Bug 141405 - LO crashes when adding control in dialog editor
Summary: LO crashes when adding control in dialog editor
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: UI (show other bugs)
Version:
(earliest affected)
7.2.0.0.alpha0+
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard: target:7.2.0
Keywords: bibisected, bisected, regression
Depends on:
Blocks:
 
Reported: 2021-03-31 17:36 UTC by John
Modified: 2021-04-01 21:29 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John 2021-03-31 17:36:45 UTC 
To clarify this is different from 104011 which was a crash about a differently-named attribute in one particular control. That bug exists in 7.1.2.1 and other controls work fine.

This is about the current master branch (8da9f85abc508140b90e4f5be587aa05d4f1e5f4) crashing in a different place (on an empty UNO reference) for any control.

I'm setting hardware and OS specifically to what I tested with, but I would be surprised if it was only this combination. I was testing with Calc, but it should exist in other apps. 

To reproduce:

In a new document in Calc:
1) Tools->Macros->Organize Dialogs
2) Highlight Untitled 1 (Do not expand its tree, that will mess you up, but presumably a different bug)
3) Click New
4) Name it anything you like, I tend to go with the default Dialog1. Hit OK
5) You'll notice Edit is grayed out. Highlight a different entry and come back to Dialog1 get an active Edit button. This is presumably an unrelated low-priority bug
6) Click Edit
7) Click on a control icon on the bottom other than "Form Combo Box" (which would complicate matters). I was using mostly the List Box.
8) Click or click & drag in the dialog editor.
10) LO should crash

It's worth noting some concerning error message come before the crash, and could be related.

warn:legacy.osl:1838091:1838091:svx/source/svdraw/svdouno.cxx:461: SdrUnoObj::GetUnoControl: This object is not displayed in that particular view!
warn:legacy.osl:1838091:1838091:svx/source/svdraw/svdmodel.cxx:1646: SdrModel::createUnoModel() - base implementation should not be called!

Then the crash happens here:

soffice.bin: /home/john/code/lo/core/include/com/sun/star/uno/Reference.h:385: interface_type* com::sun::star::uno::Refere
nce< <template-parameter-1-1> >::operator->() const [with interface_type = com::sun::star::lang::XServiceInfo]: Assertion 
`_pInterface != NULL' failed.
--Type <RET> for more, q to quit, c to continue without paging--q  
Quit
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7ae3859 in __GI_abort () at abort.c:79
#2  0x00007ffff7ae3729 in __assert_fail_base
    (fmt=0x7ffff7c79588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x7ffff417ed3d "_pInterface != NULL", file=0x7ffff417ed00 "/home/john/code/lo/core/include/com/sun/star/uno/Reference.h", line=385, function=<optimized out>)
    at assert.c:92
#3  0x00007ffff7af4f36 in __GI___assert_fail
    (assertion=0x7ffff417ed3d "_pInterface != NULL", file=0x7ffff417ed00 "/home/john/code/lo/core/include/com/sun/star/uno/Reference.h", line=385, function=0x7ffff417ec60 "interface_type* com::sun::star::uno::Reference< <template-parameter-1-1> >::operator->() const [with interface_type = com::sun::star::lang::XServiceInfo]") at assert.c:101
#4  0x00007ffff3b99d77 in com::sun::star::uno::Reference<com::sun::star::lang::XServiceInfo>::operator->() const
    (this=0x7fffffff15c0) at /home/john/code/lo/core/include/com/sun/star/uno/Reference.h:385
#5  0x00007ffff3b98af3 in SdrEditView::InsertObjectAtView(SdrObject*, SdrPageView&, SdrInsertFlags) (this=
    0x55555898e350, pObj=0x55555849ebf0, rPV=..., nOptions=SdrInsertFlags::NONE)
    at /home/john/code/lo/core/svx/source/svdraw/svdedtv.cxx:1008
#6  0x00007ffff3b738c0 in SdrCreateView::EndCreateObj(SdrCreateCmd) (this=0x55555898e350, eCmd=SdrCreateCmd::ForceEnd)
    at /home/john/code/lo/core/svx/source/svdraw/svdcrtv.cxx:666
#7  0x00007fffda69f641 in basctl::DlgEdFuncInsert::MouseButtonUp(MouseEvent const&) (this=0x5555587c1f00, rMEvt=...)
    at /home/john/code/lo/core/basctl/source/dlged/dlgedfunc.cxx:388
#8  0x00007fffda690228 in basctl::DlgEditor::MouseButtonUp(MouseEvent const&) (this=0x555558788050, rMEvt=...)
    at /home/john/code/lo/core/basctl/source/dlged/dlged.cxx:453
#9  0x00007fffda5e52b4 in basctl::DialogWindow::MouseButtonUp(MouseEvent const&) (this=0x55555838a9c0, rMEvt=...)
    at /home/john/code/lo/core/basctl/source/basicide/baside3.cxx:142
#10 0x00007ffff1304f30 in ImplHandleMouseEvent(VclPtr<vcl::Window> const&, MouseNotifyEvent, bool, long, long, unsigned long, unsigned short, MouseEventModifiers)
    (xWindow=..., nSVEvent=MouseNotifyEvent::MOUSEBUTTONUP, bMouseLeave=false, nX=1280, nY=527, nMsgTime=767181245, nCode=1, nMode=(MouseEventModifiers::SIMPLECLICK | MouseEventModifiers::SELECT))
    at /home/john/code/lo/core/vcl/source/window/winproc.cxx:702   
#11 0x00007ffff130a612 in ImplHandleSalMouseButtonUp(vcl::Window*, SalMouseEvent const*)
    (pWindow=0x55555851cd20, pEvent=0x7fffffff1f30) at /home/john/code/lo/core/vcl/source/window/winproc.cxx:2057
#12 0x00007ffff130b8b5 in ImplWindowFrameProc(vcl::Window*, SalEvent, void const*)
    at /home/john/code/lo/core/vcl/source/window/winproc.cxx:2412
#13 0x00007fffe7a8a6fc in SalFrame::CallCallback(SalEvent, void const*) const (this=
    0x5555583f51c0, nEvent=SalEvent::MouseButtonUp, pEvent=0x7fffffff1f30)
    at /home/john/code/lo/core/vcl/inc/salframe.hxx:306
#14 0x00007fffe7a89dba in GtkSalFrame::CallCallbackExc(SalEvent, void const*) const
    (this=0x5555583f51c0, nEvent=SalEvent::MouseButtonUp, pEvent=0x7fffffff1f30)
    at /home/john/code/lo/core/vcl/unx/gtk3/gtk3gtkframe.cxx:4690
#15 0x00007fffe7a8342b in GtkSalFrame::signalButton(_GtkWidget*, _GdkEventButton*, void*)
    (pEvent=0x555558497b60, frame=0x5555583f51c0) at /home/john/code/lo/core/vcl/unx/gtk3/gtk3gtkframe.cxx:2684
#16 0x00007fffe74794fb in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#17 0x00007fffebd0e802 in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#18 0x00007fffebd22814 in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#19 0x00007fffebd2d47d in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#20 0x00007fffebd2e0f3 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#21 0x00007fffe7423c23 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#22 0x00007fffe72df128 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#23 0x00007fffe72e13db in gtk_main_do_event () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#24 0x00007fffe6fc9f79 in  () at /lib/x86_64-linux-gnu/libgdk-3.so.0
#25 0x00007fffe6ffd106 in  () at /lib/x86_64-linux-gnu/libgdk-3.so.0
#26 0x00007fffebc2317d in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#27 0x00007fffebc23400 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#28 0x00007fffebc234a3 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#29 0x00007fffe79ba9e5 in GtkSalData::Yield(bool, bool) (this=0x555555684190, bWait=true, bHandleAllCurrentEvents=false)
    at /home/john/code/lo/core/vcl/unx/gtk3/gtk3gtkdata.cxx:389
#30 0x00007fffe79be4e6 in GtkInstance::DoYield(bool, bool) (this=
    0x555555684040, bWait=true, bHandleAllCurrentEvents=false)
#31 0x00007ffff188a4e6 in ImplYield(bool, bool) (i_bWait=true, i_bAllEvents=false)
    at /home/john/code/lo/core/vcl/source/app/svapp.cxx:465
#32 0x00007ffff188acef in Application::Yield() () at /home/john/code/lo/core/vcl/source/app/svapp.cxx:532
#33 0x00007ffff188a1e3 in Application::Execute() () at /home/john/code/lo/core/vcl/source/app/svapp.cxx:444
#34 0x00007ffff7d3195f in desktop::Desktop::Main() (this=0x7fffffff2db0) at /home/john/code/lo/core/desktop/source/app/app.cxx:1586
#35 0x00007ffff189d78a in ImplSVMain() () at /home/john/code/lo/core/vcl/source/app/svmain.cxx:197
#36 0x00007ffff189d8b7 in SVMain() () at /home/john/code/lo/core/vcl/source/app/svmain.cxx:229
#37 0x00007ffff7d896d1 in soffice_main() () at /home/john/code/lo/core/desktop/source/app/sofficemain.cxx:98
#38 0x00005555555548c0 in sal_main () at /home/john/code/lo/core/desktop/source/app/main.c:49
#39 0x00005555555548a2 in main (argc=4, argv=0x7fffffff3118) at /home/john/code/lo/core/desktop/source/app/main.c:47
Comment 1 Xisco Faulí 2021-03-31 18:24:24 UTC 
Regression introduced by:

https://git.libreoffice.org/core/+/50b731c84cb17d7f05a690d90588e90ee267d1c2%5E!

commit 50b731c84cb17d7f05a690d90588e90ee267d1c2	[log]
author	Jim Raykowski <raykowj@gmail.com>	Thu Nov 12 13:18:16 2020 -0900
committer	Noel Grandin <noel.grandin@collabora.co.uk>	Thu Mar 25 20:28:30 2021 +0100
tree 588cf6a410afb89e0827ed4f6658693693bd1ef4
parent 042dbf83122b14fd1dd32705c8f8b7d65c22f21b [diff]

tdf#34828 Give draw object a name when made
 
Bisected with: bibisect-linux64-7.2

Adding Cc: to Jim Raykowski
Comment 2 Commit Notification 2021-04-01 06:05:34 UTC 
Jim Raykowski committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/3b92b0c7a6d6832917fbc5073c3299a1ffe861da

tdf#141405 fix null reference use crash

It will be available in 7.2.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.
Comment 3 John 2021-04-01 16:05:57 UTC 
Works for me now. Thanks, Mr. Raykowski. That was quick!
Comment 4 Jim Raykowski 2021-04-01 21:29:25 UTC 
(In reply to John from comment #3)
> Works for me now. Thanks, Mr. Raykowski. That was quick!

Your welcome John. Thanks for your detailed bug report.

While looking at this I noticed ctrl+click on the icons inserts the object in the dialog without automatically naming it. Perhaps this is something you would like to see changed. If so, please create a request and add me to the cc list.