64235 – EDITING: Crash Writer when copy/paste

Bug 64235 - EDITING: Crash Writer when copy/paste

Summary: EDITING: Crash Writer when copy/paste

Status:	RESOLVED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Writer (show other bugs)
Version: (earliest affected)	4.0.2.2 release
Hardware:	Other Windows (All)

Importance:	medium normal
Assignee:	Caolán McNamara

URL:
Whiteboard:	BSA target:4.2.0 target:4.1.1
Keywords:

Depends on:
Blocks:

Reported:	2013-05-05 11:28 UTC by Mikael Jonasson
Modified:	2013-07-17 14:49 UTC (History)
CC List:	5 users (show)

See Also:	57147
Crash report or crash signature:

Attachments
WinDbg and Process Hacker verifying that Libre is crashed (313.70 KB, image/png) 2013-05-05 11:30 UTC, Mikael Jonasson	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mikael Jonasson 2013-05-05 11:28:34 UTC

Problem description: WinDbg gets triggered

Steps to reproduce:
1. Open a odt
2. Copy/paste some txt one or a few times.
3. Wait

Current behavior: Not always happening

Expected behavior: Let me copy and paste as much as I need without crashing

While trying to replicate I copied and paste some stuff in a document, then just closed it without saving. R6025 - pure virtual function call.

Some background info. I currently have Virtualbox running with "Host to Guest shared clipboard". But this bug happens on the Host. (not tried the Guest)
I have Panda Cloud Antivirus Pro installed.
Nothing else out of the ordinary.

I have saved a dmp file.
Operating System: Windows 8
Version: 4.0.2.2 release

Comment 1 Mikael Jonasson 2013-05-05 11:30:19 UTC

Created attachment 78875 [details]
WinDbg and Process Hacker verifying that Libre is crashed

Comment 2 Mikael Jonasson 2013-05-05 11:57:12 UTC

Dump file.

https://dl.dropboxusercontent.com/u/32908561/libre1.7z

Comment 3 Julien Nabet 2013-05-05 15:30:30 UTC

Did you install any LO specific extensions?
Could you rename your LO directory profile (see https://wiki.documentfoundation.org/UserProfile) and give it a new try?

Comment 4 Mikael Jonasson 2013-05-05 15:37:37 UTC

I have not added anything after a regular installation. But I'll rename it anyway and see if it can be replicated after that.

Comment 5 Mikael Jonasson 2013-05-05 15:54:00 UTC

Since I never have made any additions I removed all the Libre files in AppData\Roaming . I tried with both VirtualBox running and not running.

I replicated both the crash and the exit without saving error even after wiping my user profile. I have a dmp for that error now too if needed.

Comment 6 Julien Nabet 2013-05-05 16:00:50 UTC

Thank you for your feedback.
I tried to retrieve the first dump but it's quite long.

Perhaps you may retrieve some info by using this link: https://wiki.documentfoundation.org/BugReport#How_to_get_a_backtrace_on_Windows

Meanwhile, since I don't have more questions I put it back to Unconfirmed.

Comment 7 Mikael Jonasson 2013-05-05 16:27:46 UTC

Can this be more useful? Replicated with the dev build.

*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


FAULTING_IP: 
ntdll!RtlFreeHeap+3b
7701f44d 807e0705        cmp     byte ptr [esi+7],5

EXCEPTION_RECORD:  0e86eca4 -- (.exr 0xe86eca4)
ExceptionAddress: 76494b32 (KERNELBASE!RaiseException+0x0000006c)
   ExceptionCode: 000006f7
  ExceptionFlags: 00000001
NumberParameters: 0

FAULTING_THREAD:  00001b9c

PROCESS_NAME:  soffice.bin

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  000004ff

READ_ADDRESS:  000004ff 

FOLLOWUP_IP: 
ntdll!RtlFreeHeap+3b
7701f44d 807e0705        cmp     byte ptr [esi+7],5

NTGLOBALFLAG:  1

APPLICATION_VERIFIER_FLAGS:  0

APP:  soffice.bin

CONTEXT:  0e86ecf4 -- (.cxr 0xe86ecf4)
eax=0e86f158 ebx=80070216 ecx=00000000 edx=ffffffff esi=000006f7 edi=0e86f284
eip=76494b32 esp=0e86f158 ebp=0e86f1b0 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
KERNELBASE!RaiseException+0x6c:
76494b32 8b4c2454        mov     ecx,dword ptr [esp+54h] ss:002b:0e86f1ac=26c0e71e
Resetting default scope

ADDITIONAL_DEBUG_TEXT:  Enable Pageheap/AutoVerifer ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]

LAST_CONTROL_TRANSFER:  from 75ae89d4 to 76494b32

DEFAULT_BUCKET_ID:  HEAP_CORRUPTION

PRIMARY_PROBLEM_CLASS:  HEAP_CORRUPTION

BUGCHECK_STR:  APPLICATION_FAULT_HEAP_CORRUPTION_HEAP_CORRUPTION_NULL_CLASS_PTR_READ_STACK_POINTER_MISMATCH

STACK_TEXT:  
00000000 00000000 heap_corruption!heap_corruption+0x0


STACK_COMMAND:  .cxr 0E86ECF4 ; kb ; ** Pseudo Context ** ; kb

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  heap_corruption!heap_corruption

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: heap_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

FAILURE_BUCKET_ID:  HEAP_CORRUPTION_c0000005_heap_corruption!heap_corruption

BUCKET_ID:  APPLICATION_FAULT_HEAP_CORRUPTION_HEAP_CORRUPTION_NULL_CLASS_PTR_READ_STACK_POINTER_MISMATCH_heap_corruption!heap_corruption

IMAGE_NAME:  heap_corruption

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/soffice_bin/4_0_3_0/515b4d86/ntdll_dll/6_2_9200_16420/505aaa82/c0000005/0004f44d.htm?Retriage=1

Followup: MachineOwner
---------

Comment 8 Julien Nabet 2013-05-05 16:31:29 UTC

Mikael: I don't know if it can be useful.
Anyway, since you got a kind of trace, I put it NEW

Michael: I'm a bit stucked here, would you have some great idea? (hope debug info will arrive soon for Windows :-))

Comment 9 Mikael Jonasson 2013-05-05 16:43:52 UTC

Or maybe this one... Debugger attached to the process before opening the file

*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


FAULTING_IP: 
sysdtrans!CopyTargetDevice+4a [c:\lo\libo-4.0\dtrans\source\win32\misc\implhelper.cxx @ 261]
53899a4a 8b08            mov     ecx,dword ptr [eax]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 53899a4a (sysdtrans!CopyTargetDevice+0x0000004a)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 80000e00
Attempt to read from address 80000e00

FAULTING_THREAD:  00002898

PROCESS_NAME:  soffice.bin

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  80000e00

READ_ADDRESS:  80000e00 

FOLLOWUP_IP: 
sysdtrans!CopyTargetDevice+4a [c:\lo\libo-4.0\dtrans\source\win32\misc\implhelper.cxx @ 261]
53899a4a 8b08            mov     ecx,dword ptr [eax]

NTGLOBALFLAG:  1

APPLICATION_VERIFIER_FLAGS:  0

APP:  soffice.bin

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ_STACK_POINTER_MISMATCH

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ_STACK_POINTER_MISMATCH

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ_STACK_POINTER_MISMATCH

LAST_CONTROL_TRANSFER:  from 53899b11 to 53899a4a

STACK_TEXT:  
0fd9f1cc 53899b11 80000e00 5d804216 75f78b66 sysdtrans!CopyTargetDevice+0x4a
0fd9f204 5388fa42 153c5ba0 05657ac8 05657ac8 sysdtrans!CopyFormatEtc+0x71
0fd9f220 5388bcd6 0dc41224 153c5ba0 00000040 sysdtrans!CFormatEtcContainer::nextFormatEtc+0xf2
0fd9f238 76076a3e 0dc41218 00000040 153c5b00 sysdtrans!CEnumFormatEtc::Next+0x46
0fd9f254 75f7c390 0dc41218 00000040 153c5b00 combase!IEnumMoniker_Next_Stub+0x19
0fd9f270 75b7aa26 0fd9f28c 46712315 75f90aa0 combase!IEnumConnections_RemoteNext_Thunk+0x2b
0fd9f68c 7606b1cf 05c58868 05c18b48 153c075c RPCRT4!NdrStubCall2+0x2ee
0fd9f6d4 7606b0d5 05c58868 153c075c 05c18b48 combase!CStdStubBuffer_Invoke+0x96
0fd9f734 75f8030b 153c075c 05c35760 00e55f30 combase!SyncStubInvoke+0xd0
0fd9f864 7606b49c 05c18b48 153c075c 05c58868 combase!CCtxComChnl::ContextInvoke+0x213
0fd9f904 7606bba8 05c18b48 05c58868 0dc41218 combase!AppInvoke+0x1d4
0fd9fa3c 75f7c8c2 153c0700 153c0708 00000400 combase!ComInvokeWithLockAndIPID+0x5c1
0fd9fa90 75da77d8 005c0bac 00000400 0000babe combase!ThreadWndProc+0x2b5
0fd9fabc 75da78cb 75f7c60d 005c0bac 00000400 USER32!InternalCallWinProc+0x23
0fd9fb38 75da899d 75f7c60d 75f7c60d 00000000 USER32!UserCallWinProcCheckWow+0x100
0fd9fbac 75daef74 00000001 0fd9fbec 53887873 USER32!DispatchMessageWorker+0x3ef
0fd9fbb8 53887873 0fd9fbc8 0dbd5934 005c0bac USER32!DispatchMessageA+0xf
0fd9fbec 538878e4 0dbd5934 0fd9fc30 703ac556 sysdtrans!CMtaOleClipboard::run+0x93
0fd9fbf8 703ac556 0dbd5934 43861e74 00000000 sysdtrans!CMtaOleClipboard::oleThreadProc+0x44
0fd9fc30 703ac600 00000000 0fd9fc48 75bb8543 MSVCR100!_endthreadex+0x3f
0fd9fc3c 75bb8543 0dd77260 0fd9fc8c 7702ac69 MSVCR100!_endthreadex+0xce
0fd9fc48 7702ac69 0dd77260 44cc0291 00000000 KERNEL32!BaseThreadInitThunk+0xe
0fd9fc8c 7702ac3c 703ac59c 0dd77260 ffffffff ntdll!__RtlUserThreadStart+0x72
0fd9fca4 00000000 703ac59c 0dd77260 00000000 ntdll!_RtlUserThreadStart+0x1b


FAULTING_SOURCE_LINE:  c:\lo\libo-4.0\dtrans\source\win32\misc\implhelper.cxx

FAULTING_SOURCE_FILE:  c:\lo\libo-4.0\dtrans\source\win32\misc\implhelper.cxx

FAULTING_SOURCE_LINE_NUMBER:  261

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  sysdtrans!CopyTargetDevice+4a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: sysdtrans

IMAGE_NAME:  sysdtrans.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  515b48f9

STACK_COMMAND:  ~7s ; kb

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_STACK_POINTER_MISMATCH_c0000005_sysdtrans.dll!CopyTargetDevice

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_STACK_POINTER_MISMATCH_sysdtrans!CopyTargetDevice+4a

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/soffice_bin/4_0_3_0/515b4d86/sysdtrans_dll/4_0_3_0/515b48f9/c0000005/00019a4a.htm?Retriage=1

Followup: MachineOwner
---------

Comment 10 Julien Nabet 2013-05-05 17:34:03 UTC

In  dtrans/source/win32/misc/ImplHelper.cxx (see http://opengrok.libreoffice.org/xref/core/dtrans/source/win32/misc/ImplHelper.cxx#257)
Could this block gives problem:
    257         if ( NULL != ptdSrc )
    258         {
    259             ptdDest = static_cast< DVTARGETDEVICE* >( CoTaskMemAlloc( ptdSrc->tdSize ) );
    260             memcpy( ptdDest, ptdSrc, static_cast< size_t >( ptdSrc->tdSize ) );
    261         }
    262     }

Shouldn't the result of CoTaskMemAlloc be tested before trying to cast it? (see http://msdn.microsoft.com/en-us/library/windows/desktop/ms692727%28v=vs.85%29.aspx)

Comment 11 Mikael Jonasson 2013-05-05 17:38:02 UTC

I have some confusing info... I rebooted the computer. I opened ONLY Libre and started copying and pasting lots of text. Nothing happened.
I then opened File Explorer (just opening it, no change od directory or anything, and directly minimizing it). The problem is back!
Exit File Explorer, open Libre and try to replicate again. Nothing.
So something with File Explorer seams to cause the problem?

Comment 12 Mikael Jonasson 2013-05-05 17:41:45 UTC

I have some confusing info... I rebooted the computer. I opened ONLY Libre and started copying and pasting lots of text. Nothing happened.
I then opened File Explorer (just opening it, no change od directory or anything, and directly minimizing it). The problem is back!
Exit File Explorer, open Libre and try to replicate again. Nothing.
So something with File Explorer seams to cause the problem?

I've done this many times now, and it never crashes without File Explorer open

Comment 13 Julien Nabet 2013-05-05 18:28:44 UTC

Mikael: do you reproduce this on another machine?
Did you monitor memory consumption during these tests?

Comment 14 Mikael Jonasson 2013-05-05 18:40:14 UTC

I have a virtual Win8 machine that I can try on too...

soffice.bin = 48.43MB , soffice.exe = 1.05

Very minor changes when the crash have happened (exit and not saving crash).
A jump up to 58.36 on soffice.bin on the other type of crash (directly when copying pasting in Write).
When I attach the debugger I always get the copy/paste bug, not the crash on exist, thus I do not get any detailed info from the close-bug (nothing pointing to and part in Libre anyway)

I'll be back with results on the Virtual Win8 computer. Panda, Debugger, and that is it. Nothing else have existed on it yet.

Comment 15 Mikael Jonasson 2013-05-05 18:55:37 UTC

Same thing in the Virtual Win8 computer. Works without File Explorer open, but not when I have it open.

I also stopped the on-access scanner, behavior blocker...well basically everything of Panda, but that did not matter either.

Now on to virtual WinXP and Win7 and see if I can replicate there too.

Comment 16 Mikael Jonasson 2013-05-05 20:01:56 UTC

As far as I can see this only happens on Win8 (Pro, 64-bit in my case)

Comment 17 Julien Nabet 2013-05-05 20:35:36 UTC

It seems LO on Win8 has some problems according to this research:
https://bugs.freedesktop.org/buglist.cgi?query_format=specific&order=relevance%20desc&bug_status=__open__&product=LibreOffice&content=win%208&list_id=297845

I added a bug in "See also", which is similar but without the crash.

Comment 18 Mikael Jonasson 2013-05-05 21:31:37 UTC

I think the lack of crash is simply due to that the debugger is not installed or configured. Some issues becomes much more visible when having a debugger installed.

Comment 19 Mikael Jonasson 2013-05-09 08:49:45 UTC

Bug exists in the official 4.0.3 build

Comment 20 Mikael Jonasson 2013-06-15 08:10:04 UTC

A update...still 4.0.3 dev.

I paste and copy some without issue... I just open explorer and then this.


Microsoft (R) Windows Debugger Version 6.2.9200.20512 X86
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach
WARNING: Whitespace at start of path element
WARNING: Whitespace at end of path element
Symbol search path is: SRV*c:\lodev\symbols\*http://dev-builds.libreoffice.org/windows-debug/symbols; SRV*c:\Symbols\mssymbols\*http://msdl.microsoft.com/download/symbols 
Executable search path is: 
ModLoad: 00d50000 00df9000   C:\Program Files (x86)\LOdev 4.0\program\soffice.bin
ModLoad: 776f0000 77847000   C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 75db0000 75ee0000   C:\Windows\SYSTEM32\KERNEL32.DLL
ModLoad: 75890000 75936000   C:\Windows\SYSTEM32\KERNELBASE.dll
ModLoad: 74490000 74513000   C:\Program Files (x86)\LOdev 4.0\URE\bin\sal3.dll
ModLoad: 743f0000 7448a000   C:\Program Files (x86)\LOdev 4.0\program\sofficeapp.dll
ModLoad: 6da90000 6db4f000   C:\Windows\SYSTEM32\MSVCR100.dll
ModLoad: 743e0000 743e6000   C:\Program Files (x86)\LOdev 4.0\URE\bin\uwinapi.dll
ModLoad: 756f0000 7579e000   C:\Windows\SYSTEM32\ADVAPI32.dll
ModLoad: 74130000 74143000   C:\Windows\SYSTEM32\MPR.dll
ModLoad: 75b80000 75c99000   C:\Windows\SYSTEM32\ole32.dll
ModLoad: 76040000 77106000   C:\Windows\SYSTEM32\SHELL32.dll
ModLoad: 75ee0000 75ff6000   C:\Windows\SYSTEM32\USER32.dll
ModLoad: 77120000 77170000   C:\Windows\SYSTEM32\WS2_32.dll
ModLoad: 5ff60000 5ffc9000   C:\Windows\SYSTEM32\MSVCP100.dll
ModLoad: 74210000 743dd000   C:\Program Files (x86)\LOdev 4.0\program\comphelpMSC.dll
ModLoad: 741b0000 7420c000   C:\Program Files (x86)\LOdev 4.0\URE\bin\cppu3.dll
ModLoad: 6de60000 6df67000   C:\Program Files (x86)\LOdev 4.0\URE\bin\cppuhelper3MSC.dll
ModLoad: 74150000 741a1000   C:\Program Files (x86)\LOdev 4.0\program\deploymentmisclo.dll
ModLoad: 6e490000 6e4c4000   C:\Program Files (x86)\LOdev 4.0\program\i18nisolang1MSC.dll
ModLoad: 6e480000 6e48e000   C:\Program Files (x86)\LOdev 4.0\URE\bin\salhelper3MSC.dll
ModLoad: 6d560000 6da86000   C:\Program Files (x86)\LOdev 4.0\program\sfxlo.dll
ModLoad: 6d3e0000 6d556000   C:\Program Files (x86)\LOdev 4.0\program\svllo.dll
ModLoad: 6cc00000 6d03b000   C:\Program Files (x86)\LOdev 4.0\program\svtlo.dll
ModLoad: 6c8d0000 6cbfa000   C:\Program Files (x86)\LOdev 4.0\program\tklo.dll
ModLoad: 6e170000 6e24d000   C:\Program Files (x86)\LOdev 4.0\program\tllo.dll
ModLoad: 6bda0000 6bf21000   C:\Program Files (x86)\LOdev 4.0\program\utllo.dll
ModLoad: 6a6c0000 6ada2000   C:\Program Files (x86)\LOdev 4.0\program\vcllo.dll
ModLoad: 75980000 75a31000   C:\Windows\SYSTEM32\msvcrt.dll
ModLoad: 76000000 76034000   C:\Windows\SYSTEM32\sechost.dll
ModLoad: 757e0000 7588c000   C:\Windows\SYSTEM32\RPCRT4.dll
ModLoad: 74d40000 74e76000   C:\Windows\SYSTEM32\combase.dll
ModLoad: 773e0000 774dd000   C:\Windows\SYSTEM32\GDI32.dll
ModLoad: 75940000 75980000   C:\Windows\SYSTEM32\SHLWAPI.dll
ModLoad: 74e80000 74e88000   C:\Windows\SYSTEM32\NSI.dll
ModLoad: 6dc30000 6dccf000   C:\Program Files (x86)\LOdev 4.0\program\ucbhelper4MSC.dll
ModLoad: 6e450000 6e479000   C:\Program Files (x86)\LOdev 4.0\URE\bin\reg3.dll
ModLoad: 6e150000 6e168000   C:\Program Files (x86)\LOdev 4.0\URE\bin\xmlreader.dll
ModLoad: 6d330000 6d3dd000   C:\Program Files (x86)\LOdev 4.0\program\xmlscriptlo.dll
ModLoad: 6a5c0000 6a6b9000   C:\Program Files (x86)\LOdev 4.0\program\libxml2.dll
ModLoad: 6a4e0000 6a5b7000   C:\Program Files (x86)\LOdev 4.0\program\basegfxlo.dll
ModLoad: 6a360000 6a4d5000   C:\Program Files (x86)\LOdev 4.0\program\drawinglayerlo.dll
ModLoad: 6c810000 6c8c1000   C:\Program Files (x86)\LOdev 4.0\program\fwelo.dll
ModLoad: 6de30000 6de59000   C:\Program Files (x86)\LOdev 4.0\program\saxlo.dll
ModLoad: 6a180000 6a35e000   C:\Program Files (x86)\LOdev 4.0\program\sblo.dll
ModLoad: 6a100000 6a176000   C:\Program Files (x86)\LOdev 4.0\program\sotlo.dll
ModLoad: 6de10000 6de2b000   C:\Program Files (x86)\LOdev 4.0\program\i18nutilMSC.dll
ModLoad: 6dde0000 6de0c000   C:\Program Files (x86)\LOdev 4.0\URE\bin\jvmfwk3.dll
ModLoad: 6dd50000 6dd7b000   C:\Program Files (x86)\LOdev 4.0\program\nspr4.dll
ModLoad: 6a030000 6a0f7000   C:\Program Files (x86)\LOdev 4.0\program\nss3.dll
ModLoad: 6dd30000 6dd4c000   C:\Program Files (x86)\LOdev 4.0\program\smime3.dll
ModLoad: 69ee0000 6a021000   C:\Program Files (x86)\LOdev 4.0\program\icuuc49.dll
ModLoad: 6d2d0000 6d32c000   C:\Program Files (x86)\LOdev 4.0\program\LCMS2.DLL
ModLoad: 71ac0000 71c23000   C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_ba1cf6b7e09f1918\gdiplus.dll
ModLoad: 75050000 75070000   C:\Windows\SYSTEM32\IMM32.dll
ModLoad: 74920000 74926000   C:\Windows\SYSTEM32\MSIMG32.dll
ModLoad: 72370000 72384000   C:\Windows\SYSTEM32\USP10.dll
ModLoad: 74930000 74938000   C:\Windows\SYSTEM32\VERSION.dll
ModLoad: 74c00000 74c60000   C:\Windows\SYSTEM32\WINSPOOL.DRV
ModLoad: 74d20000 74d3c000   C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 6dc00000 6dc24000   C:\Program Files (x86)\LOdev 4.0\URE\bin\store3.dll
ModLoad: 73ef0000 73ef8000   C:\Windows\SYSTEM32\WSOCK32.dll
ModLoad: 6c020000 6c073000   C:\Program Files (x86)\LOdev 4.0\program\canvastoolslo.dll
ModLoad: 69e70000 69edc000   C:\Program Files (x86)\LOdev 4.0\program\cppcanvaslo.dll
ModLoad: 69e10000 69e68000   C:\Program Files (x86)\LOdev 4.0\program\fwilo.dll
ModLoad: 75a40000 75acb000   C:\Windows\SYSTEM32\OLEAUT32.dll
ModLoad: 746a0000 746c1000   C:\Windows\SYSTEM32\WINMM.dll
ModLoad: 6dbe0000 6dbfa000   C:\Program Files (x86)\LOdev 4.0\program\nssutil3.dll
ModLoad: 6ddd0000 6ddd7000   C:\Program Files (x86)\LOdev 4.0\program\plc4.dll
ModLoad: 6c7f0000 6c7f7000   C:\Program Files (x86)\LOdev 4.0\program\plds4.dll
ModLoad: 5e500000 5f622000   C:\Program Files (x86)\LOdev 4.0\program\icudt49.dll
ModLoad: 77530000 7760d000   C:\Windows\SYSTEM32\MSCTF.dll
ModLoad: 74d10000 74d19000   C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 74670000 7469a000   C:\Windows\SYSTEM32\WINMMBASE.dll
ModLoad: 74cb0000 74d01000   C:\Windows\SYSTEM32\bcryptPrimitives.dll
ModLoad: 745e0000 74668000   C:\Windows\SYSTEM32\uxtheme.dll
ModLoad: 74940000 749b5000   C:\Windows\SYSTEM32\shcore.dll
ModLoad: 10000000 10037000   C:\Windows\SYSTEM32\HsSrv.dll
ModLoad: 6db50000 6dbd4000   C:\Windows\SYSTEM32\DSOUND.dll
ModLoad: 6e250000 6e28f000   C:\Windows\SYSTEM32\POWRPROF.dll
ModLoad: 6e4d0000 6e542000   C:\Program Files (x86)\Stardock\ModernMix\MMix_32.dll
ModLoad: 6e590000 6e686000   C:\Program Files (x86)\Stardock\Object Desktop\WindowFX\wfx4.dll
ModLoad: 72170000 72189000   C:\Windows\SYSTEM32\dwmapi.dll
ModLoad: 745a0000 745b1000   C:\Windows\SYSTEM32\profapi.dll
ModLoad: 77110000 77116000   C:\Windows\SYSTEM32\PSAPI.DLL
ModLoad: 6c7d0000 6c7ea000   C:\Program Files (x86)\LOdev 4.0\URE\bin\msci_uno.dll
ModLoad: 69cf0000 69e0d000   C:\Program Files (x86)\LOdev 4.0\URE\bin\bootstrap.uno.dll
ModLoad: 69c00000 69ce9000   C:\Program Files (x86)\LOdev 4.0\program\configmgr.uno.dll
ModLoad: 6c010000 6c020000   C:\Program Files (x86)\LOdev 4.0\program\localebe1.uno.dll
ModLoad: 6bd80000 6bd91000   C:\Program Files (x86)\LOdev 4.0\program\spllo.dll
ModLoad: 69a50000 69bf4000   C:\Program Files (x86)\LOdev 4.0\program\i18npool.uno.dll
ModLoad: 66bd0000 66d71000   C:\Program Files (x86)\LOdev 4.0\program\icuin49.dll
ModLoad: 69970000 69a47000   C:\Program Files (x86)\LOdev 4.0\program\localedata_euro.dll
ModLoad: 69940000 69964000   C:\Program Files (x86)\LOdev 4.0\program\localedata_en.dll
ModLoad: 698d0000 6993d000   C:\Program Files (x86)\LOdev 4.0\program\ucb1.dll
ModLoad: 668c0000 66bcd000   C:\Program Files (x86)\LOdev 4.0\program\fwklo.dll
ModLoad: 66840000 668be000   C:\Program Files (x86)\LOdev 4.0\program\ucpfile1.dll
ModLoad: 667b0000 66833000   C:\Program Files (x86)\LOdev 4.0\program\ucpchelp1.dll
ModLoad: 66560000 667a1000   C:\Program Files (x86)\LOdev 4.0\program\clucene.dll
ModLoad: 66530000 6655d000   C:\Program Files (x86)\LOdev 4.0\program\libxslt.dll
ModLoad: 664d0000 66529000   C:\Program Files (x86)\LOdev 4.0\program\helplinkerlo.dll
ModLoad: 664b0000 664cb000   C:\Program Files (x86)\LOdev 4.0\program\fileacc.dll
ModLoad: 75070000 7521f000   C:\Windows\SYSTEM32\SETUPAPI.dll
ModLoad: 75ad0000 75b16000   C:\Windows\SYSTEM32\CFGMGR32.dll
ModLoad: 757c0000 757de000   C:\Windows\SYSTEM32\DEVOBJ.dll
ModLoad: 75ca0000 75d14000   C:\Windows\SYSTEM32\clbcatq.dll
ModLoad: 716c0000 717d9000   C:\Windows\system32\propsys.dll
ModLoad: 647e0000 64bc7000   C:\Program Files (x86)\LOdev 4.0\program\svxlo.dll
ModLoad: 654c0000 65775000   C:\Program Files (x86)\LOdev 4.0\program\editenglo.dll
ModLoad: 5dc00000 5e4ff000   C:\Program Files (x86)\LOdev 4.0\program\svxcorelo.dll
ModLoad: 5d680000 5dbfd000   C:\Program Files (x86)\LOdev 4.0\program\xolo.dll
ModLoad: 65c70000 65d43000   C:\Program Files (x86)\LOdev 4.0\program\lnglo.dll
ModLoad: 66460000 664a1000   C:\Program Files (x86)\LOdev 4.0\program\avmedialo.dll
ModLoad: 65c00000 65c67000   C:\Program Files (x86)\LOdev 4.0\program\filterconfiglo.dll
ModLoad: 64650000 646f3000   C:\Program Files (x86)\LOdev 4.0\program\package2.dll
ModLoad: 66420000 66459000   C:\Program Files (x86)\LOdev 4.0\program\dnd.dll
ModLoad: 74710000 7472a000   C:\Windows\SYSTEM32\CRYPTSP.dll
ModLoad: 746d0000 7470e000   C:\Windows\system32\rsaenh.dll
ModLoad: 65ba0000 65bf7000   C:\Program Files (x86)\LOdev 4.0\program\spelllo.dll
ModLoad: 698c0000 698cc000   C:\Program Files (x86)\LOdev 4.0\program\pythonloader.uno.dll
ModLoad: 64600000 64646000   C:\Program Files (x86)\LOdev 4.0\program\pyuno.pyd
ModLoad: 1e000000 1e290000   C:\Program Files (x86)\LOdev 4.0\program\python33.dll
ModLoad: 65b70000 65b96000   C:\Program Files (x86)\LOdev 4.0\URE\bin\invocation.uno.dll
ModLoad: 65990000 659bd000   C:\Program Files (x86)\LOdev 4.0\URE\bin\stocservices.uno.dll
ModLoad: 65480000 654be000   C:\Program Files (x86)\LOdev 4.0\URE\bin\introspection.uno.dll
ModLoad: 645c0000 645f5000   C:\Program Files (x86)\LOdev 4.0\URE\bin\reflection.uno.dll
ModLoad: 66400000 66419000   C:\Program Files (x86)\LOdev 4.0\URE\bin\invocadapt.uno.dll
ModLoad: 645a0000 645b5000   C:\Program Files (x86)\LOdev 4.0\program\python3.dll
ModLoad: 08310000 0831e000   C:\Program Files (x86)\LOdev 4.0\program\python-core-3.3.0\lib\_socket.pyd
ModLoad: 631d0000 631fe000   C:\Program Files (x86)\LOdev 4.0\program\hyphenlo.dll
ModLoad: 631a0000 631ce000   C:\Program Files (x86)\LOdev 4.0\program\lnthlo.dll
ModLoad: 60b20000 60c2c000   C:\Program Files (x86)\LOdev 4.0\program\deployment.dll
ModLoad: 63160000 63192000   C:\Program Files (x86)\LOdev 4.0\program\fsstorage.uno.dll
ModLoad: 62ec0000 62f0b000   C:\Program Files (x86)\LOdev 4.0\program\expwrap.uno.dll
ModLoad: 62e60000 62ebb000   C:\Program Files (x86)\LOdev 4.0\program\updchk.dll
ModLoad: 62e10000 62e51000   C:\Program Files (x86)\LOdev 4.0\program\libcurl.dll
ModLoad: 74e90000 75048000   C:\Windows\SYSTEM32\WININET.dll
ModLoad: 77380000 773d6000   C:\Windows\SYSTEM32\WLDAP32.dll
ModLoad: 72ac0000 72b42000   C:\Windows\SYSTEM32\WINHTTP.dll
ModLoad: 77170000 77368000   C:\Windows\SYSTEM32\iertutil.dll
ModLoad: 60a90000 60b13000   C:\Program Files (x86)\LOdev 4.0\program\oleautobridge.uno.dll
ModLoad: 60d70000 60dbb000   C:\Program Files (x86)\LOdev 4.0\program\emserlo.dll
(1034.11fc): Break instruction exception - code 80000003 (first chance)
eax=7fba9000 ebx=00000000 ecx=00000000 edx=7778dbeb esi=00000000 edi=00000000
eip=7771f9fc esp=0808f7e4 ebp=0808f810 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!DbgBreakPoint:
7771f9fc cc              int     3
0:011> g
ModLoad: 5d010000 5d07b000   C:\Program Files (x86)\LOdev 4.0\program\uuilo.dll
ModLoad: 5c020000 5d00b000   C:\Program Files (x86)\LOdev 4.0\program\swlo.dll
ModLoad: 61d90000 61daa000   C:\Program Files (x86)\LOdev 4.0\program\swdlo.dll
ModLoad: 5bfe0000 5c015000   C:\Program Files (x86)\LOdev 4.0\program\sysdtrans.dll
ModLoad: 5bf40000 5bfe0000   C:\Program Files (x86)\LOdev 4.0\program\xstor.dll
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
ModLoad: 609d0000 609e4000   C:\Program Files (x86)\LOdev 4.0\program\protocolhandlerlo.dll
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
ModLoad: 5bea0000 5bf3d000   C:\Program Files (x86)\LOdev 4.0\program\unoxmllo.dll
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
ModLoad: 65980000 6598e000   C:\Program Files (x86)\LOdev 4.0\program\ucpexpand1.uno.dll
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
ModLoad: 73dd0000 73df6000   C:\Windows\SysWOW64\ntmarta.dll
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
ModLoad: 5fb40000 5fb58000   C:\Program Files (x86)\LOdev 4.0\program\ftransl.dll
ModLoad: 5be80000 5be94000   C:\Program Files (x86)\LOdev 4.0\program\mcnttype.dll
(1034.e74): C++ EH exception - code e06d7363 (first chance)
ModLoad: 06620000 0662e000   C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
ModLoad: 5be50000 5be71000   C:\Program Files (x86)\LOdev 4.0\program\updatefeed.uno.dll
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
ModLoad: 5bd60000 5bd77000   C:\Program Files (x86)\LOdev 4.0\program\dtrans.dll
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.e74): C++ EH exception - code e06d7363 (first chance)
(1034.914): C++ EH exception - code e06d7363 (first chance)
(1034.914): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=80000d0a ebx=00000000 ecx=80000d0a edx=0e0ca698 esi=0808f430 edi=74d48b66
eip=5bff9a4a esp=0808f140 ebp=0808f16c iopl=0         nv up ei ng nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
sysdtrans!CopyTargetDevice+0x4a:
5bff9a4a 8b08            mov     ecx,dword ptr [eax]  ds:002b:80000d0a=????????
0:011> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


FAULTING_IP: 
sysdtrans!CopyTargetDevice+4a [c:\lo\libo-4.0\dtrans\source\win32\misc\implhelper.cxx @ 261]
5bff9a4a 8b08            mov     ecx,dword ptr [eax]

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 5bff9a4a (sysdtrans!CopyTargetDevice+0x0000004a)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 80000d0a
Attempt to read from address 80000d0a

FAULTING_THREAD:  00000914

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ

PROCESS_NAME:  soffice.bin

OVERLAPPED_MODULE: Address regions for 'i18npool_uno' and 'faultrep.dll' overlap

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  80000d0a

READ_ADDRESS:  80000d0a 

FOLLOWUP_IP: 
sysdtrans!CopyTargetDevice+4a [c:\lo\libo-4.0\dtrans\source\win32\misc\implhelper.cxx @ 261]
5bff9a4a 8b08            mov     ecx,dword ptr [eax]

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

APP:  soffice.bin

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ

LAST_CONTROL_TRANSFER:  from 5bff9b11 to 5bff9a4a

STACK_TEXT:  
0808f16c 5bff9b11 80000d0a b48ab126 74d48b66 sysdtrans!CopyTargetDevice+0x4a
0808f1a4 5bfefa42 084bf7b0 0e0ca698 0e0ca698 sysdtrans!CopyFormatEtc+0x71
0808f1c0 5bfebcd6 0e253aa4 084bf7b0 00000040 sysdtrans!CFormatEtcContainer::nextFormatEtc+0xf2
0808f1d8 74e46a3e 0e253a98 00000040 084bf710 sysdtrans!CEnumFormatEtc::Next+0x46
0808f1f4 74d4c390 0e253a98 00000040 084bf710 combase!IEnumMoniker_Next_Stub+0x19
0808f210 7587aa26 0808f22c c02f5184 74d60aa0 combase!IEnumConnections_RemoteNext_Thunk+0x2b
0808f62c 74e3b1cf 084d3b78 01b71ab8 084bf4fc RPCRT4!NdrStubCall2+0x2ee
0808f674 74e3b0d5 084d3b78 084bf4fc 01b71ab8 combase!CStdStubBuffer_Invoke+0x96
0808f6d4 74d5030b 084bf4fc 084bdc90 01b76878 combase!SyncStubInvoke+0xd0
0808f804 74e3b49c 01b71ab8 084bf4fc 084d3b78 combase!CCtxComChnl::ContextInvoke+0x213
0808f8a4 74e3bba8 01b71ab8 084d3b78 0e253a98 combase!AppInvoke+0x1d4
0808f9d4 74d4c8c2 084bf4a0 084bf4a8 00000400 combase!ComInvokeWithLockAndIPID+0x5c1
0808fa2c 75ee77d8 0018035a 00000400 0000babe combase!ThreadWndProc+0x2b5
0808fa58 75ee78cb 74d4c60d 0018035a 00000400 USER32!InternalCallWinProc+0x23
0808fad4 75ee899d 74d4c60d 74d4c60d 00000000 USER32!UserCallWinProcCheckWow+0x100
0808fb48 75eeef74 00000001 0808fb88 5bfe7873 USER32!DispatchMessageWorker+0x3ef
0808fb54 5bfe7873 0808fb64 0e1a3274 0018035a USER32!DispatchMessageA+0xf
0808fb88 5bfe78e4 0e1a3274 0808fbcc 6daec556 sysdtrans!CMtaOleClipboard::run+0x93
0808fb94 6daec556 0e1a3274 d8660a62 00000000 sysdtrans!CMtaOleClipboard::oleThreadProc+0x44
0808fbcc 6daec600 00000000 0808fbe4 75dd850d MSVCR100!_endthreadex+0x3f
0808fbd8 75dd850d 0dedfb78 0808fc28 7774bf39 MSVCR100!_endthreadex+0xce
0808fbe4 7774bf39 0dedfb78 c2aae953 00000000 KERNEL32!BaseThreadInitThunk+0xe
0808fc28 7774bf0c 6daec59c 0dedfb78 ffffffff ntdll!__RtlUserThreadStart+0x72
0808fc40 00000000 6daec59c 0dedfb78 00000000 ntdll!_RtlUserThreadStart+0x1b


FAULTING_SOURCE_LINE:  c:\lo\libo-4.0\dtrans\source\win32\misc\implhelper.cxx

FAULTING_SOURCE_FILE:  c:\lo\libo-4.0\dtrans\source\win32\misc\implhelper.cxx

FAULTING_SOURCE_LINE_NUMBER:  261

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  sysdtrans!CopyTargetDevice+4a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: sysdtrans

IMAGE_NAME:  sysdtrans.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  515b48f9

STACK_COMMAND:  ~11s ; kb

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_sysdtrans.dll!CopyTargetDevice

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_sysdtrans!CopyTargetDevice+4a

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/soffice_bin/4_0_3_0/515b4d86/sysdtrans_dll/4_0_3_0/515b48f9/c0000005/00019a4a.htm?Retriage=1

Followup: MachineOwner
---------

Comment 21 Mikael Jonasson 2013-06-15 08:29:26 UTC

https://www.youtube.com/watch?v=hQm_JVdOpx4 , just a simple crash on the first try

Comment 22 Mikael Jonasson 2013-06-15 08:46:45 UTC

Same thing in the 4.1 b2

Comment 23 Michael Meeks 2013-06-19 10:05:53 UTC

Looks nasty ! we really need a backtrace from this one from a build with debugging symbols. Failing that running the app under DrWatson [ but again only useful with debugging symbols ] would be good.

Fridrich - what is the state of the debugging symbol server ?

Comment 24 Mikael Jonasson 2013-06-19 10:54:35 UTC

Well, I got the info that it is 

FAULTING_SOURCE_LINE:  c:\lo\libo-4.0\dtrans\source\win32\misc\implhelper.cxx

FAULTING_SOURCE_FILE:  c:\lo\libo-4.0\dtrans\source\win32\misc\implhelper.cxx

FAULTING_SOURCE_LINE_NUMBER:  261

And I have set up the debugger with the debug version from here http://dev-builds.libreoffice.org/windows-debug/msi/

SRV*c:\lodev\symbols\*http://dev-builds.libreoffice.org/windows-debug/symbols; SRV*c:\Symbols\mssymbols\*http://msdl.microsoft.com/download/symbols 

What more steps do I need to do besides using !analyze -v ?

Comment 25 Julien Nabet 2013-06-26 18:40:29 UTC

Mikael: what amount of RAM do you have?
Could you check memory consumption during the tests?

Michael: according to Mikael trace, it seems here:
    258         if ( NULL != ptdSrc )
    259         {
    260             ptdDest = static_cast< DVTARGETDEVICE* >( CoTaskMemAlloc( ptdSrc->tdSize ) );
    261             memcpy( ptdDest, ptdSrc, static_cast< size_t >( ptdSrc->tdSize ) );
    262         }

of course we could add a test on ptdDest before memcpy but why CoTaskMemAlloc could return NULL.
BTW, I tried to find some other uses of CoTaskMemAlloc
http://opengrok.libreoffice.org/search?q=CoTaskMemAlloc&project=core&defs=&refs=&path=&hist=
it seems we may have the same problem here:
http://opengrok.libreoffice.org/xref/core/shell/source/win32/shlxthandler/thumbviewer/thumbviewer.cxx#241

Comment 26 Mikael Jonasson 2013-06-27 03:26:58 UTC

I have 16GB and that should be enough I think ;-) 

I have mentioned memory consumption earlier and it did not seem to change a lot. Only minor changes.

Comment 27 Petr Mladek 2013-07-17 07:47:37 UTC

Tomas suggested on irc that this bug should get fixed by http://cgit.freedesktop.org/libreoffice/core/commit/?h=aoo/trunk&id=a609daa146c5588c6a35c2c145e9573c625ec123

Comment 28 Caolán McNamara 2013-07-17 08:14:35 UTC

a patch related to this issue has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/log/?id=199ddc1e5da21a7b012d6a75258b13182b600dd6

check iterator in each iteration of CFormatEtcContainer::nextFormatEtc()'s loop

Comment 29 Jan Holesovsky 2013-07-17 08:50:12 UTC

Cherry-picked to libreoffice-4-1 too:

http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-1&id=8201fd59b41700947e4a550208251b2537617358

Comment 30 Michael Meeks 2013-07-17 09:09:13 UTC

and to 4.1.0 - it should be there - thanks so much for the report Mikael, Julien et. al. :-)

Comment 31 Mikael Jonasson 2013-07-17 13:24:11 UTC

I'm glad that my report ended up in a fix. The first build with this will be 4.1 RC3 or Release?
I guess patching and stuff it not made as easy in Windows as in Linux? I have no build environment installed or anything on Windows. Just a debugger.

Comment 32 Petr Mladek 2013-07-17 14:49:19 UTC

The fix will be in the in the 4.1.0.3, aka rc3 build. We have added it as a hotfix before the build was finished.