Bug 59931 - Crash when starting wizard if icons set has been changed
Summary: Crash when starting wizard if icons set has been changed
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
4.0.0.2 rc
Hardware: x86-64 (AMD64) Linux (All)
: high critical
Assignee: Arnaud Versini
URL:
Whiteboard: target:4.1.0 target:4.0.0
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-27 13:55 UTC by Jean-Baptiste Faure
Modified: 2013-11-13 19:21 UTC (History)
4 users (show)

See Also:
Crash report or crash signature:


Attachments
crash report of JVM (143.60 KB, text/plain)
2013-01-27 14:22 UTC, Jean-Baptiste Faure
Details
valgrind log (11.99 KB, application/zip)
2013-01-27 15:29 UTC, Jean-Baptiste Faure
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jean-Baptiste Faure 2013-01-27 13:55:14 UTC
Step to reproduce:
- launch LibreOffice 4.0.0.2 with a clean user profile
- menu File > Wizards > Letter (or Fax or Agenda)
==> works as expected:  the wizard starts
- menu Tools > Options > LibreOffice > View -> change the icon set to Galaxy
- validate
- Menu File > Wizards > Letter (or Fax or Agenda)
==> Crash!

In the cases of wizards Letter and Fax, LibreOffice close without notice
In the case of Agenda, and if LibreOffice has been launched in a terminal, you get an error report for the Java Virtual Machine. It says something like:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007fbfbb926c00, pid=18565, tid=140461517117248
#
# JRE version: 7.0_09-b30
# Java VM: OpenJDK 64-Bit Server VM (23.2-b09 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# C  [libsvtlo.so+0x218c00]  svt::RoadmapItem::ToggleBackgroundColor(Color const&)+0x60
#

Same crash with Java 1.6.
Same crash with Version 4.0.1.0+ (Build ID: c4820200312e3d50a12d3605147772759938bcf)

Best regards. JBF
Comment 1 Jean-Baptiste Faure 2013-01-27 14:22:01 UTC
Created attachment 73733 [details]
crash report of JVM

exemple of a crash report generated by the JVM when LO crashes on Agenda wizard
Comment 2 Jean-Baptiste Faure 2013-01-27 14:43:40 UTC
If I launch LibreOffice 4.0.0.2 in gdb, I get the following error message:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4b84c00 in svt::RoadmapItem::ToggleBackgroundColor(Color const&) ()
   from /opt/libreoffice4.0/program/libsvtlo.so

Idem for LO 4.0.1.0+

Best regards. JBF
Comment 3 Jean-Baptiste Faure 2013-01-27 15:10:44 UTC
I recompiled svtools module with debug enabled. This time I got the following error message in gdb:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4a33934 in svt::RoadmapItem::ToggleBackgroundColor (this=0x0, 
    _rGBColor=rgb(240, 119, 70))
    at /home/jbf/LibO/master/svtools/source/control/roadmap.cxx:826
826	            mpID->SetControlBackground( mpID->GetSettings().GetStyleSettings().GetHighlightColor() );

Best regards. JBF
Comment 4 Jean-Baptiste Faure 2013-01-27 15:29:45 UTC
Created attachment 73736 [details]
valgrind log

Valgrind log for crash with LO 4.0.1.0+
Comment 5 Jean-Baptiste Faure 2013-01-27 15:56:19 UTC
As suggested by Arnaud Versini on irc if I add a test before
http://opengrok.libreoffice.org/xref/core/svtools/source/control/roadmap.cxx#703
to check if the pointer pLabelItem is not null, like that:

 if (pLabelItem) pLabelItem->ToggleBackgroundColor(rStyleSettings.GetHighlightColor());

Then I do not have the crash anymore.

Best regards. JBF
Comment 6 Jean-Baptiste Faure 2013-01-27 16:42:16 UTC
I re-installed RC1 (LO 4.0.0.1) -> same crash with the RC1 but only on wizard Agenda because python wizards (letter and fax) did not work in rc1.

Best regards. JBF
Comment 7 Jorendc 2013-01-27 17:17:23 UTC
Can't reproduce this using Linux Mint 14 x64 LibreOffice 4.0.0.2 rc2.

Either can't reproduce using Mac OSX 10.8.2 LibreOffice 4.0.0.2 rc2 but I didn't use 'Letter' because no window pops up.
Comment 8 Joel Madero 2013-01-27 22:59:21 UTC
No crash for me on Bodhi Linux
Comment 9 Jean-Baptiste Faure 2013-01-28 08:09:36 UTC
Well, just tried on another machine with Ubuntu 10.04 x86. There, LibreOffice 4.0.0.2 (rc2) does not crash.
Comment 10 Jean-Baptiste Faure 2013-01-28 08:35:37 UTC
To be more clear on the steps to reproduce, what I do is exactly the following, starting with a clean profile, whatever the profile is new or not:
1/ start LibreOffice
2/ menu File > Wizards > Letter (or Fax, or Agenda)
==> the wizard Letter starts as expected
3/ click on Cancel button in the wizard
4/ menu Tools > Options > LibreOffice > View -> change the icons set
5/ click the OK button
6/ menu File > Wizards > Letter
==> LibreOffice close without notice and in the terminal I see that LO encountered a segmentation fault (see previous comments)
7/ restart LibreOffice
8/ menu File > Wizards > Letter
==> crash again. Now it is impossible to start the wizards Letter, Fax, Agenda and Web page.

Investigating more, I found that I can restore the wizard functionality if I remove registrationmodifications.xcu in my LO profile.
So starting from a clean profile, I did a backup of this file and did a diff with the modified file after the crash. There is a difference in the recovery infos:
The backup file has 2 lines:
<item oor:path="/org.openoffice.Office.Recovery/RecoveryInfo"><prop oor:name="SessionData" oor:op="fuse"><value>false</value></prop></item>
<item oor:path="/org.openoffice.Office.Recovery/RecoveryList"><node oor:name="recovery_item_1" oor:op="remove"/></item>

After the crash the file has the first line only!

If I copy the missing line from the backup to the current registrationmodifications.xcu (LO being closed of course), then I can start the wizards again.

This point gave the idea to try to start LibreOffice with the option --norestore. Bingo! the wizards start. I do reproduce the crash if I change the icons set again, but next time I launch LO, I can start the wizard without crash. It is better than nothing :-)

Best regards. JBF
Comment 11 Stephan Bergmann 2013-01-28 12:45:06 UTC
I cannot reproduce this either.  However, the difference of

<item oor:path="/org.openoffice.Office.Recovery/RecoveryList"><node oor:name="recovery_item_1" oor:op="remove"/></item>

in registrymodifications.xcu should hardly make a difference here.  Whenever LO has a document open, it adds it to that RecoveryList.  When the document is closed, it removes it from that list again.  Due to how the configuration stuff works, removal from that list looks like a two-stage process.  First, LO writes the item to registrymodifications.xcu as oor:op="remove"; then, in the next run of LO, it no longer writes the item at all.

Anyway, the fix discussed in comment 5 looks like a reasonable one at least to me.  No idea why only you would be able to get caught by it and nobody else can apparently reproduce.  But by looking at svtools/source/control/roadmap.cxx, there is at least one other function (ORoadmap::GetFocus) that checks the return value of GetByID(GetCurrentRoadmapID()) before using it, so it looks reasonable to change ORoadmap::DataChanged accordingly, too.

Jean-Baptiste, Arnaud:  Did either of you already take care to get that fix integrated?
Comment 12 Arnaud Versini 2013-01-28 19:02:23 UTC
I'm on it, but I can only add the NULL check, not code to prevent NULL pointer.
Comment 13 Not Assigned 2013-01-29 07:58:54 UTC
Arnaud Versini committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=78fde59e65bf1fbf8290e60b8cbe4b34e3489b93

Resolving crash in wizards fdo#59931 by NULL checking



The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 14 Not Assigned 2013-01-29 08:05:06 UTC
Arnaud Versini committed a patch related to this issue.
It has been pushed to "libreoffice-4-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=0dadaa4521629aab3e1c16413541efb9b62d095d&h=libreoffice-4-0

Resolving crash in wizards fdo#59931 by NULL checking


It will be available in LibreOffice 4.0.1.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.
Comment 15 Stephan Bergmann 2013-01-29 08:05:55 UTC
requested backporting the fix to libreoffice-4-0-0 as <https://gerrit.libreoffice.org/#/c/1913/>
Comment 16 Not Assigned 2013-01-29 09:20:03 UTC
Arnaud Versini committed a patch related to this issue.
It has been pushed to "libreoffice-4-0-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=b91a02c539b107231555e551bda340dcab105e88&h=libreoffice-4-0-0

Resolving crash in wizards fdo#59931 by NULL checking


It will be available already in LibreOffice 4.0.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds
Affected users are encouraged to test the fix and report feedback.