Created attachment 49899 [details] Image which creates the problem ODF editing is freezing. Valgrinding is showing errors loading one of the images. Unzipping and loading the pictures independently yielded the following valgrind trace. I removed some of the crud at the top. ==31875== For counts of detected and suppressed errors, rerun with: -v ==31875== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 15 from 8) ==31835== Invalid read of size 8 ==31835== at 0x422F86CA: ??? (in /usr/lib/libjpeg.so.62.0.0) ==31835== Address 0x17e43e10 is 37,496 bytes inside a block of size 37,500 alloc'd ==31835== at 0x4006D69: malloc (vg_replace_malloc.c:236) ==31835== by 0x403C3CD: rtl_allocateMemory_SYSTEM (alloc_global.c:294) ==31835== by 0x403C44A: rtl_allocateMemory (alloc_global.c:324) ==31835== by 0x4A5AD9A: JPEGReader::CreateBitmap(void*) (jpeg.cxx:403) ==31835== by 0x495E047: ReadJPEG (jpegc.c:158) ==31835== by 0x4A5B3D9: JPEGReader::Read(Graphic&) (jpeg.cxx:545) ==31835== by 0x4A5B69D: ImportJPEG(SvStream&, Graphic&, void*, long) (jpeg.cxx:752) ==31835== by 0x4A47EA3: GraphicFilter::ImportGraphic(Graphic&, String const&, SvStream&, unsigned short, unsigned short*, unsigned long, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>*, WMF_APMFILEHEADER*) (filter.cxx:1481) ==31835== by 0x4A48A5E: GraphicFilter::ImportGraphic(Graphic&, String const&, SvStream&, unsigned short, unsigned short*, unsigned long, WMF_APMFILEHEADER*) (filter.cxx:1309) ==31835== by 0x4A48AD9: GraphicFilter::ImportGraphic(Graphic&, INetURLObject const&, unsigned short, unsigned short*, unsigned long) (filter.cxx:1300) ==31835== by 0x4A48C28: GraphicFilter::LoadGraphic(String const&, String const&, Graphic&, GraphicFilter*, unsigned short*) (filter.cxx:2240) ==31835== by 0xF656F7A: SwView::InsertGraphic(String const&, String const&, unsigned char, GraphicFilter*, Graphic*, unsigned char) (view2.cxx:226) ==31835== by 0xF65AA1C: SwView::InsertGraphicDlg(SfxRequest&) (view2.cxx:423) ==31835== by 0xF65CCC0: SwView::Execute(SfxRequest&) (view2.cxx:1150) ==31835== by 0xF655163: SfxStubSwViewExecute(SfxShell*, SfxRequest&) (swslots.hxx:11714) ==31835== by 0x4510F98: SfxDispatcher::Call_Impl(SfxShell&, SfxSlot const&, SfxRequest&, unsigned char) (shell.hxx:202) ==31835== by 0x4511351: SfxDispatcher::PostMsgHandler(SfxRequest*) (dispatch.cxx:1521) ==31835== by 0x461D31A: SfxHintPoster::Event(SfxHint*) (link.hxx:140) ==31835== by 0x461D26E: SfxHintPoster::LinkStubDoEvent_Impl(void*, void*) (hintpost.cxx:78) ==31835== by 0x53EA15E: ImplWindowFrameProc(Window*, SalFrame*, unsigned short, void const*) (link.hxx:140) ==31835== by 0x7F8B34F: SalDisplay::DispatchInternalEvent() (salframe.hxx:294) ==31835== by 0x7EFE718: GtkXLib::userEventFn(void*) (gtkdata.cxx:883) ==31835== by 0x4DCF85D0: g_idle_dispatch (gmain.c:4558) ==31835== by 0x4DCFC5BE: g_main_context_dispatch (gmain.c:2441) ==31835== by 0x4DCFCD2F: g_main_context_iterate (gmain.c:3092) ==31835== by 0x4DCFD06E: g_main_context_iteration (gmain.c:3155) ==31835== by 0x7EFCF48: GtkXLib::Yield(bool, bool) (gtkdata.cxx:935) ==31835== by 0x7F8E2BE: X11SalInstance::Yield(bool, bool) (salinst.cxx:280) ==31835== by 0x52174CA: ImplYield(bool, bool) (svapp.cxx:447) ==31835== by 0x521516D: Application::Yield(bool) (svapp.cxx:481) ==31835== by 0x521519E: Application::Execute() (svapp.cxx:424) ==31835== by 0x407E13F: desktop::Desktop::Main() (app.cxx:1912) ==31835== by 0x521AB90: ImplSVMain() (svmain.cxx:181) ==31835== by 0x521ACE1: SVMain() (svmain.cxx:218) ==31835== by 0x4093FDA: soffice_main (sofficemain.cxx:68) ==31835== by 0x8048ADF: main (main.c:36) ==31835== ==31835== Conditional jump or move depends on uninitialised value(s) ==31835== at 0x4118FF11: XcursorImageHash (xlib.c:292) ==31835== by 0x41190098: XcursorNoticePutBitmap (xlib.c:363) ==31835== by 0x41437E23: _XNoticePutBitmap (CrGlCur.c:204) ==31835== by 0x41450019: XPutImage (PutImage.c:1040) ==31835== by 0x7FAD7F8: ImplSalDDB::ImplSalDDB(_XImage*, unsigned long, int, SalTwoRect const&) (salbmp.cxx:1006) ==31835== by 0x7FAE524: X11SalBitmap::ImplGetDDB(unsigned long, int, long, SalTwoRect const&) const (salbmp.cxx:751) ==31835== by 0x7FAE5D9: X11SalBitmap::ImplDraw(unsigned long, int, long, SalTwoRect const&, _XGC* const&) const (salbmp.cxx:773) ==31835== by 0x7FB0623: X11SalGraphics::drawMaskedBitmap(SalTwoRect const*, SalBitmap const&, SalBitmap const&) (salgdi2.cxx:727) ==31835== by 0x7FB0873: X11SalGraphics::drawBitmap(SalTwoRect const*, SalBitmap const&, SalBitmap const&) (salgdi2.cxx:677) ==31835== by 0x535CDF2: SalGraphics::DrawBitmap(SalTwoRect const*, SalBitmap const&, SalBitmap const&, OutputDevice const*) (salgdilayout.cxx:629) ==31835== by 0x52D6887: OutputDevice::ImplDrawBitmapEx(Point const&, Size const&, Point const&, Size const&, BitmapEx const&, unsigned long) (outdev2.cxx:976) ==31835== by 0x52D6C43: OutputDevice::DrawBitmapEx(Point const&, Size const&, BitmapEx const&) (outdev2.cxx:768) ==31835== by 0x4A7FFEB: GraphicManager::ImplCreateOutput(OutputDevice*, Point const&, Size const&, BitmapEx const&, GraphicAttr const&, unsigned long, BitmapEx*) (grfmgr2.cxx:623) ==31835== by 0x4A80CCA: GraphicManager::ImplDraw(OutputDevice*, Point const&, Size const&, GraphicObject&, GraphicAttr const&, unsigned long, unsigned char&) (grfmgr2.cxx:343) ==31835== by 0x4A81119: GraphicManager::DrawObj(OutputDevice*, Point const&, Size const&, GraphicObject&, GraphicAttr const&, unsigned long, unsigned char&) (grfmgr2.cxx:260) ==31835== by 0x4A7B0D9: GraphicObject::Draw(OutputDevice*, Point const&, Size const&, GraphicAttr const*, unsigned long) (grfmgr.cxx:607) ==31835== by 0xFBA05A2: drawinglayer::RenderBitmapPrimitive2D_GraphicManager(OutputDevice&, BitmapEx const&, basegfx::B2DHomMatrix const&) (vclhelperbitmaprender.cxx:99) ==31835== by 0xFBAA4C7: drawinglayer::processor2d::VclProcessor2D::RenderBitmapPrimitive2D(drawinglayer::primitive2d::BitmapPrimitive2D const&) (vclprocessor2d.cxx:437) ==31835== by 0xFBA94FD: drawinglayer::processor2d::VclPixelProcessor2D::processBasePrimitive2D(drawinglayer::primitive2d::BasePrimitive2D const&) (vclpixelprocessor2d.cxx:195) ==31835== by 0xFB9774F: drawinglayer::processor2d::BaseProcessor2D::process(com::sun::star::uno::Sequence<com::sun::star::uno::Reference<com::sun::star::graphic::XPrimitive2D> > const&) (baseprocessor2d.cxx:76) ==31835== by 0xFBA9FC1: drawinglayer::processor2d::VclPixelProcessor2D::processBasePrimitive2D(drawinglayer::primitive2d::BasePrimitive2D const&) (vclpixelprocessor2d.cxx:614) ==31835== by 0xFB9774F: drawinglayer::processor2d::BaseProcessor2D::process(com::sun::star::uno::Sequence<com::sun::star::uno::Reference<com::sun::star::graphic::XPrimitive2D> > const&) (baseprocessor2d.cxx:76) ==31835== by 0x1038EA24: sdr::overlay::OverlayManager::ImpDrawMembers(basegfx::B2DRange const&, OutputDevice&) const (overlaymanager.cxx:91) ==31835== by 0x1038EB82: sdr::overlay::OverlayManager::completeRedraw(Region const&, OutputDevice*) const (overlaymanager.cxx:281) ==31835== by 0x1038A56A: sdr::overlay::OverlayManagerBuffered::completeRedraw(Region const&, OutputDevice*) const (overlaymanagerbuffered.cxx:438) ==31835== by 0x103A6FC3: SdrPaintWindow::DrawOverlay(Region const&, bool) (sdrpaintwindow.cxx:286) ==31835== by 0x1044D06D: SdrPaintView::EndCompleteRedraw(SdrPaintWindow&, bool) (svdpntv.cxx:943) ==31835== by 0x10319AFB: FmFormView::EndCompleteRedraw(SdrPaintWindow&, bool) (fmview.cxx:500) ==31835== by 0x1044CC99: SdrPaintView::EndDrawLayers(SdrPaintWindow&, bool) (svdpntv.cxx:981) ==31835== by 0xF4B4F62: ViewShell::DLPostPaint2(bool) (viewsh.cxx:181) ==31835== by 0xF4B56B8: ViewShell::Paint(Rectangle const&) (viewsh.cxx:1670) ==31835== by 0xF1822CE: SwCrsrShell::Paint(Rectangle const&) (crsrsh.cxx:1169) ==31835== by 0xF5DBDD2: SwEditWin::Paint(Rectangle const&) (edtwin2.cxx:536) ==31835== by 0x53DCA23: Window::ImplCallPaint(Region const*, unsigned short) (window.cxx:2422) ==31835== by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short) (window.cxx:2446) ==31835== by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short) (window.cxx:2446) ==31835== by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short) (window.cxx:2446) ==31835== by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short) (window.cxx:2446) ==31835== by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short) (window.cxx:2446) ==31835== by 0x53DCAD9: Window::ImplCallPaint(Region const*, unsigned short) (window.cxx:2446) ==31835== by 0x53DD8F1: Window::ImplCallOverlapPaint() (window.cxx:2483) ==31835== by 0x53DD93A: Window::ImplHandlePaintHdl(void*) (window.cxx:2503) ==31835== by 0x521B149: Timer::Timeout() (link.hxx:140) ==31835== by 0x521B1F8: Timer::ImplTimerCallbackProc() (timer.cxx:146) ==31835== by 0x7F8FBF7: X11SalData::Timeout() const (saltimer.hxx:66) ==31835== by 0x7EFE63E: GtkXLib::timeoutFn(void*) (gtkdata.cxx:811) ==31835== by 0x4DCFDEAF: g_timeout_dispatch (gmain.c:3895) ==31835== by 0x4DCFC5BE: g_main_context_dispatch (gmain.c:2441) ==31835== by 0x4DCFCD2F: g_main_context_iterate (gmain.c:3092) ==31835== by 0x4DCFD06E: g_main_context_iteration (gmain.c:3155) ==31835== ==31835== ==31835== HEAP SUMMARY: ==31835== in use at exit: 2,351,368 bytes in 36,985 blocks ==31835== total heap usage: 1,314,047 allocs, 1,277,062 frees, 114,403,313 bytes allocated ==31835== ==31835== LEAK SUMMARY: ==31835== definitely lost: 6,101 bytes in 81 blocks ==31835== indirectly lost: 57,400 bytes in 2,114 blocks ==31835== possibly lost: 69,962 bytes in 939 blocks ==31835== still reachable: 2,217,905 bytes in 33,851 blocks ==31835== suppressed: 0 bytes in 0 blocks ==31835== Rerun with --leak-check=full to see details of leaked memory ==31835== ==31835== For counts of detected and suppressed errors, rerun with: -v ==31835== Use --track-origins=yes to see where uninitialised values come from ==31835== ERROR SUMMARY: 1865 errors from 10 contexts (suppressed: 418 from 15) ==31810== ==31810== HEAP SUMMARY: ==31810== in use at exit: 2,234 bytes in 57 blocks ==31810== total heap usage: 970 allocs, 913 frees, 1,584,546 bytes allocated ==31810== ==31810== LEAK SUMMARY: ==31810== definitely lost: 124 bytes in 1 blocks ==31810== indirectly lost: 0 bytes in 0 blocks ==31810== possibly lost: 0 bytes in 0 blocks ==31810== still reachable: 2,110 bytes in 56 blocks ==31810== suppressed: 0 bytes in 0 blocks ==31810== Rerun with --leak-check=full to see details of leaked memory ==31810== ==31810== For counts of detected and suppressed errors, rerun with: -v ==31810== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 31 from 11)
I see the same thing with gthumb, so it is not bug in LibreOffice. I will pass the image to the maintainer of libjpeg-turbo in Fedora.
I suspect this may be similar in nature to https://bugzilla.redhat.com/show_bug.cgi?id=678518