33099 – RC3 / Ubuntu 10.10 help crasher

Bug 33099 - RC3 / Ubuntu 10.10 help crasher

Summary: RC3 / Ubuntu 10.10 help crasher

Status:	RESOLVED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Localization (show other bugs)
Version: (earliest affected)	unspecified
Hardware:	x86 (IA32) Linux (All)

Importance:	medium critical
Assignee:	Not Assigned

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	31865
	Show dependency tree / graph

Reported:	2011-01-14 02:57 UTC by Michael Meeks
Modified:	2011-01-14 06:28 UTC (History)
CC List:	1 user (show)

See Also:
Crash report or crash signature:

Attachments
Strace log (135.05 KB, application/x-gzip) 2011-01-14 03:47 UTC, Alexander O. Anisimov	Details
ls -Rl /opt/libreoffice > /tmp/list (54.86 KB, application/x-gzip) 2011-01-14 03:49 UTC, Alexander O. Anisimov	Details
simple lifecycle crasher fix. (851 bytes, patch) 2011-01-14 05:58 UTC, Michael Meeks	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Meeks 2011-01-14 02:57:29 UTC

Help->LibreOffice Help - crashes (alenyashka reports on IRC).

<Decorian> If it's relevant, I'm running Kubuntu 10.10, with Libreoffice "Ubuntu package 1:3.3.0~rc2-3maverick1" from the ppa and when clicking help it opens the web page of help.

Help package is not installed.

<alenyashka> ... i install all debs which was in tar.gz

Initial stack trace is:


Program received signal SIGSEGV, Segmentation fault.
0x05110b67 in ?? () from /opt/libreoffice/program/../basis-link/program/libucpchelp1.so

Comment 1 Michael Meeks 2011-01-14 03:04:20 UTC

To get more data; we really need:

a) a full stack trace; ie. repeat the gdb process:

gdb ./soffice.bin
run
... then make it crash ... then type:
thread apply all backtrace

and paste that into pastebin for us ? :-)

b) run it under strace:

strace -f -o /tmp/slog ./soffice
... make it crash ...
gzip /tmp/slog

and attach /tmp/slog.gz to the bug report - both would be wonderful - thanks !

Comment 2 Michael Meeks 2011-01-14 03:14:07 UTC

must be something odd; removing my basis3.3/help directory and running (even under valgrind) shows no corruption problems, or potential crashers, and launches the browser perfectly.

Comment 3 Michael Meeks 2011-01-14 03:41:20 UTC

A fuller trace reads:

Thread 1 (Thread 0xb728cb50 (LWP 4452)):
#
#0  0x036c9b67 in ?? () from /opt/libreoffice/program/../basis-link/program/libucpchelp1.so
#
#1  0x036ac3ee in ?? () from /opt/libreoffice/program/../basis-link/program/libucpchelp1.so
#
#2  0x036aca8b in ?? () from /opt/libreoffice/program/../basis-link/program/libucpchelp1.so
#
#3  0x014a0159 in ?? () from /opt/libreoffice/program/../basis-link/program/libucbhelper4gcc3.so
#
#4  0x014a1a27 in ucbhelper::Content::getPropertyValuesInterface(com::sun::star::uno::Sequence<rtl::OUString> const&) ()
#
   from /opt/libreoffice/program/../basis-link/program/libucbhelper4gcc3.so
#
#5  0x014a2ef0 in ucbhelper::Content::getPropertyValues(com::sun::star::uno::Sequence<rtl::OUString> const&) ()
#
   from /opt/libreoffice/program/../basis-link/program/libucbhelper4gcc3.so
#
#6  0x00ab2f31 in ?? () from /opt/libreoffice/program/../basis-link/program/libsfxli.so
#
#7  0x00ab3be3 in ?? () from /opt/libreoffice/program/../basis-link/program/libsfxli.so
#
#8  0x0169f811 in ?? () from /opt/libreoffice/program/../basis-link/program/libvclli.so
#
#9  0x016ad309 in Timer::Timeout() () from /opt/libreoffice/program/../basis-link/program/libvclli.so
#
#10 0x016ad44f in Timer::ImplTimerCallbackProc() () from /opt/libreoffice/program/../basis-link/program/libvclli.so
#
#11 0x025aad6c in ?? () from /opt/libreoffice/basis3.3/program/libvclplug_genli.so
#
#12 0x022a1347 in ?? () from /opt/libreoffice/basis3.3/program/libvclplug_gtkli.so
#
#13 0x02480fcc in ?? () from /lib/libglib-2.0.so.0
#
#14 0x02480855 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#
#15 0x02484668 in ?? () from /lib/libglib-2.0.so.0
#
#16 0x02484848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#
#17 0x022a0f8e in ?? () from /opt/libreoffice/basis3.3/program/libvclplug_gtkli.so
#
#18 0x025a9563 in X11SalInstance::Yield(bool, bool) () from /opt/libreoffice/basis3.3/program/libvclplug_genli.so
#
#19 0x016a9c90 in ?? () from /opt/libreoffice/program/../basis-link/program/libvclli.so
#
#20 0x016a6bd6 in Application::Yield(bool) () from /opt/libreoffice/program/../basis-link/program/libvclli.so
#
#21 0x016a8b37 in Application::Execute() () from /opt/libreoffice/program/../basis-link/program/libvclli.so
#
#22 0x002fec99 in ?? () from /opt/libreoffice/program/../basis-link/program/libsofficeapp.so
#
#23 0x016acd8d in ?? () from /opt/libreoffice/program/../basis-link/program/libvclli.so
#
#24 0x016ace9b in SVMain() () from /opt/libreoffice/program/../basis-link/program/libvclli.so
#
#25 0x0031daea in soffice_main () from /opt/libreoffice/program/../basis-link/program/libsofficeapp.so
#
#26 0x08048cb4 in main ()
#
(gdb)

Comment 4 Michael Meeks 2011-01-14 03:46:35 UTC

the last lines of the strace before the crash are:

5280  lstat64("/opt/libreoffice/program/../share/extensions/NLPSolver/help/en", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
5280  getdents64(52, /* 0 entries */, 32768) = 0
5280  close(52)                         = 0
5280  access("/opt/libreoffice/program/../share/extensions/NLPSolver/help/en", F_OK) = 0
5280  lstat64("/opt/libreoffice/program/../share/extensions/NLPSolver/help/en", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
5280  access("/opt/libreoffice/program/../basis-link/program/fundamentalbasisrc", F_OK) = 0
5280  access("/opt/libreoffice/program/sofficerc", F_OK) = 0
5280  access("/opt/libreoffice/program/sofficerc", F_OK) = 0
5280  open("/opt/libreoffice/program/../basis-link/program/fundamentalbasisrc", O_RDONLY|O_LARGEFILE) = 52
5280  fstat64(52, {st_mode=S_IFREG|0444, st_size=1352, ...}) = 0
5280  pread64(52, "[Bootstrap]\nBUNDLED_EXTENSIONS=$"..., 4096, 0) = 1352
5280  close(52)                         = 0
5280  access("/opt/libreoffice/program/../basis-link/program/unorc", F_OK) = 0
5280  access("/opt/libreoffice/program/../program/bootstraprc", F_OK) = 0
5280  access("/opt/libreoffice/program/sofficerc", F_OK) = 0
5280  access("/opt/libreoffice/program/sofficerc", F_OK) = 0
5280  open("/opt/libreoffice/program/../program/bootstraprc", O_RDONLY|O_LARGEFILE) = 52
5280  fstat64(52, {st_mode=S_IFREG|0444, st_size=197, ...}) = 0
5280  pread64(52, "[Bootstrap]\nBaseInstallation=${O"..., 4096, 0) = 197
5280  close(52)                         = 0
5280  getuid32()                        = 1000
5280  open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 52
5280  _llseek(52, 0, [0], SEEK_CUR)     = 0
5280  fstat64(52, {st_mode=S_IFREG|0644, st_size=2055, ...}) = 0
5280  mmap2(NULL, 2055, PROT_READ, MAP_SHARED, 52, 0) = 0xb4f41000
5280  _llseek(52, 2055, [2055], SEEK_SET) = 0
5280  munmap(0xb4f41000, 2055)          = 0
5280  close(52)                         = 0
5280  getuid32()                        = 1000
5280  access("/home/alexanis", F_OK)    = 0
5280  open("/proc/stat", O_RDONLY|O_CLOEXEC) = 52
5280  read(52, "cpu  176890 442 96330 2222630 68"..., 8192) = 1382
5280  close(52)                         = 0
5280  access("/home/alexanis/.libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/mpc359_/en/help.key_", F_OK) = 0
5280  lstat64("/home/alexanis/.libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/mpc359_/en/help.key_", {st_mode=S_IFREG|0644, st_size=236, ...}) = 0
5280  access("/home/alexanis/.libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/mpc359_/en/help.key_", F_OK) = 0
5280  lstat64("/home/alexanis/.libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/mpc359_/en/help.key_", {st_mode=S_IFREG|0644, st_size=236, ...}) = 0
5280  open("/home/alexanis/.libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/mpc359_/en/help.key_", O_RDONLY|O_LARGEFILE) = 52
5280  fstat64(52, {st_mode=S_IFREG|0644, st_size=236, ...}) = 0
5280  close(52)                         = 0
5280  access("/home/alexanis/.libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/mpc359_/en/help.key_", F_OK) = 0
5280  lstat64("/home/alexanis/.libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/mpc359_/en/help.key_", {st_mode=S_IFREG|0644, st_size=236, ...}) = 0
5280  access("/home/alexanis/.libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/mpc359_/en/help.key_", F_OK) = 0
5280  lstat64("/home/alexanis/.libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/mpc359_/en/help.key_", {st_mode=S_IFREG|0644, st_size=236, ...}) = 0
5280  open("/home/alexanis/.libreoffice/3/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/mpc359_/en/help.key_", O_RDONLY|O_LARGEFILE) = 52
5280  fstat64(52, {st_mode=S_IFREG|0644, st_size=236, ...}) = 0
5280  pread64(52, "25 Solver for Nonlinear Problems"..., 4096, 0) = 236
5280  close(52)                         = 0
5280  --- SIGSEGV (Segmentation fault) @ 0 (0) ---

interesting :-)

Comment 5 Alexander O. Anisimov 2011-01-14 03:47:21 UTC

Created attachment 42014 [details]
Strace log

Comment 6 Alexander O. Anisimov 2011-01-14 03:49:22 UTC

Created attachment 42016 [details]
ls -Rl /opt/libreoffice > /tmp/list

Comment 7 Alexander O. Anisimov 2011-01-14 03:50:47 UTC

my ~/.libreoffice dir
http://alexanis.dyndns.org/files/dot-libreoffice.tgz

Comment 8 Michael Meeks 2011-01-14 04:07:45 UTC

interestingly the ls output shows english and russian help packs installed, and the strace shows the app is run in Russian (apparently).

Comment 9 Michael Meeks 2011-01-14 05:29:20 UTC

With alex's home directory, it works fine for me, but under valgrind I get:

==29551== Invalid read of size 1
==29551==    at 0x129F79EB: chelp::DbtToStringConverter::getTitle() (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129FA766: chelp::KeywordInfo::KeywordElement::init(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129FA91F: chelp::KeywordInfo::KeywordElement::KeywordElement(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString&, rtl::OUString&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x12A007C7: chelp::Databases::getKeyword(rtl::OUString const&, rtl::OUString const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129E7470: chelp::Content::getPropertyValues(com::sun::star::uno::Sequence<com::sun::star::beans::Property> const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129E7CD2: chelp::Content::execute(com::sun::star::ucb::Command const&, long, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment> const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x5407272: ucbhelper::Content_Impl::executeCommand(com::sun::star::ucb::Command const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==29551==    by 0x5409617: ucbhelper::Content::getPropertyValuesInterface(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==29551==    by 0x54096A1: ucbhelper::Content::getPropertyValues(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==29551==    by 0x4A1C6C6: IndexTabPage_Impl::InitializeIndex() (in /data/opt/TTInstall/basis3.3/program/libsfxli.so)
==29551==    by 0x4A1D5C0: IndexTabPage_Impl::TimeoutHdl(Timer*) (in /data/opt/TTInstall/basis3.3/program/libsfxli.so)
==29551==    by 0x5603C14: Link::Call(void*) const (in /data/opt/TTInstall/basis3.3/program/libvclli.so)
==29551==  Address 0xc32aa20 is 0 bytes inside a block of size 98 free'd
==29551==    at 0x4027D80: free (vg_replace_malloc.c:366)
==29551==    by 0x406620C: rtl_freeMemory (in /data/opt/TTInstall/ure/lib/libuno_sal.so.3)
==29551==    by 0x8048F3C: operator delete[](void*) (in /data/opt/TTInstall/program/soffice.bin)
==29551==    by 0x129F7824: berkeleydbproxy::DBData::~DBData() (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129FA69B: chelp::KeywordInfo::KeywordElement::init(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129FA91F: chelp::KeywordInfo::KeywordElement::KeywordElement(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString&, rtl::OUString&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x12A007C7: chelp::Databases::getKeyword(rtl::OUString const&, rtl::OUString const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129E7470: chelp::Content::getPropertyValues(com::sun::star::uno::Sequence<com::sun::star::beans::Property> const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129E7CD2: chelp::Content::execute(com::sun::star::ucb::Command const&, long, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment> const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x5407272: ucbhelper::Content_Impl::executeCommand(com::sun::star::ucb::Command const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==29551==    by 0x5409617: ucbhelper::Content::getPropertyValuesInterface(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==29551==    by 0x54096A1: ucbhelper::Content::getPropertyValues(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)


and

==29551== Invalid read of size 1
==29551==    at 0x405A92B: rtl_string2UString_status (in /data/opt/TTInstall/ure/lib/libuno_sal.so.3)
==29551==    by 0x129E579D: rtl::OUString::OUString(char const*, long, unsigned short, unsigned long) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129F7A12: chelp::DbtToStringConverter::getTitle() (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129FA766: chelp::KeywordInfo::KeywordElement::init(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129FA91F: chelp::KeywordInfo::KeywordElement::KeywordElement(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString&, rtl::OUString&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x12A007C7: chelp::Databases::getKeyword(rtl::OUString const&, rtl::OUString const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129E7470: chelp::Content::getPropertyValues(com::sun::star::uno::Sequence<com::sun::star::beans::Property> const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129E7CD2: chelp::Content::execute(com::sun::star::ucb::Command const&, long, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment> const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x5407272: ucbhelper::Content_Impl::executeCommand(com::sun::star::ucb::Command const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==29551==    by 0x5409617: ucbhelper::Content::getPropertyValuesInterface(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==29551==    by 0x54096A1: ucbhelper::Content::getPropertyValues(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==29551==    by 0x4A1C6C6: IndexTabPage_Impl::InitializeIndex() (in /data/opt/TTInstall/basis3.3/program/libsfxli.so)
==29551==  Address 0xc32aa56 is 54 bytes inside a block of size 98 free'd
==29551==    at 0x4027D80: free (vg_replace_malloc.c:366)
==29551==    by 0x406620C: rtl_freeMemory (in /data/opt/TTInstall/ure/lib/libuno_sal.so.3)
==29551==    by 0x8048F3C: operator delete[](void*) (in /data/opt/TTInstall/program/soffice.bin)
==29551==    by 0x129F7824: berkeleydbproxy::DBData::~DBData() (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129FA69B: chelp::KeywordInfo::KeywordElement::init(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129FA91F: chelp::KeywordInfo::KeywordElement::KeywordElement(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString&, rtl::OUString&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x12A007C7: chelp::Databases::getKeyword(rtl::OUString const&, rtl::OUString const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129E7470: chelp::Content::getPropertyValues(com::sun::star::uno::Sequence<com::sun::star::beans::Property> const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x129E7CD2: chelp::Content::execute(com::sun::star::ucb::Command const&, long, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment> const&) (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==29551==    by 0x5407272: ucbhelper::Content_Impl::executeCommand(com::sun::star::ucb::Command const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==29551==    by 0x5409617: ucbhelper::Content::getPropertyValuesInterface(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==29551==    by 0x54096A1: ucbhelper::Content::getPropertyValues(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)

will re-build with more debuginfo in xmlhelp/

Comment 10 Michael Meeks 2011-01-14 05:33:54 UTC

with more line numbering:

==30378== Invalid read of size 1
==30378==    at 0x12DFDCE6: chelp::DbtToStringConverter::getTitle() (urlparameter.hxx:103)
==30378==    by 0x12E035E0: chelp::KeywordInfo::KeywordElement::init(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString const&) (databases.cxx:861)
==30378==    by 0x12E03118: chelp::KeywordInfo::KeywordElement::KeywordElement(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString&, rtl::OUString&) (databases.cxx:793)
==30378==    by 0x12E03FA8: chelp::Databases::getKeyword(rtl::OUString const&, rtl::OUString const&) (databases.cxx:998)
==30378==    by 0x12DE5171: chelp::Content::getPropertyValues(com::sun::star::uno::Sequence<com::sun::star::beans::Property> const&) (content.cxx:504)
==30378==    by 0x12DE4088: chelp::Content::execute(com::sun::star::ucb::Command const&, long, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment> const&) (content.cxx:325)
==30378==    by 0x5407272: ucbhelper::Content_Impl::executeCommand(com::sun::star::ucb::Command const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==30378==    by 0x5409617: ucbhelper::Content::getPropertyValuesInterface(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==30378==    by 0x54096A1: ucbhelper::Content::getPropertyValues(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==30378==    by 0x4A1C6C6: IndexTabPage_Impl::InitializeIndex() (in /data/opt/TTInstall/basis3.3/program/libsfxli.so)
==30378==    by 0x4A1D5C0: IndexTabPage_Impl::TimeoutHdl(Timer*) (in /data/opt/TTInstall/basis3.3/program/libsfxli.so)
==30378==    by 0x5603C14: Link::Call(void*) const (in /data/opt/TTInstall/basis3.3/program/libvclli.so)
==30378==  Address 0x6fc63c0 is 0 bytes inside a block of size 98 free'd
==30378==    at 0x4027D80: free (vg_replace_malloc.c:366)
==30378==    by 0x406620C: rtl_freeMemory (in /data/opt/TTInstall/ure/lib/libuno_sal.so.3)
==30378==    by 0x8048F3C: operator delete[](void*) (in /data/opt/TTInstall/program/soffice.bin)
==30378==    by 0x12DFD9F5: berkeleydbproxy::DBData::~DBData() (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==30378==    by 0x12E034FC: chelp::KeywordInfo::KeywordElement::init(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString const&) (databases.cxx:840)
==30378==    by 0x12E03118: chelp::KeywordInfo::KeywordElement::KeywordElement(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString&, rtl::OUString&) (databases.cxx:793)
==30378==    by 0x12E03FA8: chelp::Databases::getKeyword(rtl::OUString const&, rtl::OUString const&) (databases.cxx:998)
==30378==    by 0x12DE5171: chelp::Content::getPropertyValues(com::sun::star::uno::Sequence<com::sun::star::beans::Property> const&) (content.cxx:504)
==30378==    by 0x12DE4088: chelp::Content::execute(com::sun::star::ucb::Command const&, long, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment> const&) (content.cxx:3

and:

==30378== Invalid read of size 1
==30378==    at 0x405A9CC: rtl_string2UString_status (in /data/opt/TTInstall/ure/lib/libuno_sal.so.3)
==30378==    by 0x12DE0CD6: rtl::OUString::OUString(char const*, long, unsigned short, unsigned long) (ustring.hxx:186)
==30378==    by 0x12DFDD77: chelp::DbtToStringConverter::getTitle() (urlparameter.hxx:106)
==30378==    by 0x12E035E0: chelp::KeywordInfo::KeywordElement::init(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString const&) (databases.cxx:861)
==30378==    by 0x12E03118: chelp::KeywordInfo::KeywordElement::KeywordElement(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString&, rtl::OUString&) (databases.cxx:793)
==30378==    by 0x12E03FA8: chelp::Databases::getKeyword(rtl::OUString const&, rtl::OUString const&) (databases.cxx:998)
==30378==    by 0x12DE5171: chelp::Content::getPropertyValues(com::sun::star::uno::Sequence<com::sun::star::beans::Property> const&) (content.cxx:504)
==30378==    by 0x12DE4088: chelp::Content::execute(com::sun::star::ucb::Command const&, long, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment> const&) (content.cxx:325)
==30378==    by 0x5407272: ucbhelper::Content_Impl::executeCommand(com::sun::star::ucb::Command const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==30378==    by 0x5409617: ucbhelper::Content::getPropertyValuesInterface(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==30378==    by 0x54096A1: ucbhelper::Content::getPropertyValues(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==30378==    by 0x4A1C6C6: IndexTabPage_Impl::InitializeIndex() (in /data/opt/TTInstall/basis3.3/program/libsfxli.so)
==30378==  Address 0x6fc63f6 is 54 bytes inside a block of size 98 free'd
==30378==    at 0x4027D80: free (vg_replace_malloc.c:366)
==30378==    by 0x406620C: rtl_freeMemory (in /data/opt/TTInstall/ure/lib/libuno_sal.so.3)
==30378==    by 0x8048F3C: operator delete[](void*) (in /data/opt/TTInstall/program/soffice.bin)
==30378==    by 0x12DFD9F5: berkeleydbproxy::DBData::~DBData() (in /data/opt/TTInstall/basis3.3/program/libucpchelp1.so)
==30378==    by 0x12E034FC: chelp::KeywordInfo::KeywordElement::init(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString const&) (databases.cxx:840)
==30378==    by 0x12E03118: chelp::KeywordInfo::KeywordElement::KeywordElement(chelp::Databases*, berkeleydbproxy::Db*, rtl::OUString&, rtl::OUString&) (databases.cxx:793)
==30378==    by 0x12E03FA8: chelp::Databases::getKeyword(rtl::OUString const&, rtl::OUString const&) (databases.cxx:998)
==30378==    by 0x12DE5171: chelp::Content::getPropertyValues(com::sun::star::uno::Sequence<com::sun::star::beans::Property> const&) (content.cxx:504)
==30378==    by 0x12DE4088: chelp::Content::execute(com::sun::star::ucb::Command const&, long, com::sun::star::uno::Reference<com::sun::star::ucb::XCommandEnvironment> const&) (content.cxx:325)
==30378==    by 0x5407272: ucbhelper::Content_Impl::executeCommand(com::sun::star::ucb::Command const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==30378==    by 0x5409617: ucbhelper::Content::getPropertyValuesInterface(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==30378==    by 0x54096A1: ucbhelper::Content::getPropertyValues(com::sun::star::uno::Sequence<rtl::OUString> const&) (in /data/opt/TTInstall/basis3.3/program/libucbhelper4gcc3.so)
==30378==

Comment 11 Michael Meeks 2011-01-14 05:58:52 UTC

Created attachment 42032 [details]
simple lifecycle crasher fix.

Well - deleting the data, and then holding a pointer to it outside the scope it is deleted in is not so clever. Apparently, we've always done that - and only just now we found it was not a good idea.

Crash happens with help packs installed.

Valgrind log after the patch is clean.

Comment 12 Fridrich Strba 2011-01-14 06:06:08 UTC

You have my blessing, son, take the portion of your inheritance and go to take care of pigs :)

Comment 13 Fridrich Strba 2011-01-14 06:06:36 UTC

For those that don't understand that, I agree with this fix

Comment 14 Michael Meeks 2011-01-14 06:28:22 UTC

fixed and merged to libreoffice-3-3-0 - it will be in the final release.

It turned out to be a rather old bug, inherited from the OO.o code that (apparently) people havn't tripped over before.

Thanks so much for the report !