Created attachment 50636 [details] test case of OLE Crash The following file makes LIbO 3.4.3.RC2 and 3.5 Master crash. Steps to reproduce 1) open file 2) select OLE Object "Object1" in sheet "Viagem a serviço" 3) double click for edition LiBo crash. OLE Object is a Writer text. At the moment, it is unreliable to use OLE text on Calc. Crash does not happes in LibO 3.3.x branch.
Backtrace: NOTE: sw/source/core/layout/flowfrm.cxx has been modified recently by bug 39510 .... will update my master. #0 0x0000000000000000 in ?? () #1 0x00007fffd989e45a in SwPageFrm::PreparePage (this=0x1402b80, bFtn=0 '\000') at /home/tdf/git/libo/sw/source/core/layout/pagechg.cxx:520 #2 0x00007fffd98a0b9b in SwFrm::InsertPage (this=0x187cdf0, pPrevPage=0x187ca00, bFtn=0 '\000') at /home/tdf/git/libo/sw/source/core/layout/pagechg.cxx:1340 #3 0x00007fffd983f500 in SwFrm::GetNextLeaf (this=0x187cdf0, eMakePage=MAKEPAGE_INSERT) at /home/tdf/git/libo/sw/source/core/layout/flowfrm.cxx:1046 #4 0x00007fffd983ee4d in SwFrm::GetLeaf (this=0x187cdf0, eMakePage=MAKEPAGE_INSERT, bFwd=1 '\001') at /home/tdf/git/libo/sw/source/core/layout/flowfrm.cxx:844 #5 0x00007fffd98419b5 in SwFlowFrm::MoveFwd (this=0x187cea8, bMakePage=1 '\001', bPageBreak=0 '\000', bMoveAlways=0 '\000') at /home/tdf/git/libo/sw/source/core/layout/flowfrm.cxx:1917 #6 0x00007fffd983346c in SwCntntFrm::MakeAll (this=0x187cdf0) at /home/tdf/git/libo/sw/source/core/layout/calcmove.cxx:1713 #7 0x00007fffd982c8ff in SwFrm::PrepareMake (this=0x187cdf0) at /home/tdf/git/libo/sw/source/core/layout/calcmove.cxx:388 #8 0x00007fffd9599678 in SwFrm::Calc (this=0x187cdf0) at /home/tdf/git/libo/sw/source/core/inc/frame.hxx:1064 #9 0x00007fffd9832c66 in SwCntntFrm::MakeAll (this=0x187ccd0) at /home/tdf/git/libo/sw/source/core/layout/calcmove.cxx:1597 #10 0x00007fffd982c8ff in SwFrm::PrepareMake (this=0x187ccd0) at /home/tdf/git/libo/sw/source/core/layout/calcmove.cxx:388 #11 0x00007fffd9599678 in SwFrm::Calc (this=0x187ccd0) at /home/tdf/git/libo/sw/source/core/inc/frame.hxx:1064 #12 0x00007fffd99e4522 in SwTxtFrm::GetFormatted (this=0x187ccd0, bForceQuickFormat=false) at /home/tdf/git/libo/sw/source/core/text/txtfrm.cxx:2140 #13 0x00007fffd9961ca6 in SwTxtFrm::GetCharRect (this=0x187ccd0, rOrig=..., rPos=..., pCMS=0x7fffffffa490) at /home/tdf/git/libo/sw/source/core/text/frmcrsr.cxx:220 #14 0x00007fffd958e368 in SwCrsrShell::UpdateCrsr (this=0x1bd9118, eFlags=4, bIdleEnd=0 '\000') at /home/tdf/git/libo/sw/source/core/crsr/crsrsh.cxx:1670 #15 0x00007fffd9590aab in SwCrsrShell::ShGetFcs (this=0x1bd9118, bUpdate=0 '\000') at /home/tdf/git/libo/sw/source/core/crsr/crsrsh.cxx:2087 #16 0x00007fffd97fb001 in SwFEShell::ShGetFcs (this=0x1bd9118, bUpdate=0 '\000') at /home/tdf/git/libo/sw/source/core/frmedt/fews.cxx:328 #17 0x00007fffd9f554fc in SwView::Activate (this=0x23d59a8, bMDIActivate=1 '\001') at /home/tdf/git/libo/sw/source/ui/uiview/view1.cxx:83 #18 0x00007ffff5072efc in SfxShell::DoActivate_Impl (this=0x23d59a8, pFrame=0x2431e38, bMDI=1 '\001') at /home/tdf/git/libo/sfx2/source/control/shell.cxx:644 #19 0x00007ffff505c481 in SfxDispatcher::DoActivate_Impl (this=0x1cd0378, bMDI=1 '\001') at /home/tdf/git/libo/sfx2/source/control/dispatch.cxx:783 #20 0x00007ffff52c291d in SfxViewFrame::DoActivate (this=0x2431e38, bUI=1 '\001', pOldFrame=0x0) at /home/tdf/git/libo/sfx2/source/view/viewfrm.cxx:1152 ---Type <return> to continue, or q <return> to quit--- #21 0x00007ffff4f8d127 in SfxApplication::SetViewFrame_Impl (this=0x12ec498, pFrame=0x2431e38) at /home/tdf/git/libo/sfx2/source/appl/app.cxx:473 #22 0x00007ffff52ce362 in SfxViewFrame::SetViewFrame (pFrame=0x2431e38) at /home/tdf/git/libo/sfx2/source/view/viewfrm.cxx:3364 #23 0x00007ffff52c50ee in SfxViewFrame::MakeActive_Impl (this=0x2431e38, bGrabFocus=0 '\000') at /home/tdf/git/libo/sfx2/source/view/viewfrm.cxx:1832 #24 0x00007ffff52b0855 in IMPL_SfxBaseController_ListenerHelper::frameAction (this=0x23d58f0, aEvent=...) at /home/tdf/git/libo/sfx2/source/view/sfxbasecontroller.cxx:496 #25 0x00007fffdfbfcdff in framework::Frame::implts_sendFrameActionEvent (this=0x2577980, aAction=@0x7fffffffab58) at /home/tdf/git/libo/framework/source/services/frame.cxx:2787 #26 0x00007fffdfbf746e in framework::Frame::activate (this=0x2577980) at /home/tdf/git/libo/framework/source/services/frame.cxx:1177 #27 0x00007fffdfbf4d9a in framework::Frame::setActiveFrame (this=0x1f1f460, xFrame=...) at /home/tdf/git/libo/framework/source/services/frame.cxx:497 #28 0x00007fffcb1c532c in DocumentHolder::ShowUI (this=0x2243680, xContainerLM=..., xContainerDP=..., aContModuleName=...) at /home/tdf/git/libo/embeddedobj/source/general/docholder.cxx:769 #29 0x00007fffcb1ae9cb in OCommonEmbeddedObject::SwitchStateTo_Impl (this=0x22433d0, nNextState=4) at /home/tdf/git/libo/embeddedobj/source/commonembedding/embedobj.cxx:341 #30 0x00007fffcb1af6d4 in OCommonEmbeddedObject::changeState (this=0x22433d0, nNewState=4) at /home/tdf/git/libo/embeddedobj/source/commonembedding/embedobj.cxx:484 #31 0x00007fffcb1afe3d in OCommonEmbeddedObject::doVerb (this=0x22433d0, nVerbID=0) at /home/tdf/git/libo/embeddedobj/source/commonembedding/embedobj.cxx:571 #32 0x00007ffff52a67de in SfxInPlaceClient::DoVerb (this=0x23f65f8, nVerb=0) at /home/tdf/git/libo/sfx2/source/view/ipclient.cxx:985 #33 0x00007fffccb9c0db in ScTabViewShell::ActivateObject (this=0x2253338, pObj=0x2222d68, nVerb=0) at /home/tdf/git/libo/sc/source/ui/view/tabvwshb.cxx:177 #34 0x00007fffcc87fd08 in FuSelection::MouseButtonUp (this=0x22550d8, rMEvt=...) at /home/tdf/git/libo/sc/source/ui/drawfunc/fusel.cxx:533 #35 0x00007fffccaefe27 in ScGridWindow::DrawMouseButtonUp (this=0x2289fe8, rMEvt=...) at /home/tdf/git/libo/sc/source/ui/view/gridwin3.cxx:97 #36 0x00007fffccad5feb in ScGridWindow::MouseButtonUp (this=0x2289fe8, rMEvt=...) at /home/tdf/git/libo/sc/source/ui/view/gridwin.cxx:1881 #37 0x00007ffff2bc2672 in ImplHandleMouseEvent (pWindow=0x1ff95d8, nSVEvent=2, bMouseLeave=0 '\000', nX=416, nY=407, nMsgTime= 20231439, nCode=1, nMode=3) at /home/tdf/git/libo/vcl/source/window/winproc.cxx:818 #38 0x00007ffff2bc7e02 in ImplHandleSalMouseButtonUp (pWindow=0x1ff95d8, pEvent=0x7fffffffc3e0) at /home/tdf/git/libo/vcl/source/window/winproc.cxx:2091 #39 0x00007ffff2bc7159 in ImplWindowFrameProc (pWindow=0x1ff95d8, nEvent=4, pEvent=0x7fffffffc3e0) at /home/tdf/git/libo/vcl/source/window/winproc.cxx:2420 ---Type <return> to continue, or q <return> to quit--- #40 0x00007fffe7fb12c7 in SalFrame::CallCallback (this=0x1ff9138, nEvent=4, pEvent=0x7fffffffc3e0) at /home/tdf/git/libo/vcl/inc/salframe.hxx:294 #41 0x00007fffe807f5d1 in X11SalFrame::HandleMouseEvent (this=0x1ff9138, pEvent=0x7fffffffccd0) at /home/tdf/git/libo/vcl/unx/generic/window/salframe.cxx:3055 #42 0x00007fffe8082c7e in X11SalFrame::Dispatch (this=0x1ff9138, pEvent=0x7fffffffccd0) at /home/tdf/git/libo/vcl/unx/generic/window/salframe.cxx:4195 #43 0x00007fffe7fc6a88 in SalX11Display::Dispatch (this=0x80a0e8, pEvent=0x7fffffffccd0) at /home/tdf/git/libo/vcl/unx/generic/app/saldisp.cxx:2285 #44 0x00007fffe9ed58b9 in VCLKDEApplication::x11EventFilter (this=0x706a08, ev=0x7fffffffccd0) at /home/tdf/git/libo/vcl/unx/kde4/VCLKDEApplication.cxx:46 #45 0x00007fffe8519461 in ?? () from /usr/lib64/libQtGui.so.4 #46 0x00007fffe8527fa1 in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib64/libQtGui.so.4 #47 0x00007fffe9ec9072 in SalKDEDisplay::Yield (this=0x80a0e8) at /home/tdf/git/libo/vcl/unx/kde4/KDESalDisplay.cxx:71 #48 0x00007fffe7fc0093 in DisplayYield (pDisplay=0x80a0e8) at /home/tdf/git/libo/vcl/unx/generic/app/saldisp.cxx:624 #49 0x00007fffe7fbda02 in YieldEntry::HandleNextEvent (this=0x7fffe82f6f10) at /home/tdf/git/libo/vcl/unx/generic/app/saldata.cxx:598 #50 0x00007fffe7fbcb11 in SalXLib::Yield (this=0x6e6278, bWait=true, bHandleAllCurrentEvents=false) at /home/tdf/git/libo/vcl/unx/generic/app/saldata.cxx:789 #51 0x00007fffe9ed3e7f in KDEXLib::Yield (this=0x6e6268, bWait=true, bHandleAllCurrentEvents=false) at /home/tdf/git/libo/vcl/unx/kde4/KDEXLib.cxx:318 #52 0x00007fffe7fd3b71 in X11SalInstance::Yield (this=0x6d8608, bWait=true, bHandleAllCurrentEvents=false) at /home/tdf/git/libo/vcl/unx/generic/app/salinst.cxx:280 #53 0x00007ffff27a0a5f in ImplYield (i_bWait=true, i_bAllEvents=false) at /home/tdf/git/libo/vcl/source/app/svapp.cxx:447 #54 0x00007ffff279d071 in Application::Yield (i_bAllEvents=false) at /home/tdf/git/libo/vcl/source/app/svapp.cxx:481 #55 0x00007ffff279d012 in Application::Execute () at /home/tdf/git/libo/vcl/source/app/svapp.cxx:424 #56 0x00007ffff78c93fc in desktop::Desktop::Main (this=0x7fffffffd660) at /home/tdf/git/libo/desktop/source/app/app.cxx:1914 #57 0x00007ffff27a646c in ImplSVMain () at /home/tdf/git/libo/vcl/source/app/svmain.cxx:181 #58 0x00007ffff27a65c3 in SVMain () at /home/tdf/git/libo/vcl/source/app/svmain.cxx:218 #59 0x00007ffff78ff5d6 in soffice_main () at /home/tdf/git/libo/desktop/source/app/sofficemain.cxx:68 #60 0x0000000000401064 in sal_main () at main.c:36 #61 0x0000000000401049 in main (argc=1, argv=0x7fffffffd818) at main.c:35
Created attachment 50643 [details] Another test case, simpler 1) double click the OLE object 2) click oustise the OLE obect to close edition 3) double click again to edit again Crash
Backtrace os example 2 LibreOffice 3.5.0 Build ID: 33a9d32-4eb4f62-09af278-f39398e (gdb) bt #0 0x0000000000000000 in ?? () #1 0x00007fffd98db402 in SwPageFrm::PreparePage (this=0x1ff0eb0, bFtn=0 '\000') at /home/tdf/git/libo/sw/source/core/layout/pagechg.cxx:520 #2 0x00007fffd98ddb43 in SwFrm::InsertPage (this=0x2685760, pPrevPage=0x26f2f80, bFtn=0 '\000') at /home/tdf/git/libo/sw/source/core/layout/pagechg.cxx:1340 #3 0x00007fffd987c4a8 in SwFrm::GetNextLeaf (this=0x2685760, eMakePage=MAKEPAGE_INSERT) at /home/tdf/git/libo/sw/source/core/layout/flowfrm.cxx:1047 #4 0x00007fffd987bdf5 in SwFrm::GetLeaf (this=0x2685760, eMakePage=MAKEPAGE_INSERT, bFwd=1 '\001') at /home/tdf/git/libo/sw/source/core/layout/flowfrm.cxx:845 #5 0x00007fffd987e95d in SwFlowFrm::MoveFwd (this=0x2685818, bMakePage=1 '\001', bPageBreak=0 '\000', bMoveAlways=0 '\000') at /home/tdf/git/libo/sw/source/core/layout/flowfrm.cxx:1918 #6 0x00007fffd98703fc in SwCntntFrm::MakeAll (this=0x2685760) at /home/tdf/git/libo/sw/source/core/layout/calcmove.cxx:1713 #7 0x00007fffd986988f in SwFrm::PrepareMake (this=0x2685760) at /home/tdf/git/libo/sw/source/core/layout/calcmove.cxx:388 #8 0x00007fffd95d660c in SwFrm::Calc (this=0x2685760) at /home/tdf/git/libo/sw/source/core/inc/frame.hxx:1064 #9 0x00007fffd986fbf6 in SwCntntFrm::MakeAll (this=0x2685640) at /home/tdf/git/libo/sw/source/core/layout/calcmove.cxx:1597 #10 0x00007fffd986988f in SwFrm::PrepareMake (this=0x2685640) at /home/tdf/git/libo/sw/source/core/layout/calcmove.cxx:388 #11 0x00007fffd95d660c in SwFrm::Calc (this=0x2685640) at /home/tdf/git/libo/sw/source/core/inc/frame.hxx:1064 #12 0x00007fffd9a216ee in SwTxtFrm::GetFormatted (this=0x2685640, bForceQuickFormat=false) at /home/tdf/git/libo/sw/source/core/text/txtfrm.cxx:2140 #13 0x00007fffd999eee3 in SwTxtFrm::GetCharRect (this=0x2685640, rOrig=..., rPos=..., pCMS=0x7fffffff73e0) at /home/tdf/git/libo/sw/source/core/text/frmcrsr.cxx:220 #14 0x00007fffd95cb348 in SwCrsrShell::UpdateCrsr (this=0x14806e8, eFlags=4, bIdleEnd=0 '\000') at /home/tdf/git/libo/sw/source/core/crsr/crsrsh.cxx:1670 #15 0x00007fffd95cda8b in SwCrsrShell::ShGetFcs (this=0x14806e8, bUpdate=0 '\000') at /home/tdf/git/libo/sw/source/core/crsr/crsrsh.cxx:2087 #16 0x00007fffd9837f91 in SwFEShell::ShGetFcs (this=0x14806e8, bUpdate=0 '\000') at /home/tdf/git/libo/sw/source/core/frmedt/fews.cxx:328 #17 0x00007fffd9f92544 in SwView::Activate (this=0x26867c8, bMDIActivate=1 '\001') at /home/tdf/git/libo/sw/source/ui/uiview/view1.cxx:83 #18 0x00007ffff50744d4 in SfxShell::DoActivate_Impl (this=0x26867c8, pFrame=0x14a68c8, bMDI=1 '\001') at /home/tdf/git/libo/sfx2/source/control/shell.cxx:644 #19 0x00007ffff505e619 in SfxDispatcher::DoActivate_Impl (this=0x25ae548, bMDI=1 '\001') at /home/tdf/git/libo/sfx2/source/control/dispatch.cxx:771 #20 0x00007ffff52c149d in SfxViewFrame::DoActivate (this=0x14a68c8, bUI=1 '\001', pOldFrame=0x0) at /home/tdf/git/libo/sfx2/source/view/viewfrm.cxx:1152 ---Type <return> to continue, or q <return> to quit--- #21 0x00007ffff4f8f8e7 in SfxApplication::SetViewFrame_Impl (this=0x13c07e8, pFrame=0x14a68c8) at /home/tdf/git/libo/sfx2/source/appl/app.cxx:473 #22 0x00007ffff52ccee2 in SfxViewFrame::SetViewFrame (pFrame=0x14a68c8) at /home/tdf/git/libo/sfx2/source/view/viewfrm.cxx:3364 #23 0x00007ffff52c3c6e in SfxViewFrame::MakeActive_Impl (this=0x14a68c8, bGrabFocus=0 '\000') at /home/tdf/git/libo/sfx2/source/view/viewfrm.cxx:1832 #24 0x00007ffff52af3ed in IMPL_SfxBaseController_ListenerHelper::frameAction (this=0x26e1650, aEvent=...) at /home/tdf/git/libo/sfx2/source/view/sfxbasecontroller.cxx:496 #25 0x00007fffdfc26797 in framework::Frame::implts_sendFrameActionEvent (this=0x246a2a0, aAction=@0x7fffffff7aa8) at /home/tdf/git/libo/framework/source/services/frame.cxx:2787 #26 0x00007fffdfc20e06 in framework::Frame::activate (this=0x246a2a0) at /home/tdf/git/libo/framework/source/services/frame.cxx:1177 #27 0x00007fffdfc1e732 in framework::Frame::setActiveFrame (this=0x148e3f0, xFrame=...) at /home/tdf/git/libo/framework/source/services/frame.cxx:497 #28 0x00007fffcadba32c in DocumentHolder::ShowUI (this=0x23266b0, xContainerLM=..., xContainerDP=..., aContModuleName="com.sun.star.sheet.SpreadsheetDocument") at /home/tdf/git/libo/embeddedobj/source/general/docholder.cxx:769 #29 0x00007fffcada39cb in OCommonEmbeddedObject::SwitchStateTo_Impl (this=0x2326400, nNextState=4) at /home/tdf/git/libo/embeddedobj/source/commonembedding/embedobj.cxx:341 #30 0x00007fffcada46d4 in OCommonEmbeddedObject::changeState (this=0x2326400, nNewState=4) at /home/tdf/git/libo/embeddedobj/source/commonembedding/embedobj.cxx:484 #31 0x00007fffcada4e3d in OCommonEmbeddedObject::doVerb (this=0x2326400, nVerbID=0) at /home/tdf/git/libo/embeddedobj/source/commonembedding/embedobj.cxx:571 #32 0x00007ffff52a5376 in SfxInPlaceClient::DoVerb (this=0x2530398, nVerb=0) at /home/tdf/git/libo/sfx2/source/view/ipclient.cxx:985 #33 0x00007fffcc7967e3 in ScTabViewShell::ActivateObject (this=0x2336d88, pObj=0x2306748, nVerb=0) at /home/tdf/git/libo/sc/source/ui/view/tabvwshb.cxx:177 #34 0x00007fffcc4764e0 in FuSelection::MouseButtonUp (this=0x230e088, rMEvt=...) at /home/tdf/git/libo/sc/source/ui/drawfunc/fusel.cxx:533 #35 0x00007fffcc6e728f in ScGridWindow::DrawMouseButtonUp (this=0x20e0c58, rMEvt=...) at /home/tdf/git/libo/sc/source/ui/view/gridwin3.cxx:97 #36 0x00007fffcc6cd455 in ScGridWindow::MouseButtonUp (this=0x20e0c58, rMEvt=...) at /home/tdf/git/libo/sc/source/ui/view/gridwin.cxx:1881 #37 0x00007ffff2bdee86 in ImplHandleMouseEvent (pWindow=0x185ac78, nSVEvent=2, bMouseLeave=0 '\000', nX=353, nY=413, nMsgTime= 30148653, nCode=1, nMode=3) at /home/tdf/git/libo/vcl/source/window/winproc.cxx:818 #38 0x00007ffff2be4616 in ImplHandleSalMouseButtonUp (pWindow=0x185ac78, pEvent=0x7fffffff9330) at /home/tdf/git/libo/vcl/source/window/winproc.cxx:2091 #39 0x00007ffff2be396d in ImplWindowFrameProc (pWindow=0x185ac78, nEvent=4, pEvent=0x7fffffff9330) at /home/tdf/git/libo/vcl/source/window/winproc.cxx:2420
[Reproducible] with reporter's second sample 8first not tested) and "LibreOffice 3.4.3 RC2 - WIN7 Home Premium (64bit) German UI [OOO340m1 (Build:302)]". That sounds very similar to "Bug 37403 - EDIT: Crash when second edit on DRAW object "arc"", although here a completely different object is involved. I do not know whether fix for Bug 37403 already should be integrated in 3.4.3 RC2. @Cédric: Can you please check whether this one is related to or DUP of Bug 37403?
No, this one seems to be different from Bug 37403. Master "LibO-dev 3.5.0 – WIN7 Home Premium (64bit) English UI [(Build ID: f952331-4eb4f62-09af278)]" does no longer crash with sample from Bug 37403, but still crashes with simple text document. I can't reproduce the problem with an own test document from the scratch. Indeed, no problem with LibO 3.3.3 Portable, so it seems to be a REGRESSION @Olivier Can you contribute an instruction how to create a sample document from the scratch? Do you have any idea what in your sample cause the crash? @Kohei: Please feel free to reassign (or reset Assignee to default) if it’s not your area or if provided information is not sufficient. Please set Status to ASSIGNED if you accept this Bug.
I think it is a writer bug.
Changing component to Writer. The backtrace indicates it is a writer bug.
@Cédric Can you please check?
Since all new unconfirmed bugs start in state UNCONFIRMED now and old unconfirmed bugs were moved to NEEDINFO with a explanatory comment, all bugs promoted above those bug states to NEW and later are automatically confirmed making the CONFIRMED whiteboard status redundant. Thus it will be removed.
Still [Reproducible] with second sample and Parallel Dev-Installation of "LibreOffice 3.5.0 Beta2- WIN7 Home Premium (64bit) German UI [Build-ID : 8589e48-760cc4d-f39cf3d-1b2857e-60db978]
Created attachment 55428 [details] valgrind log
Fixed in master (target 3.6): http://cgit.freedesktop.org/libreoffice/core/commit/?id=d83488f9795740857830aaf005e06e30d4e7d70c pending review for inclusion in 3.5
fixed in libreoffice-3-5: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5&id=74255f5e0b89d60102e0b482ed894c64de57b42c fixed in libreoffice-3-4: http://cgit.freedesktop.org/libreoffice/writer/commit/?h=libreoffice-3-4&id=ec59889a80e9fd91fc94943a56173e27427ec4a5 also: http://lists.freedesktop.org/archives/libreoffice/2012-January/024061.html