Created attachment 57794 [details] The error msgbox when LO crash (in French). Problem description: Steps to reproduce: 1. open a .odt file with LibreOffice 3.5RC3 French language 2. click on the PDF Export icon 3. LibO crash and close. Current behavior: LibO ask for the PDF filename and crash, no error displayed Expected behavior: A PDF file saved in the chosen folder. Platform (if different from the browser): Win7Home 64b SP1 French/LibreOffice 3.5RC3 Browser: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
*** Bug 46751 has been marked as a duplicate of this bug. ***
Can you please attach a sample document that crashes LibreOffice when you do the PDF export? Thanks.
Created attachment 57799 [details] ODT file which crash during PDF export Here is an .odt file which crash during the PDF export (by the button in the toolbar). I think this .odt file has made with MS Word 2010 Starter, but I'm not sure.
Created attachment 57800 [details] ODT file which crashes during PDF export My previous file was corrupted. Here is a good file (produced with MS Word 2010 Starter, confirmed).
This works for me vs. master running on Linux - I can't reproduce it at all. What options do you have set in the export-to-pdf dialog from the file menu ? Can you move away your user settings directory and re-try to see if that affects it in some way ?
valgrind clean on Linux as well for the export of the 2nd document :-)
Hi! I moved away my user settings directory and re-tried. PDF Export still crashes :-/ By the way, the PDF Export works fine with a .odg file.
quite possibly a dup of bug #46896 that I'm poking at.
can reproduce on XP trivially, doesn't seem to be 46896 either ;-)
Seems tobe graphitee rlated: > vcllo.dll!graphite2::Font::Font(float ppm=110.00000, const graphite2::Face * face=0x6c656873) Line 34 + 0x13 bytes C++ vcllo.dll!graphite2::HintedFont::HintedFont(float ppm=110.00000, const void * appFontHandle=0x07010926, float (const void *, unsigned short)* advance2=0x021191c0, const graphite2::Face * face=0x6c656873) Line 70 + 0x20 bytes C++ vcllo.dll!gr_make_font_with_advance_fn(float ppm=110.00000, const void * appFontHandle=0x07010926, float (const void *, unsigned short)* advance=0x021191c0, const gr_face * face=0x6c656873) Line 51 + 0x2c bytes C++ vcllo.dll!GraphiteWinLayout::GraphiteWinLayout(HDC__ * hDC=0x07010926, const ImplWinFontData & rWFD={...}, ImplWinFontEntry & rWFE={...}) Line 2862 + 0x2c bytes C++ vcllo.dll!WinSalGraphics::GetTextLayout(ImplLayoutArgs & rArgs={...}, int nFallbackLevel=1) Line 3040 + 0x2d bytes C++ vcllo.dll!OutputDevice::ImplGlyphFallbackLayout(SalLayout * pSalLayout=0x151104b8, ImplLayoutArgs & rLayoutArgs={...}) Line 6201 + 0x1c bytes C++ vcllo.dll!OutputDevice::ImplLayout(const String & rOrigStr={...}, unsigned short nMinIndex=0, unsigned short nLen=1, const Point & rLogicalPos={...}, long nLogicalWidth=0, const long * pDXArray=0x00000000, bool bFilter=false) Line 6066 + 0xf bytes C++ vcllo.dll!OutputDevice::GetTextArray(const String & rStr={...}, long * pDXAry=0x13c12370, unsigned short nIndex=0, unsigned short nLen=1) Line 5724 + 0x1b bytes C++ swlo.dll!SwFntObj::DrawText(SwDrawTextInfo & rInf={...}) Line 1438 C++ swlo.dll!SwSubFont::_DrawText(SwDrawTextInfo & rInf={...}, const unsigned char bGrey=0) Line 887 C++ swlo.dll!SwFont::_DrawText(SwDrawTextInfo & rInf={...}) Line 352 + 0x26 bytes C++ swlo.dll!SwTxtPaintInfo::_DrawText(const String & rText={...}, const SwLinePortion & rPor={...}, const unsigned short nStart=0, const unsigned short nLength=1, const unsigned char bKern=0, const unsigned char bWrong='', const unsigned char bSmartTag=0, const unsigned char bGrammarCheck='') Line 741 C++ swlo.dll!SwTxtPaintInfo::DrawMarkedText(const SwLinePortion & rPor={...}, const unsigned short nLength=1, const unsigned char bKern=0, const unsigned char bWrong='', const unsigned char bSmartTags=0, const unsigned char bGrammarCheck='') Line 869 C++ swlo.dll!SwTxtPortion::Paint(const SwTxtPaintInfo & rInf={...}) Line 601 C++ swlo.dll!SwTxtPainter::DrawTextLine(const SwRect & rPaint={...}, SwSaveClip & rClip={...}, const unsigned char bUnderSz=0) Line 406 C++ swlo.dll!SwTxtFrm::Paint(const SwRect & rRect={...}, const SwPrintData * const __formal=0x00000000) Line 719 C++ swlo.dll!SwLayoutFrm::Paint(const SwRect & rRect={...}, const SwPrintData * const __formal=0x00000000) Line 3257 C++ swlo.dll!SwBodyFrm::Paint(const SwRect & rRect={...}, const SwPrintData * __formal=0x00000000) Line 201 C++ swlo.dll!SwLayoutFrm::Paint(const SwRect & rRect={...}, const SwPrintData * const __formal=0x00000000) Line 3257 C++ swlo.dll!SwRootFrm::Paint(const SwRect & rRect={...}, const SwPrintData * const pPrintData=0x1504f188) Line 2975 C++ swlo.dll!ViewShell::PrintOrPDFExport(OutputDevice * pOutDev=0x150662a0, const SwPrintData & rPrintData={...}, long nRenderer=352682456) Line 537 C++ swlo.dll!SwXTextDocument::render(long nRenderer=4, const com::sun::star::uno::Any & rSelection={...}, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & rxOptions={...}) Line 2982 C++ pdffilterlo.dll!PDFExport::ExportSelection(vcl::PDFWriter & rPDFWriter={...}, com::sun::star::uno::Reference<com::sun::star::view::XRenderable> & rRenderable={...}, const com::sun::star::uno::Any & rSelection={...}, const StringRangeEnumerator & rRangeEnum={...}, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & rRenderOptions={...}, long nPageCount=9) Line 239 + 0x12 bytes C++
> vcllo.dll!WinSalGraphics::GetTextLayout(ImplLayoutArgs & rArgs={...}, int nFallbackLevel=1) Line 3040 + 0x2d bytes C++ ... #ifdef ENABLE_GRAPHITE if (rFontFace.SupportsGraphite()) pWinLayout = new GraphiteWinLayout(mhDC, rFontFace, rFontInstance); else #endif // ENABLE_GRAPHITE The rFontFace appears to have an mpGraphiteData that has bogus contents an mnRefCount of 775041900 or some such reasonable number ;-) and the busted mpFace pointer that ultimately causes the crash down the stack.
Created attachment 58456 [details] drmemory log The drmemory with debug output pointing at the problem: Error #6: UNADDRESSABLE ACCESS: reading 0x12f1f22d-0x12f1f22e 1 byte(s) # 0 vcllo.dll!ImplGetLogFontFromFontSelect [c:\libo\vcl\win\source\gdi\salgdi3.cxx:1558] # 1 vcllo.dll!WinSalGraphics::ImplDoSetFont [c:\libo\vcl\win\source\gdi\salgdi3.cxx:1615] # 2 vcllo.dll!WinSalGraphics::SetFont [c:\libo\vcl\win\source\gdi\salgdi3.cxx:1703] # 3 vcllo.dll!OutputDevice::ImplGlyphFallbackLayout [c:\libo\vcl\source\gdi\outdev3.cxx:6197] # 4 vcllo.dll!OutputDevice::ImplLayout [c:\libo\vcl\source\gdi\outdev3.cxx:6066] # 5 vcllo.dll!OutputDevice::GetTextArray [c:\libo\vcl\source\gdi\outdev3.cxx:5724] # 6 swlo.dll!SwFntObj::DrawText [c:\libo\sw\source\core\txtnode\fntcache.cxx:1434] # 7 swlo.dll!SwSubFont::_DrawText [c:\libo\sw\source\core\txtnode\swfont.cxx:886] # 8 swlo.dll!SwFont::_DrawText [c:\libo\sw\source\core\inc\swfont.hxx:352] # 9 swlo.dll!SwTxtPaintInfo::_DrawText [c:\libo\sw\source\core\text\inftxt.cxx:738] #10 swlo.dll!SwTxtPaintInfo::DrawMarkedText [c:\libo\sw\source\core\text\inftxt.hxx:868] #11 swlo.dll!SwTxtPortion::Paint [c:\libo\sw\source\core\text\portxt.cxx:597] Note: @0:17:49.288 in thread 312 Note: refers to 3 byte(s) before next malloc Note: next higher malloc: 0x12f1f230-0x12f1f248 Note: prev lower malloc: 0x12f1f1f0-0x12f1f204 Note: instruction: mov 0x000000ad(%eax) -> %cl Error #7: UNADDRESSABLE ACCESS: reading 0x12f1f1d0-0x12f1f1d4 4 byte(s) # 0 vcllo.dll!ImplWinFontData::UpdateFromHDC [c:\libo\vcl\win\source\gdi\salgdi3.cxx:1280] # 1 vcllo.dll!WinSalGraphics::SetFont [c:\libo\vcl\win\source\gdi\salgdi3.cxx:1728] # 2 vcllo.dll!OutputDevice::ImplGlyphFallbackLayout [c:\libo\vcl\source\gdi\outdev3.cxx:6197] # 3 vcllo.dll!OutputDevice::ImplLayout [c:\libo\vcl\source\gdi\outdev3.cxx:6066] # 4 vcllo.dll!OutputDevice::GetTextArray [c:\libo\vcl\source\gdi\outdev3.cxx:5724] # 5 swlo.dll!SwFntObj::DrawText [c:\libo\sw\source\core\txtnode\fntcache.cxx:1434] # 6 swlo.dll!SwSubFont::_DrawText [c:\libo\sw\source\core\txtnode\swfont.cxx:886] # 7 swlo.dll!SwFont::_DrawText [c:\libo\sw\source\core\inc\swfont.hxx:352] # 8 swlo.dll!SwTxtPaintInfo::_DrawText [c:\libo\sw\source\core\text\inftxt.cxx:738] # 9 swlo.dll!SwTxtPaintInfo::DrawMarkedText [c:\libo\sw\source\core\text\inftxt.hxx:868] #10 swlo.dll!SwTxtPortion::Paint [c:\libo\sw\source\core\text\portxt.cxx:597]
Caolan - somewhat similar memory corruption around font metrics ? :-) though not the same thing.
*** Bug 46923 has been marked as a duplicate of this bug. ***
Reverting e601c32661735e9fd78def7ee11bfe21279cca71 reportedly fixed this, so reverted that on 3-5 For master, lets see if e7dc8c652de6babbfc4fe113639c28970af72046 fixes it and retains the fix for bug 33090
Caolan: are you sure you meant to close this one ? AFAICS this was a separate issue to bug#46896 which was the one related to bug#33090 :-)
Hmm, I presumed that this bug was triggered by bug 33090 because,,, " I'd prefer to live with fdo#33090 (a Thai text rendering issue) than have the subtle memory corruption in fdo#46750 - so I suggest that we revert:"
hmm, I can't reproduce this one on master and windows with or without http://cgit.freedesktop.org/libreoffice/core/commit/?id=eeffbc94d129756410bd2a9198dff5858479738f caolanm->mmeeks: is this still a problem then under windows ? http://cgit.freedesktop.org/libreoffice/core/commit/?id=d066f7e4afb3c9e395932ba7bf8715ad0770bcdd and http://cgit.freedesktop.org/libreoffice/core/commit/?id=3a878d3dbfdb11cf2f0cce9dbf28a408c130d556 are some relatively recent graphite-specific fixes
The bug I found in 3.5.O seems to be fixed in LO 3.5.1.2 (Win7 x64) !
(In reply to comment #15) > For master, lets see if e7dc8c652de6babbfc4fe113639c28970af72046 fixes it and > retains the fix for bug 33090 Caolan, this commit id(?) is incorrect, could you please have a check again? Thanks.