Step to reproduce: - launch LibreOffice 4.0.0.2 with a clean user profile - menu File > Wizards > Letter (or Fax or Agenda) ==> works as expected: the wizard starts - menu Tools > Options > LibreOffice > View -> change the icon set to Galaxy - validate - Menu File > Wizards > Letter (or Fax or Agenda) ==> Crash! In the cases of wizards Letter and Fax, LibreOffice close without notice In the case of Agenda, and if LibreOffice has been launched in a terminal, you get an error report for the Java Virtual Machine. It says something like: # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007fbfbb926c00, pid=18565, tid=140461517117248 # # JRE version: 7.0_09-b30 # Java VM: OpenJDK 64-Bit Server VM (23.2-b09 mixed mode linux-amd64 compressed oops) # Problematic frame: # C [libsvtlo.so+0x218c00] svt::RoadmapItem::ToggleBackgroundColor(Color const&)+0x60 # Same crash with Java 1.6. Same crash with Version 4.0.1.0+ (Build ID: c4820200312e3d50a12d3605147772759938bcf) Best regards. JBF
Created attachment 73733 [details] crash report of JVM exemple of a crash report generated by the JVM when LO crashes on Agenda wizard
If I launch LibreOffice 4.0.0.2 in gdb, I get the following error message: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff4b84c00 in svt::RoadmapItem::ToggleBackgroundColor(Color const&) () from /opt/libreoffice4.0/program/libsvtlo.so Idem for LO 4.0.1.0+ Best regards. JBF
I recompiled svtools module with debug enabled. This time I got the following error message in gdb: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff4a33934 in svt::RoadmapItem::ToggleBackgroundColor (this=0x0, _rGBColor=rgb(240, 119, 70)) at /home/jbf/LibO/master/svtools/source/control/roadmap.cxx:826 826 mpID->SetControlBackground( mpID->GetSettings().GetStyleSettings().GetHighlightColor() ); Best regards. JBF
Created attachment 73736 [details] valgrind log Valgrind log for crash with LO 4.0.1.0+
As suggested by Arnaud Versini on irc if I add a test before http://opengrok.libreoffice.org/xref/core/svtools/source/control/roadmap.cxx#703 to check if the pointer pLabelItem is not null, like that: if (pLabelItem) pLabelItem->ToggleBackgroundColor(rStyleSettings.GetHighlightColor()); Then I do not have the crash anymore. Best regards. JBF
I re-installed RC1 (LO 4.0.0.1) -> same crash with the RC1 but only on wizard Agenda because python wizards (letter and fax) did not work in rc1. Best regards. JBF
Can't reproduce this using Linux Mint 14 x64 LibreOffice 4.0.0.2 rc2. Either can't reproduce using Mac OSX 10.8.2 LibreOffice 4.0.0.2 rc2 but I didn't use 'Letter' because no window pops up.
No crash for me on Bodhi Linux
Well, just tried on another machine with Ubuntu 10.04 x86. There, LibreOffice 4.0.0.2 (rc2) does not crash.
To be more clear on the steps to reproduce, what I do is exactly the following, starting with a clean profile, whatever the profile is new or not: 1/ start LibreOffice 2/ menu File > Wizards > Letter (or Fax, or Agenda) ==> the wizard Letter starts as expected 3/ click on Cancel button in the wizard 4/ menu Tools > Options > LibreOffice > View -> change the icons set 5/ click the OK button 6/ menu File > Wizards > Letter ==> LibreOffice close without notice and in the terminal I see that LO encountered a segmentation fault (see previous comments) 7/ restart LibreOffice 8/ menu File > Wizards > Letter ==> crash again. Now it is impossible to start the wizards Letter, Fax, Agenda and Web page. Investigating more, I found that I can restore the wizard functionality if I remove registrationmodifications.xcu in my LO profile. So starting from a clean profile, I did a backup of this file and did a diff with the modified file after the crash. There is a difference in the recovery infos: The backup file has 2 lines: <item oor:path="/org.openoffice.Office.Recovery/RecoveryInfo"><prop oor:name="SessionData" oor:op="fuse"><value>false</value></prop></item> <item oor:path="/org.openoffice.Office.Recovery/RecoveryList"><node oor:name="recovery_item_1" oor:op="remove"/></item> After the crash the file has the first line only! If I copy the missing line from the backup to the current registrationmodifications.xcu (LO being closed of course), then I can start the wizards again. This point gave the idea to try to start LibreOffice with the option --norestore. Bingo! the wizards start. I do reproduce the crash if I change the icons set again, but next time I launch LO, I can start the wizard without crash. It is better than nothing :-) Best regards. JBF
I cannot reproduce this either. However, the difference of <item oor:path="/org.openoffice.Office.Recovery/RecoveryList"><node oor:name="recovery_item_1" oor:op="remove"/></item> in registrymodifications.xcu should hardly make a difference here. Whenever LO has a document open, it adds it to that RecoveryList. When the document is closed, it removes it from that list again. Due to how the configuration stuff works, removal from that list looks like a two-stage process. First, LO writes the item to registrymodifications.xcu as oor:op="remove"; then, in the next run of LO, it no longer writes the item at all. Anyway, the fix discussed in comment 5 looks like a reasonable one at least to me. No idea why only you would be able to get caught by it and nobody else can apparently reproduce. But by looking at svtools/source/control/roadmap.cxx, there is at least one other function (ORoadmap::GetFocus) that checks the return value of GetByID(GetCurrentRoadmapID()) before using it, so it looks reasonable to change ORoadmap::DataChanged accordingly, too. Jean-Baptiste, Arnaud: Did either of you already take care to get that fix integrated?
I'm on it, but I can only add the NULL check, not code to prevent NULL pointer.
Arnaud Versini committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=78fde59e65bf1fbf8290e60b8cbe4b34e3489b93 Resolving crash in wizards fdo#59931 by NULL checking The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Arnaud Versini committed a patch related to this issue. It has been pushed to "libreoffice-4-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=0dadaa4521629aab3e1c16413541efb9b62d095d&h=libreoffice-4-0 Resolving crash in wizards fdo#59931 by NULL checking It will be available in LibreOffice 4.0.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
requested backporting the fix to libreoffice-4-0-0 as <https://gerrit.libreoffice.org/#/c/1913/>
Arnaud Versini committed a patch related to this issue. It has been pushed to "libreoffice-4-0-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=b91a02c539b107231555e551bda340dcab105e88&h=libreoffice-4-0-0 Resolving crash in wizards fdo#59931 by NULL checking It will be available already in LibreOffice 4.0.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.