsigned __int64 argspecs_len, valueitem_s * valuetable, int myerrno, unsigned __int64 * nbytes)
> 	at C:\lo\src\build\workdir\UnpackedTarball\libgpg-error\src\estream-printf.c(1465)
> gpgmepp.dll!_gpgrt_estream_format(int(*)(void *, const char *, unsigned __int64) outfnc, void * outfncarg, char *(*)(const char *, int, void *) sf, void * sfvalue, const char * format, char * vaargs)
> 	at C:\lo\src\build\workdir\UnpackedTarball\libgpg-error\src\estream-printf.c(1633)
> gpgmepp.dll!_gpgrt_estream_vasprintf(char * * bufp, const char * format, char * arg_ptr)
> 	at C:\lo\src\build\workdir\UnpackedTarball\libgpg-error\src\estream-printf.c(1853)
> gpgmepp.dll!gpgrt_asprintf(char * * r_buf, const char * format, ...)
> 	at C:\lo\src\build\workdir\UnpackedTarball\libgpg-error\src\visibility.c(703)
> gpgmepp.dll!_gpgme_debug_add(void * * line, const char * format, ...)
> 	at C:\lo\src\build\workdir\UnpackedTarball\gpgmepp\src\debug.c(360)
> gpgmepp.dll!_gpgme_io_select(io_select_fd_s * fds, unsigned __int64 nfds, int nonblock)
> 	at C:\lo\src\build\workdir\UnpackedTarball\gpgmepp\src\w32-io.c(1687)
> gpgmepp.dll!_gpgme_run_io_cb(io_select_fd_s * an_fds, int checked, unsigned int * op_err)
> 	at C:\lo\src\build\workdir\UnpackedTarball\gpgmepp\src\wait.c(204)
> gpgmepp.dll!_gpgme_wait_on_condition(gpgme_context * ctx, volatile int * cond, unsigned int * op_err_p)
> 	at C:\lo\src\build\workdir\UnpackedTarball\gpgmepp\src\wait-private.c(116)
> gpgmepp.dll!gpgme_op_keylist_next(gpgme_context * ctx, _gpgme_key * * r_key)
> 	at C:\lo\src\build\workdir\UnpackedTarball\gpgmepp\src\keylist.c(1219)
> gpgmepp.dll!GpgME::Context::nextKey(GpgME::Error & e)
> 	at C:\lo\src\build\workdir\UnpackedTarball\gpgmepp\lang\cpp\src\context.cpp(519)
> xsec_xmlsec.dll!SecurityEnvironmentGpg::getCertificatesImpl(bool bPrivateOnly)
> 	at C:\lo\src\core\xmlsecurity\source\gpg\SecurityEnvironment.cxx(126)
> xsec_xmlsec.dll!SecurityEnvironmentGpg::getPersonalCertificates()
> 	at C:\lo\src\core\xmlsecurity\source\gpg\SecurityEnvironment.cxx(154)
> cuilo.dll!SvxGeneralTabPage::InitCryptography()
> 	at C:\lo\src\core\cui\source\options\optgenrl.cxx(300)
> cuilo.dll!SvxGeneralTabPage::SvxGeneralTabPage(weld::Container * pPage, weld::DialogController * pController, const SfxItemSet & rCoreSet)
> 	at C:\lo\src\core\cui\source\options\optgenrl.cxx(225)
> cuilo.dll!std::make_unique<SvxGeneralTabPage,weld::Container * &,weld::DialogController * &,SfxItemSet const &,0>(weld::Container * & <_Args_0>, weld::DialogController * & <_Args_1>, const SfxItemSet & <_Args_2>)
> 	at C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\include\memory(2068)
> cuilo.dll!SvxGeneralTabPage::Create(weld::Container * pPage, weld::DialogController * pController, const SfxItemSet * rAttrSet)
> 	at C:\lo\src\core\cui\source\options\optgenrl.cxx(341)
> cuilo.dll!CreateGeneralTabPage(unsigned short nId, weld::Container * pPage, weld::DialogController * pController, const SfxItemSet & rSet)
> 	at C:\lo\src\core\cui\source\options\treeopt.cxx(306)
> cuilo.dll!OfaTreeOptionsDialog::SelectHdl_Impl()
> 	at C:\lo\src\core\cui\source\options\treeopt.cxx(929)
> cuilo.dll!OfaTreeOptionsDialog::ActivateLastSelection()
> 	at C:\lo\src\core\cui\source\options\treeopt.cxx(866)
> cuilo.dll!OfaTreeOptionsDialog::OfaTreeOptionsDialog(weld::Window * pParent, const com::sun::star::uno::Reference<com::sun::star::frame::XFrame> & _xFrame, bool bActivateLastSelection)
> 	at C:\lo\src\core\cui\source\options\treeopt.cxx(510)
> cuilo.dll!std::make_unique<OfaTreeOptionsDialog,weld::Window * &,com::sun::star::uno::Reference<com::sun::star::frame::XFrame> const &,bool &,0>(weld::Window * & <_Args_0>, const com::sun::star::uno::Reference<com::sun::star::frame::XFrame> & <_Args_1>, bool & <_Args_2>)
> 	at C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.26.28801\include\memory(2068)
> cuilo.dll!AbstractDialogFactory_Impl::CreateFrameDialog(weld::Window * pParent, const com::sun::star::uno::Reference<com::sun::star::frame::XFrame> & rxFrame, unsigned long nResId, const rtl::OUString & rParameter)
> 	at C:\lo\src\core\cui\source\factory\dlgfact.cxx(1033)
> sfxlo.dll!SfxApplication::OfaExec_Impl(SfxRequest & rReq)
> 	at C:\lo\src\core\sfx2\source\appl\appserv.cxx(1309)
> sfxlo.dll!SfxStubSfxApplicationOfaExec_Impl(SfxShell * pShell, SfxRequest & rReq)
> 	at C:\lo\src\build\workdir\SdiTarget\sfx2\sdi\sfxslots.hxx(1270)
> sfxlo.dll!SfxShell::CallExec(void(*)(SfxShell *, SfxRequest &) pFunc, SfxRequest & rReq)
> 	at C:\lo\src\core\include\sfx2\shell.hxx(197)
> sfxlo.dll!SfxDispatcher::Call_Impl(SfxShell & rShell, const SfxSlot & rSlot, SfxRequest & rReq, bool bRecord)
> 	at C:\lo\src\core\sfx2\source\control\dispatch.cxx(255)
> sfxlo.dll!SfxDispatcher::Execute_(SfxShell & rShell, const SfxSlot & rSlot, SfxRequest & rReq, SfxCallMode eCallMode)
> 	at C:\lo\src\core\sfx2\source\control\dispatch.cxx(752)
> sfxlo.dll!SfxDispatcher::Execute(unsigned short nSlot, SfxCallMode nCall, const SfxItemSet * pArgs, const SfxItemSet * pInternalArgs, unsigned short nModi)
> 	at C:\lo\src\core\sfx2\source\control\dispatch.cxx(811)
> sfxlo.dll!SfxDispatchController_Impl::dispatch(const com::sun::star::util::URL & aURL, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & aArgs, const com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener> & rListener)
> 	at C:\lo\src\core\sfx2\source\control\unoctitm.cxx(777)
> sfxlo.dll!SfxOfficeDispatch::dispatch(const com::sun::star::util::URL & aURL, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & aArgs)
> 	at C:\lo\src\core\sfx2\source\control\unoctitm.cxx(228)
> fwklo.dll!framework::MenuBarManager::Select(Menu * pMenu)
> 	at C:\lo\src\core\framework\source\uielement\menubarmanager.cxx(882)
> fwklo.dll!framework::MenuBarManager::LinkStubSelect(void * instance, Menu * data)
> 	at C:\lo\src\core\framework\source\uielement\menubarmanager.cxx(816)
> vcllo.dll!Link<Menu *,bool>::Call(Menu * data)
> 	at C:\lo\src\core\include\tools\link.hxx(111)
> vcllo.dll!Menu::Select()
> 	at C:\lo\src\core\vcl\source\window\menu.cxx(347)
> vcllo.dll!Menu::ImplCallSelect(void * __formal)
> 	at C:\lo\src\core\vcl\source\window\menu.cxx(2132)
> vcllo.dll!Menu::LinkStubImplCallSelect(void * instance, void * data)
> 	at C:\lo\src\core\vcl\source\window\menu.cxx(2128)
> vcllo.dll!Link<void *,void>::Call(void * data)
> 	at C:\lo\src\core\include\tools\link.hxx(111)
> vcllo.dll!ImplHandleUserEvent(ImplSVEvent * pSVEvent)
> 	at C:\lo\src\core\vcl\source\window\winproc.cxx(2002)
> vcllo.dll!ImplWindowFrameProc(vcl::Window * _pWindow, SalEvent nEvent, const void * pEvent)
> 	at C:\lo\src\core\vcl\source\window\winproc.cxx(2553)
> vcllo.dll!SalFrame::CallCallback(SalEvent nEvent, const void * pEvent)
> 	at C:\lo\src\core\vcl\inc\salframe.hxx(302)
> vclplug_winlo.dll!ImplHandleUserEvent(HWND__ * hWnd, __int64 lParam)
> 	at C:\lo\src\core\vcl\win\window\salframe.cxx(4141)
> vclplug_winlo.dll!SalFrameWndProc(HWND__ * hWnd, unsigned int nMsg, unsigned __int64 wParam, __int64 lParam, bool & rDef)
> 	at C:\lo\src\core\vcl\win\window\salframe.cxx(5787)
> vclplug_winlo.dll!SalFrameWndProcW(HWND__ * hWnd, unsigned int nMsg, unsigned __int64 wParam, __int64 lParam)
> 	at C:\lo\src\core\vcl\win\window\salframe.cxx(5894)
> user32.dll!UserCallWinProcCheckWow()
> user32.dll!DispatchMessageWorker()
> vclplug_winlo.dll!ImplSalDispatchMessage(const tagMSG * pMsg)
> 	at C:\lo\src\core\vcl\win\app\salinst.cxx(425)
> vclplug_winlo.dll!ImplSalYield(bool bWait, bool bHandleAllCurrentEvents)
> 	at C:\lo\src\core\vcl\win\app\salinst.cxx(456)
> vclplug_winlo.dll!WinSalInstance::DoYield(bool bWait, bool bHandleAllCurrentEvents)
> 	at C:\lo\src\core\vcl\win\app\salinst.cxx(527)
> vcllo.dll!ImplYield(bool i_bWait, bool i_bAllEvents)
> 	at C:\lo\src\core\vcl\source\app\svapp.cxx(455)
> vcllo.dll!Application::Yield()
> 	at C:\lo\src\core\vcl\source\app\svapp.cxx(520)
> vcllo.dll!Application::Execute()
> 	at C:\lo\src\core\vcl\source\app\svapp.cxx(434)
> sofficeapp.dll!desktop::Desktop::Main()
> 	at C:\lo\src\core\desktop\source\app\app.cxx(1602)
> vcllo.dll!ImplSVMain()
> 	at C:\lo\src\core\vcl\source\app\svmain.cxx(200)
> vcllo.dll!SVMain()
> 	at C:\lo\src\core\vcl\source\app\svmain.cxx(233)
> sofficeapp.dll!soffice_main()
> 	at C:\lo\src\core\desktop\source\app\sofficemain.cxx(98)
> soffice.bin!sal_main()
> 	at C:\lo\src\core\desktop\source\app\main.c(48)
> soffice.bin!main(int argc, char * * argv)
> 	at C:\lo\src\core\desktop\source\app\main.c(47)
> soffice.bin!invoke_main()
> 	at d:\A01\_work\6\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl(79)
> soffice.bin!__scrt_common_main_seh()
> 	at d:\A01\_work\6\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl(288)
> soffice.bin!__scrt_common_main()
> 	at d:\A01\_work\6\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl(331)
> soffice.bin!mainCRTStartup()
> 	at d:\A01\_work\6\s\src\vctools\crt\vcstartup\src\startup\exe_main.cpp(17)
> kernel32.dll!BaseThreadInitThunk()
> ntdll.dll!RtlUserThreadStart()

Suspecting https://git.libreoffice.org/core/+/d400009e7c74d13f01fda923d7399eac11b83b66
Comment 1 m_a_riosv 2020-06-14 21:35:42 UTC 
No reproducible
Version: 7.1.0.0.alpha0+ (x64)
Build ID: a201ab6f47c2d5a7ba4c5f998b0aa231cae82010
CPU threads: 4; OS: Windows 10.0 Build 19608; UI render: Skia/Raster; VCL: win
Locale: es-ES (es_ES); UI: en-US Calc: CL
Comment 2 Thorsten Behrens (allotropia) 2020-06-15 09:37:08 UTC 
What's suspicious is that it's a generic iterator function to enumerate keys, that is crashing - below some debug_add function.

From the backtrace, that's w32-io.c:1687's TRACE_ADD1 going pear-shaped. Sadly I cannot trigger the problem, so as a quick-fix, I'd probably just patch this out? Or can you see Mike, what exactly is amiss there?
Comment 4 Commit Notification 2020-06-15 13:31:12 UTC 
Mike Kaganski committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/eff3a0e80bb027bf2d5809639a469cbee110089d

tdf#133987: initialize dbg_help to avoid dereferencing stack garbage

It will be available in 7.1.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.