Bug 46728 - EDITING: soffice.bin crashed with SIGSEGV in Window::GetCursor()
Summary: EDITING: soffice.bin crashed with SIGSEGV in Window::GetCursor()
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Writer (show other bugs)
Version:
(earliest affected)
3.5.0 release
Hardware: x86 (IA32) Linux (All)
: medium critical
Assignee: Caolán McNamara
URL:
Whiteboard: BSA target:3.6.0 target:3.5.2
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-28 07:40 UTC by quantenemitter
Modified: 2012-03-16 05:02 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:

Attachments
Possible fix (1.94 KB, patch)
2012-03-08 10:49 UTC, Szabolcs Dézsi 		Details
valgrind log (4.68 KB, text/plain)
2012-03-09 08:38 UTC, Caolán McNamara 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description quantenemitter 2012-02-28 07:40:41 UTC 
1) lsb_release -rd
Description: Ubuntu precise (development branch)
Release: 12.04

2) apt-cache policy libreoffice-writer
libreoffice-writer:
  Installed: 1:3.5.0-1ubuntu4
  Candidate: 1:3.5.0-1ubuntu4
  Version table:
 *** 1:3.5.0-1ubuntu4 0
        500 http://us.archive.ubuntu.com/ubuntu/ precise/main i386 Packages
        100 /var/lib/dpkg/status
[Comment: Build-ID: 350m1(Build:13)]

3) What is expected to happen in a blank Writer document with View -> Toolbars -> Drawing checked is click Text icon, and create a Text box in the top right of the page (beteen the header and the body) and it does not crash.

4) What happens is it crashes consistently. A video of this may be found at: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/941033/+attachment/2788200/+files/libreoffice-crash.ogv

ProblemType: Crash
DistroRelease: Ubuntu 12.04
Package: libreoffice-core 1:3.5.0-1ubuntu4
ProcVersionSignature: Ubuntu 3.2.0-17.27-generic 3.2.6
Uname: Linux 3.2.0-17-generic i686
ApportVersion: 1.93-0ubuntu2
Architecture: i386
CrashCounter: 1
Date: Sat Feb 25 14:38:00 2012
EcryptfsInUse: Yes
ExecutablePath: /usr/lib/libreoffice/program/soffice.bin
ExecutableTimestamp: 1330135917
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1)
LocalLibraries: /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/libdle.so.1 /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/libsx.so /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/dudenkorrektor.uno.so /home/thomas/.config/libreoffice/3/user/uno_packages/cache/uno_packages/lumrsyro.tmp_/DRO.oxt/libdpf.so.2
ProcCmdline: /usr/lib/libreoffice/program/soffice.bin --writer /home/thomas/Schule/0_Mathe/M6/6.3_Flaechen-_und_Rauminhalt/6.3.2_Volumen/Arbeitsblaetter/AB_Einheitenvergleich.odt --splash-pipe=6
ProcCwd: /home/thomas
SegvAnalysis:
 Segfault happened at: 0x1dae324 <_ZNK6Window9GetCursorEv+4>: mov 0xf4(%eax),%eax
 PC (0x01dae324) ok
 source "0xf4(%eax)" (0x408500f4) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: libreoffice
StacktraceTop:
 Window::GetCursor() const () from /usr/lib/libreoffice/program/libvcllo.so
 ?? () from /usr/lib/libreoffice/program/../program/libsvxcorelo.so
 Timer::Timeout() () from /usr/lib/libreoffice/program/libvcllo.so
 Timer::ImplTimerCallbackProc() () from /usr/lib/libreoffice/program/libvcllo.so
 ?? () from /usr/lib/libreoffice/program/libvclplug_gtklo.so
Title: soffice.bin crashed with SIGSEGV in Window::GetCursor()
UpgradeStatus: Upgraded to precise on 2012-02-23 (2 days ago)
UserGroups: adm admin audio cdrom dialout dip fax floppy fuse lp lpadmin netdev plugdev powerdev sambashare tape vboxusers video
Comment 1 quantenemitter 2012-02-28 07:43:29 UTC 
Also see: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/941033/
Comment 2 Szabolcs Dézsi 2012-03-08 10:49:19 UTC 
Created attachment 58205 [details]
Possible fix

Hi!

This seems to solve it, or maybe it's just less frequent...
Anyway, it is a step closer to the final solution.

made changes in svx/source/sdr/overlay/overlaymanagerbuffered.cxx in
IMPL_LINK(OverlayManagerBuffered, ImpBufferTimerHandler, AutoTimer*, /*pTimer*/)

Szabolcs
Comment 3 Caolán McNamara 2012-03-09 08:38:52 UTC 
Created attachment 58243 [details]
valgrind log

adding a valgrind log to show that the this of the handler is deleted before the end of the method
Comment 4 Not Assigned 2012-03-13 08:17:43 UTC 
Caolan McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=131e5d35a4edb9f8875a197e8e0382c168834f70

Resolves: fdo#46728 reference count the overlay managers
Comment 5 Not Assigned 2012-03-13 09:04:49 UTC 
Caolan McNamara committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=badbf0c9259a6ff3928958332532c5a9ed8c5774

Related: fdo#46728 it would help to initialize the reference count I suppose
Comment 6 quantenemitter 2012-03-13 09:57:53 UTC 
I love you, guys! :)
Comment 7 Not Assigned 2012-03-16 05:01:38 UTC 
Caolan McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-3-5":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=849fc81ababc87ccc2a13091d3eed33b9151a845&g=libreoffice-3-5

Resolves: fdo#46728 reference count the overlay managers


It will be available in LibreOffice 3.5.2.
Comment 8 Not Assigned 2012-03-16 05:02:10 UTC 
Caolan McNamara committed a patch related to this issue.
It has been pushed to "libreoffice-3-5":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=a270cc4547c813ace05792d114998ee1199c30ff&g=libreoffice-3-5

Related: fdo#46728 it would help to initialize the reference count I suppose


It will be available in LibreOffice 3.5.2.