Created attachment 48220 [details] Cursor in text field - LibreObbice breaks after pressing Enter key. In a new document choose: Insert-> Indexes and Tables -> Indexes and Tables -> Bibliography -> Entries Put the cursor into one of text fields and press Enter key. LibreOffice breaks after that. Please see attached image. Best regards
Reproduced with LO 3.4.1 (OOO340m1 (Build:101)) Ubuntu 10.04.2 x86 Linux 2.6.32-32-generic Russian UI
NOT Reproducible with "LibreOffice 3.4.1 - WIN7 Home Premium (64bit) German UI [OOO340m1 (Build:103)]", also works fine with Master. So Linux specific? CONFIRMED due to Comment 1 @Cédric: Please feel free to reassign if it’s not your area!
Since all new unconfirmed bugs start in state UNCONFIRMED now and old unconfirmed bugs were moved to NEEDINFO with a explanatory comment, all bugs promoted above those bug states to NEW and later are automatically confirmed making the CONFIRMED whiteboard status redundant. Thus it will be removed.
Can confirm it crashes on Master (3.6; January ~02, 2011), Linux, x86-64.
(An addition that I was to make) I've set the status NEEDINFO to NEW again, as I've reproduced the bug, also: I'm changing the title now, so that it mentions the word "crash."
Wonderful - if you can reproduce this on Linux; that is great. Can you install some debuginfo packages for your distribution; then when libreoffice is running attach to it: pidof soffice.bin gdb attach <number from the pidof command above> ;-) continue ... make it crash; and then paste the result of: thread apply all backtrace from gdb to here. That should make it much easier to fix, unless this is a memory corruption: in which case reproducing under valgrind would be great. To re-iterate doing the above without a matching debuginfo package installed is much much less useful :-) Thanks !
Created attachment 55411 [details] Longer log output by GDB Thanks for the verbose instructions. To reproduce, I used LibreOffice 3.4.4, because I didn't want to burden myself with building an own debug buid first. This's GDB's output: ... (gdb) continue Continuing. [New Thread 0x7f35fd26f700 (LWP 1856)] Program received signal SIGSEGV, Segmentation fault. 0x00007f360c3c0e23 in typeinfo name for ScrollbarValue () from /usr/lib/libreoffice/program/../basis-link/program/libvcllx.so (gdb) q A debugging session is active. Inferior 1 [process 1729] will be detached. Quit anyway? (y or n) y Detaching from program: /usr/lib/libreoffice/program/soffice.bin, process 1729 # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007f360c3c0e23, pid=1729, tid=139870181844800 # # JRE version: 6.0_23-b23 # Java VM: OpenJDK 64-Bit Server VM (20.0-b11 mixed mode linux-amd64 compressed oops) # Derivative: IcedTea6 1.11pre # Distribution: Ubuntu 11.10, package 6b23~pre11-0ubuntu1.11.10 # Problematic frame: # C [libvcllx.so+0x3f0e23] typeinfo name for ScrollbarValue+0x3 ...
Created attachment 55482 [details] screenhot better showing the position of the text field I have reproduced it here. Well, I was a bit confused with the description and it took me some time. Here are hopefully more clear steps to reproduce: 1. open empty Writer document 2. select in menu: Insert/Indexes and Tables/Indexes and Tables... 3. select in the combobox "Type": Bibliography 4. select the tab "Entries" 5. put cursor in the first text field in the "Structure" line, see the attached screenshot 6. press enter Result: Crash Expected result: it closes the dialog because the [OK] button is preselected
Created attachment 55483 [details] full back trace from gdb The pasted gdb log in the comment #7 was incomplete. The attached log in the comment #7 was not from gdb but from java; IMHO, it was not much usable. This one is from my build of the libreoffice-3-5 branch; the pull was around 3.5.0-beta2. Here is the interesting part: --- cut --- #0 0x00007f71f27fc434 in typeinfo name for SliderValue () from /abuild/lo-universal-i586/build/libreoffice-3-5/core/solver/unxlngx6.pro/installation/opt/program/libvcllo.so #1 0x00000000018830a0 in ?? () #2 0x00007f71f24f4aa8 in ListBox::SelectEntry (this=0x18830a0, rStr="<None>", bSelect=1 '\001') at /abuild/lo-universal-i586/build/libreoffice-3-5/core/vcl/source/control/lstbox.cxx:1181 --- cut --- My feeling is it tries to access object that was destroyed in the meantime. It might be mpImplLB in ListBox::GetEntryPos but I can't prove it. I tried to split the call into more commands, add printf, and started to fail somewhere else. Before it crashes, the LO UI do an effect like that the "OK" button is pressed => it probably tries to close the dialog. I do not have time to debug it more at this point. I hope that the above will be useful, though.
Created attachment 55484 [details] valgring.log I attach the valgring log for completeness. I am not sure if it brings anything new.
I see the crash even with the default "Type": "Table of Content" => it is not specific for the Bibliography.
Fixed in master (target 3.6): http://cgit.freedesktop.org/libreoffice/core/commit/?id=4914b23e7e91b184d69eb00a74ce1c463c5754a7
cherry-picked to libreoffice-3-5 as well. http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5&id=e611a2edceffba59e153e802ca15e8041301a117
Hi Cedric, Petr, thanks for resolving this issue so quickly. Would you mind cherry-picking the fix to 3.4.6, too? Sorry for the stupid thing I did wrt the GDB log, btw.
(In reply to comment #14) > Hi Cedric, Petr, thanks for resolving this issue so quickly. Would you mind > cherry-picking the fix to 3.4.6, too? I just asked for reviews on the mailing list.