Created attachment 76586 [details] ODP presentation with 2 OLE objects embedded (PDF files) When I click on the miniature (on the Slide Pane) of the second or third slides of the attached presentation, Impress always crashes (under Windows XP Pro x86 SP3). The crash occurs on any version of LO (I have tested it under LO 3.3.4.1, 3.4.5.2, 3.5.5.3, 3.6.5.2 and 4.0.1.2) Opening the same file in OOo does not crash and allows to remove the OLE objects that cause the crash. This file is a part of a presentation by Aaron C. Johnson. See more details here http://nabble.documentfoundation.org/Intro-to-LibreOffice-Presentations-td4043445.html
Comment on attachment 76586 [details] ODP presentation with 2 OLE objects embedded (PDF files) mimetype fixed
On pc Debian x86-64 with master sources updated today, I don't reproduce this. On slide 2 and 3, I've got a small icon indicating it contains an OLE object. On Win7 with 4.0.1.2 (French localization), I have same behaviour as Debian. Pedro: could you rename your LO directory profile and give it a new try? (https://wiki.documentfoundation.org/UserProfile)
@Julien, that "solution" does not apply. As you can see in my original post, I tested under 4 different versions of LibreOffice. Only version 4.0.1.2 is installed. All previous versions are Portable (and that is why I don't have the final version in each branch). So, they don't share the same LO directory profile. In any case version 3 and 4 builds don't share the same profile directory.
Pedro: you're right, sorry. Rainer: would you have some time for this one (after Base fdo#62478 of course:-)) ?
No crash with "LibreOffice 3.6.5.2 " German UI/ German Locale [Build-ID: 5b93205] {pull date 2013-01-18} on German WIN7 Home Premium (64bit), 3.5.7.2, 3.4.5 and several other Versions I tested. I always opened reporter's sample document from LibO Start center File Dialog and clicked 15s around in the Slides pane, ran the presentation, again clicked 15s around in the Slides pane This is a document created with an experimental AOOo 4.0 Version (OpenOffice/4.0.0$Win32 OpenOffice.org_project/400m1$Build-9700), I do not get the PDF objects shown with any version of LibO or OOo ("General OLE Error"). Objects seem to be damaged, replacements both have 0 bytes. Of course, LibO should not crash. But I do not have any idea how to make the crash reproducible.
Rainer, the bug is NOT related to AOO 4. I created the short ODP with just 4 slides in AOO because it was the only version that did NOT crash when editing. The original presentation, mentioned in the linked topic you obviously did not read is http://www.jordanschool.com/wp-content/uploads/LO-Presentation.zip The presentation was created with LibreOffice 3.5 (I just checked the meta.xml)
(In reply to comment #6) Of course I read that. Most of us know how to download a document from an URL, there is no need to create suspect sample documents. So it would be interesting to know why you created it. May I remind you that your task is to create an instruction how we can reproduce your problem? So please create a clear step by step instruction how to reproduce the bug and tell characteristics of the bug. You deleted the hint that only a particular (yes, yes, and results of edits of that document) is affected. Do you really see that with more or less all .odp documents with embedded PDF OLE objects or is the problem only reproducible with "Jordan-LibreOffice-Presentation-11-28-2012.odp" and edits of it?
(In reply to comment #7) > So it would be interesting to know why you created it. To make a smaller working document which still replicated the problem. I didn't leave just one of the crashing slides because opening it sent LO on a loop. > May I remind you that your task is to create an instruction how we can > reproduce your problem? So please create a clear step by step instruction > how to reproduce the bug and tell characteristics of the bug. 1) Open LO Start Center and open the file or simply double click on the file in your favorite file manager 2) Start presentation and move to second slide or simply click on the second slide in the Slide pane 3) LO crashes > You deleted > the hint that only a particular (yes, yes, and results of edits of that > document) is affected. Do you really see that with more or less all .odp > documents with embedded PDF OLE objects or is the problem only reproducible > with "Jordan-LibreOffice-Presentation-11-28-2012.odp" and edits of it? This only happens with the original "Jordan presentation" and with my shorter version of it. You are indeed correct that the cause is that there are no contents in the ObjectReplacements folder and that "Object 1","Object 2", etc. folders don't even exist How this happened would be interesting to determine (it is a much more worrying bug...) But the main point here is that LO immediately crashes while AOO doesn't. This means that LO is not resistant to this type of errors.
I additionally tried the original presentation and reporter's reduced sample with LibO 3.4.x on a WIN XP (32bit) machine, no crash. I think this one currently has not a bigger severity, it's a crash on a single computer with a single damaged document (but it's not clear whether that OLE object problem is related to the crashes). Of course I would prefer to find and eliminate the vulnerability, but I'm afraid that would cause very expensive efforts.
Checked with: LO 4.0.2.2 Build ID: own W7 debug build Windows 7 Professional SP1 64 bit Could not reproduce. If it still crashes on your system, then try to get a backtrace following this article: http://wiki.documentfoundation.org/How_to_get_a_backtrace_with_WinDbg
not reproducible on LO 4.0.4.1 (Win7 Home Premium 32bit)
Still occurs with LO 4.0.3.3 (and 4.1 Beta) under Windows XP in TWO separate machines.
Pedro: just for the test, could you remove your portable version and install the "normal" 4.0.3 version ? (+ rename your LO directory profile (see https://wiki.documentfoundation.org/UserProfile)) Also: - what's your Java version? 1.6, 1.7, 32 or 64bits? - do you use any LO specific extensions?
(In reply to comment #13) > Pedro: just for the test, could you remove your portable version and install > the "normal" 4.0.3 version ? I am using the installed version of both 4.0.3.3 and 4.1Beta > (+ rename your LO directory profile (see > https://wiki.documentfoundation.org/UserProfile)) I know ;) Did that and still crashes. > Also: > - what's your Java version? 1.6, 1.7, 32 or 64bits? I have two Java 32 bits 1.6.0_45 and 1.7.0_21 Selecting either one or disabling Java use has no effect. It always crashes. > - do you use any LO specific extensions? No. Just the default (included in the installer)
Pedro: so you confirm you don't use portable version?
(In reply to comment #15) > Pedro: so you confirm you don't use portable version? Yes, I confirm I'm not using the portable version. I'm using the *installed* versions.
Pedro: ok then, i put it back to Unconfirmed
no crash on test .odp file using LibO 4.0.4 under Win7 64bit. @Pedro do you still see this crash with recent 4.0.5 or 4.1.0 final releases?
Emm..I saw many specific problems with XP machines.. Pedro, perhaps you could try booting in safe mode & try to reproduce the problem? Or create new user in XP & try login from the newly created user to reproduce the problem.
Hi Tommy > @Pedro > do you still see this crash with recent 4.0.5 or 4.1.0 final releases? I tested with 4.1.1.2 and it still crashes.
(In reply to comment #19) > Pedro, perhaps you could try booting in safe mode & try to reproduce the > problem? Or create new user in XP & try login from the newly created user to > reproduce the problem. I did create a new user in XP (although I don't understand how that is better than just deleting or renaming the LO user folder) and the crash still occurs.
Pedro: if you have some time, it could be interesting you retrieve crash information (see https://wiki.documentfoundation.org/QA/BugReport/Debug_Information#Windows:_How_to_get_a_backtrace)
Created attachment 93616 [details] Text file containing Windbg output from crash
As suggested by Christian Lohmaier on this topic http://nabble.documentfoundation.org/Backtracing-in-Windows-XP-tp4096030p4096756.html This is the information in Firefox about the PDF Xchange Viewer plugin PDF-XChange Viewer File: npPDFXCviewNPPlugin.dll Path: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll Version: 2.5.213.1 State: Enabled PDF-XChange Viewer Netscape Gecko Plugin MIME Type Description Suffixes application/pdf Portable Document Format pdf
This crasher still occurs with LO 4.3.0.1 under Windows XP Pro x86 SP3 (but not under Windows 7 Pro x64) Since it seems to be a Windows XP specific bug my hope that it will be fixed is very little. However I did post some findings that maybe are relevant http://nabble.documentfoundation.org/Backtracing-in-Windows-XP-tt4096030.html#a4096921
Put it at NEW since there's a bt. Stephan: Noticing the commit http://cgit.freedesktop.org/libreoffice/core/commit/?id=93f5d5a9190e0e03bf4822663652a4b068c44f75 which fixes pointers problem in several files, including extensions/source/plugin/base/xplugin.cxx + vcl/source/helper/threadex.cxx (both appear in the bt), I thought you might be interested to take a look to pointer casts in http://opengrok.libreoffice.org/xref/core/extensions/source/plugin/win/sysplug.cxx#311
(In reply to comment #26) > Stephan: Noticing the commit > http://cgit.freedesktop.org/libreoffice/core/commit/ > ?id=93f5d5a9190e0e03bf4822663652a4b068c44f75 which fixes pointers problem in > several files, including extensions/source/plugin/base/xplugin.cxx + > vcl/source/helper/threadex.cxx (both appear in the bt), I thought you might > be interested to take a look to pointer casts in > http://opengrok.libreoffice.org/xref/core/extensions/source/plugin/win/ > sysplug.cxx#311 Those casts in PluginComm_Impl::NPP_New look OK. They are used to tunnel the args from there to PluginComm_Impl::doIt's case eNPP_New, where they would be cast back accordingly. The top four frames of attachment 93616 [details] (allegedly: vcl::SolarThreadExecutor::impl_execute -> rtl::OString::OString -> rtl_uString2String -> NP_Shutdown) are unfortunately dubious enough to keep it unclear what's going wrong here.
** Please read this message in its entirety before responding ** To make sure we're focusing on the bugs that affect our users today, LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed bugs which have not been touched for over a year. There have been thousands of bug fixes and commits since anyone checked on this bug report. During that time, it's possible that the bug has been fixed, or the details of the problem have changed. We'd really appreciate your help in getting confirmation that the bug is still present. If you have time, please do the following: Test to see if the bug is still present on a currently supported version of LibreOffice (5.0.0.5 or later) https://www.libreoffice.org/download/ If the bug is present, please leave a comment that includes the version of LibreOffice and your operating system, and any changes you see in the bug behavior If the bug is NOT present, please set the bug's Status field to RESOLVED-WORKSFORME and leave a short comment that includes your version of LibreOffice and Operating System Please DO NOT Update the version field Reply via email (please reply directly on the bug tracker) Set the bug's Status field to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case) If you want to do more to help you can test to see if your issue is a REGRESSION. To do so: 1. Download and install oldest version of LibreOffice (usually 3.3 unless your bug pertains to a feature added after 3.3) http://downloadarchive.documentfoundation.org/libreoffice/old/ 2. Test your bug 3. Leave a comment with your results. 4a. If the bug was present with 3.3 - set version to "inherited from OOo"; 4b. If the bug was not present in 3.3 - add "regression" to keyword Feel free to come ask questions or to say hello in our QA chat: http://webchat.freenode.net/?channels=libreoffice-qa Thank you for your help! -- The LibreOffice QA Team This NEW Message was generated on: 2015-09-03
Crash still occurs under Windows XP x86 running version 5.0.2.1
Changed the version to "Inherited from OOo" Tested with LibreOfficePortable 3.3.0 and it crashed too. My point is that it does NOT crash current releases of AOO (at least since 4.0.1) so it has been fixed since then.
The only way to advance here would be to retrieve a backtrace: https://wiki.documentfoundation.org/QA/BugReport/Debug_Information#Windows:_How_to_get_a_backtrace
Dumb me! Even if it's now a bit old, there was a bt attached! Pedro: if you have some time, it could be interesting you give a try to last non portable stable LO version 5.0.3 (with a brand new profile).
(In reply to Julien Nabet from comment #32) > Pedro: if you have some time, it could be interesting you give a try to last > non portable stable LO version 5.0.3 (with a brand new profile). Immediate crash with brand new (installed) Versão: 5.1.0.0.beta2 ID da versão: 53054959a12edc6510f51b94ddc9b73d27aedaf6 Threads 2; Ver: Windows 5.1; Render: default; No crash with AOO412m3(Build:9782) - Rev. 1709696 2015-10-21 09:53:29 (Mi, 21 Okt 2015)
(In reply to Pedro from comment #33) > (In reply to Julien Nabet from comment #32) > > Pedro: if you have some time, it could be interesting you give a try to last > > non portable stable LO version 5.0.3 (with a brand new profile). > > Immediate crash with brand new (installed) > Versão: 5.1.0.0.beta2 > ID da versão: 53054959a12edc6510f51b94ddc9b73d27aedaf6 > Threads 2; Ver: Windows 5.1; Render: default; > > No crash with > AOO412m3(Build:9782) - Rev. 1709696 > 2015-10-21 09:53:29 (Mi, 21 Okt 2015) Thank you for your new feedback. Taking a look at your old bt, I don't understand where OString comes from? 00e3f6a4 02ca5cd8 104c3098 097238d0 0000000f pllo!rtl::OString::OString+0x45 [c:\cygwin\home\buildslave\source\libo-core\include\rtl\string.hxx @ 229] 00e3f6c0 175d5891 00000000 00e3f734 175f2fa5 vcllo!vcl::SolarThreadExecutor::impl_execute+0x38 [c:\cygwin\home\buildslave\source\libo-core\vcl\source\helper\threadex.cxx @ 56] Indeed, http://opengrok.libreoffice.org/xref/core/vcl/source/helper/threadex.cxx#49 shows no OString (or I just miss it!). Would you mind providing a new bt? Perhaps there's a crash but for another reason now.
Created attachment 121099 [details] New backtrace of crash using version LibreOffice 5.0.4.1 New backtrace this time from version 5.0.4.1 It is obvious that the problem is between LibreOffice and the Mozilla plugin used to open PDFs. I use the freeware PDF-XChange Viewer from Tracker Software (instead of the almost mandatory Adobe Reader) I don't expect developers to worry about this particular program. The point here is that it is causing a crash while in Apache OpenOffice there is no crash at all.
Thank you Pedro for the bt. Stephan: 1) considering last commits about NPAPI (see http://cgit.freedesktop.org/libreoffice/core/log/?qt=grep&q=npapi), I wonder if the problem could be due to remnants regkeys on reporter's machine. In this case, I thought about raw method: - uninstall LO - remove any remnant LO directory (profile or in Program Files) - launch a free registry cleaner (eg: ccleaner or other) - install again LO Would it be sufficient or could the fact that ApacheOOo is also installed on this machine interfere? 2) To avoid a crash, I thought about adding a try-catch but I don't know at which level/function in the stack, what to put in the catch and return in this case, ... Any thoughts?
Stephan Bergmann committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=00daa67d745ae84ed15d3f210001193c6e950144 tdf#62381: Stop using NPAPI plugin when NP_Initialize fails It will be available in 5.2.0. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Stephan Bergmann committed a patch related to this issue. It has been pushed to "libreoffice-5-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=5da95d887ce8f0de9d19a886ebad733be02ae5a5&h=libreoffice-5-1 tdf#62381: Stop using NPAPI plugin when NP_Initialize fails It will be available in 5.1.0.1. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
* This issue is about NPAPI plug-in objects, not OLE objects (adapted summary accordingly). * The attachment 76586 [details] is not self-contained. It references <../Jordan%20-%20LibreOffice%20-%20Standard%20Toolbar.pdf> and <../Jordan%20-%20LibreOffice%20-%20Formatting%20Toolbar.pdf> from Jordan-LibreOffice-Presentation-11-28-2012-crasher.odp's content.xml (i.e., you need correspondingly named .pdf files next to the .odp to reproduce). (The mentioned original at <http://www.jordanschool.com/wp-content/uploads/LO-Presentation.zip> appears to be no longer available.) * On Windows, with the PDF-XChange Viewer (File: npPDFXCviewNPPluign.dll, Version: 2.5.315.0) installed in Firebird, I can reproduce a crash with a local 32-bit LO master build. The reason is that calling the plugin's NP_Initialize fails with an error return (i.e., LO would not be able to use the plugin to display the content anyway), but LO keeps on calling into the plugin afterwards. This has been fixed now (backport request to libreoffice-5-0 towards LO 5.0.5 pending at <https://gerrit.libreoffice.org/#/c/20474/>).
(In reply to Stephan Bergmann from comment #39) > * On Windows, with the PDF-XChange Viewer (File: npPDFXCviewNPPluign.dll, > Version: 2.5.315.0) installed in Firebird, [...] That should read "Firefox" instead of "Firebird," of course.
(In reply to Stephan Bergmann from comment #39) > This has been fixed now (backport request to > libreoffice-5-0 towards LO 5.0.5 pending at > <https://gerrit.libreoffice.org/#/c/20474/>). Thank you Stephan for fixing this bug! I hope it does get backported to 5.0.5! Thanks!
Stephan Bergmann committed a patch related to this issue. It has been pushed to "libreoffice-5-0": http://cgit.freedesktop.org/libreoffice/core/commit/?id=448fec81bf45e0e74be887d139519a3c403c625e&h=libreoffice-5-0 tdf#62381: Stop using NPAPI plugin when NP_Initialize fails It will be available in 5.0.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.